Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by Gebruiker on wo 21-01-2015 at 12:02:09.16. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Users\Gebruiker\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-01-184310.log 6558 bytes ==== Empty Folders Check ====================== C:\Users\Gebruiker\AppData\Local\CutePDF Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\XTab\ProtectService.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe D:\Users\Gebruiker\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\XTab deleted C:\ProgramData\WindowsMangerProtect deleted C:\ProgramData\IHProtectUpDate deleted C:\Users\Gebruiker\AppData\Roaming\sweet-page deleted C:\Users\Gebruiker\AppData\Roaming\appdataFr2.bin deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4096 MB CPU Info: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz CPU Speed: 2948.1 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 8400 GS | NVIDIA GeForce 8400 GS | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (E: | F: | ) E: Optiarc DVD RW AD-5240S | F: Optiarc DVD RW AD-5240S Ports: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 224.5GB | D: 241.1GB Hard Disks - Free: C: 142.1GB | D: 202.0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/18/09 | 7519MS - 20090818 Time Zone: Romance (standaardtijd) Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD P45-C51 (MS-7519) Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 39.0.2171.99 Internet Explorer Version: 10.0.9200.17183 Mozilla Firefox version: 35.0 (x86 nl) Google Chrome version: 39.0.2171.99 Adobe Reader version: 11.0.10.32 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-12-28 11:58:23 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-01-14 11:16:38 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 11:16:38 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll 2015-01-14 11:16:08 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 11:16:00 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 11:15:59 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-14 11:16:42 5B9954AE9FD4682DADD5EBC0301366B0 52736 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-01-14 11:16:41 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-14 11:16:38 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2015-01-14 11:16:16 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-01-14 11:15:59 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-01-14 11:15:59 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-01-14 11:15:59 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-01-13 21:43:31 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\Sysnative\aswBoot.exe ====== C:\Windows\Sysnative\drivers ===== 2015-01-14 11:16:33 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2015-01-13 21:43:35 EAFC6970073525E98D4D0E2B56741227 28184 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys 2015-01-13 21:43:10 8025E7521EB601207627E8B4722ACE19 449936 ----a-w- C:\Windows\Sysnative\drivers\aswNdisFlt.sys 2014-12-30 10:55:08 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys 2014-12-28 11:58:35 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys 2014-12-28 11:58:34 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys 2014-12-28 11:58:32 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys 2014-12-28 11:58:32 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys 2014-12-28 11:58:31 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys 2014-12-28 11:58:31 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys 2014-12-28 11:58:30 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys 2014-12-28 11:58:29 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\Sysnative\drivers\aswsnx.sys ====== C:\Windows\Tasks ====== 2014-12-30 10:54:20 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple 2014-12-28 11:58:40 3932E282269AC8BB274EB59BBB65E0F2 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update 2014-12-25 23:01:35 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-07 13:37:51 -------- d-----w- C:\Program Files\File Association Helper 2014-12-30 10:54:46 -------- d-----w- C:\Program Files\iPod 2014-12-30 10:54:45 -------- d-----w- C:\Program Files\iTunes 2014-12-30 10:53:52 -------- d-----w- C:\Program Files\Common Files\Apple 2014-12-30 10:53:45 -------- d-----w- C:\Program Files\Bonjour ======= C:\PROGRA~2 ===== 2015-01-08 13:38:16 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-12-30 10:54:45 -------- d-----w- C:\PROGRA~2\iTunes 2014-12-30 10:54:18 -------- d-----w- C:\PROGRA~2\Apple Software Update 2014-12-30 10:53:45 -------- d-----w- C:\PROGRA~2\Bonjour 2014-12-30 10:53:37 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple ======= C: ===== 2014-12-28 11:53:35 820201C1A8834BA16F660C363C27B485 816 ----a-w- C:\DelFix.txt ====== C:\Users\Gebruiker\AppData\Roaming ====== 2015-01-08 13:38:24 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Mozilla 2015-01-08 13:38:24 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Mozilla 2015-01-07 13:38:22 -------- d-----w- C:\Users\Gebruiker\AppData\Local\WinZip 2015-01-01 18:32:23 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-01 18:32:23 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-01 18:32:23 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2015-01-01 18:32:23 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-01 18:32:23 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-01 18:32:22 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Temp 2014-12-30 10:55:20 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Apple Computer 2014-12-30 10:55:19 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2014-12-30 10:54:19 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Apple 2014-12-30 10:54:16 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer 2014-12-24 11:07:15 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Dropbox ====== C:\Users\Gebruiker ====== 2015-01-08 13:38:17 -------- d-----w- C:\ProgramData\Mozilla 2015-01-07 13:38:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2015-01-01 18:50:29 -------- d-----w- C:\ProgramData\Lavasoft 2014-12-30 10:55:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-12-30 10:54:45 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-12-30 10:54:45 -------- d-----w- C:\ProgramData\Apple Computer 2014-12-30 10:53:37 -------- d-----w- C:\ProgramData\Apple ====== C: exe-files == 2015-01-15 11:20:10 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FLMTRUSTMOUSE"="C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe" ==== Startup Folders ====================== 2014-03-10 12:15:54 1966 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-01-2015 12:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-03-2014 13:32] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-03-2014 13:32] C:\Windows\tasks\HP Photo Creations Messager.job --a------ C:\ProgramData\HP Photo Creations\MessageCheck.exe [15-02-2011 11:11] C:\Windows\tasks\WpsNotifyTask_Gebruiker.job --a------ [Undetermined Task] C:\Windows\tasks\WpsUpdateTask_Gebruiker.job --a------ C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [06-08-2014 09:57] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Gebruiker-PC-Gebruiker" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Messager" [C:\ProgramData\HP Photo Creations\MessageCheck.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3050A J611 series" ["C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A1FB8921-779B-4911-B1A1-D6976E0949A5}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\WpsNotifyTask_Gebruiker" [C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe] "C:\Windows\SysNative\tasks\WpsUpdateTask_Gebruiker" [C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [13-01-2015 22:43] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\dldse21a.default D2B5242013356AF422A42B9FAA4056C2 - C:\Users\Gebruiker\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin FD63DE29FE0A7E738BD81CA0EDDD8020 - C:\Users\Gebruiker\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28-12-2014 12:58] Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.sweet-page.com/?type=hp&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W&q={searchTerms}" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W" "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.sweet-page.com/?type=hp&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W&q={searchTerms}" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W" "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1420637943&from=cor&uid=ST3500418AS_9VM6M81WXXXX9VM6M81W&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1243184377-1695436347-1374857548-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1243184377-1695436347-1374857548-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Gebruiker\AppData\Local\Mozilla\Firefox\Profiles\dldse21a.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=172 folders=68 7939509 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 21-01-2015 at 12:35:51.42 ======================