Zoek.exe v5.0.0.0 Updated 09-January-2015 Tool run by Starcom1 on zo 11/01/2015 at 11:49:08,72. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Starcom1\AppData\Local\Temp\Rar$EXa0.917\zoek.exe.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-08-141502.log 167416 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\taskeng.exe C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe C:\Windows\system32\taskhost.exe C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Program Files\QNAP\Qfinder\iSCSIAgent.exe C:\Program Files\QNAP\NetBak\Enclosure.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\QNAP\NetBak\NetBak.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Starcom1\AppData\Local\Temp\Rar$EXa0.917\zoek.exe.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ConvertAd"=- "Application Restart #5"=- "Application Restart #4"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Starcom1\AppData\Local\ConvertAd not found C:\Users\Starcom1\AppData\Local\Pokki not found C:\Program Files\Stab not found C:\ProgramData\WindowsMangerProtect not found C:\Program Files\AnyProtectEx not found C:\ProgramData\IHProtectUpDate not found C:\Program Files\shopperz not found C:\Program Files\LuckyTab not found "C:\Windows\tasks\APSnotifierPP1.job" not found "C:\Windows\tasks\APSnotifierPP2.job" not found "C:\Windows\tasks\APSnotifierPP3.job" not found C:\sh4ldr deleted C:\Users\Starcom1\AppData\Roaming\MAGIX deleted C:\PROGRA~2\MAGIX deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Common.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe" deleted "C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20150109_130256.log" not deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP" deleted "C:\Program Files\Enigma Software Group" not deleted "C:\Program Files\Enigma Software Group\SpyHunter" not deleted "C:\Program Files\Enigma Software Group\SpyHunter\Log" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 3539 MB CPU Info: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz CPU Speed: 3386,5 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | M2262D-1 (NVIDIA High Definitio | Display Adapters: NVIDIA GeForce GT 640 | NVIDIA GeForce GT 640 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | LogMeIn Mirror Driver Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 2x (D: | E: | ) D: EZBSYS ISO CDVD DRIVE | E: hp DVD A DH16ACSHR Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 931,4GB | L: 298,0GB Hard Disks - Free: C: 742,3GB | L: 283,4GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | 12/22/11 | HPQOEM - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: PEGATRON CORPORATION 2AD5 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: ESET NOD32 Antivirus 5.2 On-access scanning disabled (Outdated) Anti-Spyware: ESET NOD32 Antivirus 5.2 disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 39.0.2171.95 Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 34.0.5 (x86 nl) Google Chrome version: 39.0.2171.95 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 11.6.602.108 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Starcom1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-12-30 14:58:43 2A05C72B05CE849544A758ACC643A790 268004 ---ha-w- C:\Windows\System32\mlfcache.dat ====== C:\Windows\system32\drivers ===== 2014-12-15 14:47:40 1F3D35ED9104B2AB5BDF12CA8AD4551C 10911040 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2014-12-15 14:34:47 BE6832BA702EBC3527D7BC7A37DAB052 33096 ----a-w- C:\Windows\System32\drivers\nvvad32v.sys 2014-12-14 09:23:38 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_TeeDriver_01011.Wdf ====== C:\Windows\Tasks ====== 2014-12-30 17:39:19 -------- d-----w- C:\Windows\system32\Tasks\Safer-Networking 2014-12-30 16:39:06 470884464634070BD166267551A1A876 3344 ----a-w- C:\Windows\system32\Tasks\SpyHunter4Startup 2014-12-16 15:03:39 0543BF18FCEA4353B2D48A370D0A6105 3168 ----a-w- C:\Windows\system32\Tasks\{AB08C37A-4AEB-44CA-9C6C-F9C28827B572} 2014-12-16 14:51:17 1FDCF127065E033FB3E39370021F90D6 3146 ----a-w- C:\Windows\system32\Tasks\{4E9B830A-49E7-4A75-9812-70E699CF2021} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-09 12:08:23 -------- d-----w- C:\Program Files\MAGIX 2015-01-07 11:11:24 -------- d-----w- C:\Program Files\trend micro 2014-12-30 16:39:02 -------- d-----w- C:\Program Files\Enigma Software Group 2014-12-30 16:38:20 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2014-12-30 14:11:59 -------- d-----w- C:\Program Files\Passware 2014-12-30 13:54:08 -------- d-----w- C:\Program Files\NetViewer 2.0 2014-12-14 09:23:48 -------- d-----w- C:\Program Files\Common Files\PostureAgent 2014-12-14 09:23:32 -------- d-----w- C:\Program Files\Intel ======= C: ===== 2014-12-17 15:06:08 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS 2014-12-17 15:06:08 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS ====== C:\Users\Starcom1\AppData\Roaming ====== 2015-01-08 14:13:17 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-08 14:13:17 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-08 14:13:17 -------- d-----w- C:\Users\Starcom1\AppData\Local\Temp 2015-01-08 14:13:17 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-08 14:13:17 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-12-30 17:41:01 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Programs 2014-12-30 16:39:03 -------- d-----w- C:\Users\Starcom1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-12-30 13:54:11 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Starcom1\AppData\Roaming\RSDevID.fig 2014-12-30 13:54:11 BCDACDDA451739285DC0F3E9ADC73252 20 ----a-w- C:\Users\Starcom1\AppData\Roaming\RSIpAndPort.fig 2014-12-30 13:54:08 -------- d-----w- C:\Users\Starcom1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetViewer 2.0 2014-12-28 07:41:29 DF6BF0F70032E306C5C2586BE284B5D7 132 ----a-w- C:\Users\Starcom1\AppData\Roaming\Adobe CS5-voorkeuren voor PNG-indeling ====== C:\Users\Starcom1 ====== 2015-01-09 12:26:09 -------- d-----w- C:\Users\Public\Documents\MAGIX 2015-01-09 12:26:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2015-01-07 11:10:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Starcom1\Downloads\RSIT.exe 2015-01-07 11:10:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Starcom1\Downloads\RSIT (1).exe 2015-01-03 10:04:44 E713142712B31512F78B6877EC962391 783400 ----a-w- C:\Users\Starcom1\Downloads\yet_another_cleaner_ava.exe 2014-12-30 14:19:32 -------- d-----w- C:\Users\Starcom1\www.starcom1.eu 2014-12-30 14:11:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware 2014-12-30 13:54:11 2CDED967C30CFF1833AE50760BB36C3A 281 ----a-w- C:\ProgramData\RSUserCfg.ini 2014-12-16 07:09:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-12-14 09:23:39 -------- d-----w- C:\Windows\system32\config\systemprofile\Intel 2014-12-14 09:23:39 -------- d-----w- C:\ProgramData\Intel 2014-12-14 09:23:14 -------- d-----w- C:\Users\Starcom1\Intel ====== C: exe-files == 2015-01-10 15:07:09 58689D86E2D8CEDB2F786DD5A76DF2FB 432376 ----a-w- C:\Users\Starcom1\AppData\Local\NVIDIA\NvBackend\Packages\00006b06\CoProc update.19212142.exe 2015-01-07 11:11:24 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Starcom1.exe 2015-01-07 11:10:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Starcom1\Downloads\RSIT.exe 2015-01-07 11:10:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Starcom1\Downloads\RSIT (1).exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-186408431-812368755-1050484228-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #5"="C:\Users\Starcom1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Starcom1\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session" "Application Restart #4"="C:\Users\Starcom1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Starcom1\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #5"="C:\Users\Starcom1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Starcom1\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session" "Application Restart #4"="C:\Users\Starcom1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Starcom1\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud] "command"="\"C:\\Program Files\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true" "hkey"="HKLM" "item"="Adobe Creative Cloud" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" "hkey"="HKLM" "item"="AdobeAAMUpdater-1.0" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" "hkey"="HKLM" "item"="AdobeCS6ServiceManager" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "hkey"="HKLM" "item"="APSDaemon" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CDAServer] "command"="C:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe" "hkey"="HKLM" "item"="CDAServer" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend] "command"="\"C:\\Program Files\\NVIDIA Corporation\\Update Core\\NvBackend.exe\"" "hkey"="HKLM" "item"="NvBackend" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Qsync] "command"="\"C:\\Program Files\\QNAP\\Qsync\\Qsync.exe\" /launch_qsync" "hkey"="HKLM" "item"="Qsync" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay] "command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap.dll,ShadowPlayOnSystemStart" "hkey"="HKLM" "item"="ShadowPlay" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" "hkey"="HKLM" "item"="SwitchBoard" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2013-01-09 18:40:26 289 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD 2013-01-09 18:40:26 289 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD 2013-12-26 14:59:55 289 ----a-w- C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/11/2013 15:00] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/11/2013 15:00] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Starcom1-PC-Starcom1" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\iSCSIAgentAutoStartup" ["C:\Program Files\QNAP\Qfinder\iSCSIAgent.exe"] "C:\Windows\system32\tasks\NetBakAutoStartup" ["C:\Program Files\QNAP\NetBak\Enclosure.exe"] "C:\Windows\system32\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Starcom1\AppData\Roaming\Mozilla\Firefox\Profiles\xnju54dw.default-1419962495715 E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25 238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18 343BA8F3ABC8CE69700F37DB4A82300F - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll - Silverlight Plug-In D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update 5D2A80BA01A494E9924A466F39C4DAE7 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 39D82BF49A279BF746A7F6A55BCEF99F - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 847C1A6B649D406FDB721E1BCE4E1E38 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6 B239D122D14692FC5EFBA7121C770F61 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6 0900BBAB5745ECEC21C5E8254F05B7B0 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6 17D7FEB824594E6446059EB3987D1AA9 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6 59492511D7A8BC90A2F6023218E80F9C - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6 BE40D3882DCDC3E4BD8B284B8D5F4FDB - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In 030992BCBD13BE4D1889A7B8C522B558 - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll - AdobeAAMDetect 54740489C66AFC8B78CF9A2893A5DA63 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 9CD7CD8FD07718851DD8081CDF8CA3E7 - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll - AdobeExManDetect 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 209F58DECE7A511BB81A7A172F4346E8 - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla CF28AD14811DB6B2D92D49EC3E26610C - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_108.dll - Shockwave Flash C24ABF1ACE4E395B413971F5476208D1 - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll - AdobeAAMDetect AB3546B509E4B89096078EB2081C39C7 - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) Google Slides - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap iCloud Bookmarks - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah Google Wallet - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Instagram for Chrome - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb Gmail - Starcom1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {1AACC6E1-C8B2-4651-96A0-755DE3B1042B} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\RunOnce: [Application Restart #5] C:\Users\Starcom1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Starcom1\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Starcom1\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Starcom1\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe ==== Empty IE Cache ====================== C:\Users\Starcom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Starcom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Starcom1\AppData\Local\Mozilla\Firefox\Profiles\xnju54dw.default-1419962495715\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Starcom1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=20720 folders=769 6635814648 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully C:\Users\Starcom1\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Starcom1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20150109_130256.log" not found "C:\Program Files\Enigma Software Group" not found ==== EOF on zo 11/01/2015 at 12:10:32,58 ======================