Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by lukas on za 24-01-2015 at 21:16:39,33. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\lukas\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 24-1-2015 21:20:34 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\DailyDiscounts deleted successfully C:\Program Files\stinger deleted successfully C:\PROGRA~3\Adobe deleted successfully C:\PROGRA~3\ALM deleted successfully C:\Users\lukas\AppData\Roaming\Systweak deleted successfully C:\Users\lukas\AppData\Local\CrashDumps deleted successfully C:\Users\lukas\AppData\Local\softthinks deleted successfully C:\Users\lukas\AppData\Local\TSVNCache deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1884246182-1594293654-3750478002-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} deleted successfully HKEY_USERS\S-1-5-21-1884246182-1594293654-3750478002-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8E49BB15-DD63-4C31-8C54-25CE7774B2D1} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\t4qgrd95.default ---- Lines astrmndasr removed from prefs.js ---- user_pref("extensions.astrmndasr.AL", 2); user_pref("extensions.astrmndasr.aflt", "ast_frg01_14_38_ch"); user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}"); user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1St user_pref("extensions.astrmndasr.cr", "404776787"); user_pref("extensions.astrmndasr.data.1475e97c0146bfb1c490339546d9e72ee", "1"); user_pref("extensions.astrmndasr.data.851d81cdad83573282e611040475985c", "1"); user_pref("extensions.astrmndasr.data._dy", "20141116"); user_pref("extensions.astrmndasr.data.b1.aliveDate", "20141227"); user_pref("extensions.astrmndasr.data.b2.aliveDate", "20141227"); user_pref("extensions.astrmndasr.data.cc", "nl"); user_pref("extensions.astrmndasr.data.ccfc1eb13092ea34473c169417eefd00", "1"); user_pref("extensions.astrmndasr.dfltLng", ""); user_pref("extensions.astrmndasr.dfltSrch", true); user_pref("extensions.astrmndasr.dnsErr", true); user_pref("extensions.astrmndasr.excTlbr", false); user_pref("extensions.astrmndasr.general.guid", "19f7d28f-784d-4a6f-a625-a2081a6683aa"); user_pref("extensions.astrmndasr.hmpg", true); user_pref("extensions.astrmndasr.hmpgUrl", "http://astromenda.com/?f=1&a=ast_frg01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tz user_pref("extensions.astrmndasr.id", "ECF4BB75F4A3F44B"); user_pref("extensions.astrmndasr.instlDay", "16328"); user_pref("extensions.astrmndasr.instlRef", "142905_b"); user_pref("extensions.astrmndasr.newTabUrl", "http://astromenda.com/?f=2&a=ast_frg01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0 user_pref("extensions.astrmndasr.prdct", "astrmndasr"); user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda"); user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda"); user_pref("extensions.astrmndasr.tlbrId", ""); user_pref("extensions.astrmndasr.tlbrSrchUrl", "http://astromenda.com/?f=3&a=ast_frg01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0 user_pref("extensions.astrmndasr.vrsn", ""); user_pref("extensions.astrmndasr.vrsni", ""); user_pref("extensions.astrmndasr_i.newTab", true); user_pref("extensions.astrmndasr_i.smplGrp", "none"); user_pref("extensions.astrmndasr_i.vrsnTs", "14:10:23"); ---- Lines astrmndasr removed from user.js ---- user_pref("extensions.astrmndasr.hmpg", true); user_pref("extensions.astrmndasr.hmpgUrl", "http://astromenda.com/?f=1&a=ast_frg01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzy0BtAtBtB0DzytGzz0Azz0FtGzyyB0E0CtG0C0BzzzytGyD0ByBtCyCtBzzyBtBzzzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtCtDyBtCyCyCtDtG0A0Bzy0CtGyEzy0AtAtG0BtD0A0CtGyByD0A0EyEtBtDzytCyB0CtB2Q&cr=404776787&ir="); user_pref("extensions.astrmndasr.dfltSrch", true); user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda"); user_pref("extensions.astrmndasr.dnsErr", true); user_pref("extensions.astrmndasr_i.newTab", true); user_pref("extensions.astrmndasr.newTabUrl", "http://astromenda.com/?f=2&a=ast_frg01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzy0BtAtBtB0DzytGzz0Azz0FtGzyyB0E0CtG0C0BzzzytGyD0ByBtCyCtBzzyBtBzzzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtCtDyBtCyCyCtDtG0A0Bzy0CtGyEzy0AtAtG0BtD0A0CtGyByD0A0EyEtBtDzytCyB0CtB2Q&cr=404776787&ir="); user_pref("extensions.astrmndasr.tlbrSrchUrl", "http://astromenda.com/?f=3&a=ast_frg01_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzy0BtAtBtB0DzytGzz0Azz0FtGzyyB0E0CtG0C0BzzzytGyD0ByBtCyCtBzzyBtBzzzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtCtDyBtCyCyCtDtG0A0Bzy0CtGyEzy0AtAtG0BtD0A0CtGyByD0A0EyEtBtDzytCyB0CtB2Q&cr=404776787&ir=&q="); user_pref("extensions.astrmndasr.id", "ECF4BB75F4A3F44B"); user_pref("extensions.astrmndasr.instlDay", "16328"); user_pref("extensions.astrmndasr.vrsn", ""); user_pref("extensions.astrmndasr.vrsni", ""); user_pref("extensions.astrmndasr_i.vrsnTs", "14:10:23"); user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda"); user_pref("extensions.astrmndasr.prdct", "astrmndasr"); user_pref("extensions.astrmndasr.aflt", "ast_frg01_14_38_ch"); user_pref("extensions.astrmndasr_i.smplGrp", "none"); user_pref("extensions.astrmndasr.tlbrId", ""); user_pref("extensions.astrmndasr.instlRef", "142905_b"); user_pref("extensions.astrmndasr.dfltLng", ""); user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}"); user_pref("extensions.astrmndasr.excTlbr", false); user_pref("extensions.astrmndasr.cr", "404776787"); user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzy0BtAtBtB0DzytGzz0Azz0FtGzyyB0E0CtG0C0BzzzytGyD0ByBtCyCtBzzyBtBzzzzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtCtDyBtCyCyCtDtG0A0Bzy0CtGyEzy0AtAtG0BtD0A0CtGyByD0A0EyEtBtDzytCyB0CtB2Q"); user_pref("extensions.astrmndasr.AL", 2); ---- Lines nspdlsd removed from prefs.js ---- user_pref("extensions.nspdlsd.aflt", "spd_dsites02_14_21_ch"); user_pref("extensions.nspdlsd.cd", "2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzzyBtBtN1L2XzutBtFtBtDtFtCyCtFtDtN1L1CzutCyEtDtAtDyD1V1T user_pref("extensions.nspdlsd.cr", "556670208"); user_pref("extensions.nspdlsd.instlRef", "140305_a"); ---- Lines nspdlsd removed from user.js ---- user_pref("extensions.nspdlsd.aflt", "spd_dsites02_14_21_ch"); user_pref("extensions.nspdlsd.instlRef", "140305_a"); user_pref("extensions.nspdlsd.cr", "556670208"); user_pref("extensions.nspdlsd.cd", "2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByByD0FyE0AtA0FyEyE0BtN0D0Tzu0SzzyBtBtN1L2XzutBtFtBtDtFtCyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0A0AyEyC0BtDzztG0AtCyCyDtGzz0FtCyCtGtDtC0F0CtGtAtByDzz0ByCyB0F0DtA0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyB0FzztDyByDtG0B0A0D0CtGzz0CzyyDtGyDzzyCyCtGtCtDtD0DzyyDzy0C0CyEzyzz2Q"); ---- FireFox user.js and prefs.js backups ---- user_24-01-2015_2158_.backup prefs_24-01-2015_2158_.backup ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\DailyDiscounts not found C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\PROFILES\t4qgrd95.default\extensions\staged deleted C:\ProgramData\17306278634682830329 deleted C:\ProgramData\cdodmhloahefkcdaicmkiohinjiobaen deleted C:\ProgramData\{86387c12-3640-7d30-8638-87c12364f048} deleted C:\Program Files (x86)\Optimizer Pro deleted C:\Users\lukas\AppData\Roaming\WB.CFG deleted C:\Users\lukas\AppData\Roaming\Thinstall deleted C:\Users\lukas\AppData\Roaming\Optimizer Pro deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Package Cache deleted C:\Users\lukas\AppData\Local\Thinstall deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\WINDOWS\Syswow64\GroupPolicy\Machine deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\lukas\Documents\Optimizer Pro deleted C:\Users\lukas\Desktop\Optimizer Pro.lnk deleted C:\Users\lukas\AppData\Local\dsisetup6033968592.exe deleted C:\Users\lukas\AppData\Local\dsisetup828408122.exe deleted "C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\t4qgrd95.default\searchplugins\yahoo-nl.xml" deleted "C:\Program Files (x86)\Popcorn Time\init.txt" not deleted "C:\Program Files (x86)\Popcorn Time\Updater.exe" deleted "C:\Program Files (x86)\Popcorn Time" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\lukas\AppData\Local\Temp ==== 2015-01-24 18:39:40 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\lukas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqwbke.dll 2015-01-21 13:20:06 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Users\lukas\AppData\Local\Temp\{AC76BA86-7AD7-1033-7B44-AB0000000001}\FixTransforms.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-01-14 18:50:55 3B26DCAB842C280FA7271FF2B58D3293 28352 ----a-w- C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-14 08:50:44 DCE9FD22B136C127C85F285E083B928B 65536 ----a-w- C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-14 08:50:43 1F9C1925A85C6CC592C2FF612A610412 372408 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 08:50:43 1EB1C1E43C1901865C5AE34A9771C069 448792 ----a-w- C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 08:50:43 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 08:50:42 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 08:50:42 BFFD9961B29DAB8084278DB2314D6027 33280 ----a-w- C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 08:50:42 B5867FF96CD0F7712CB4985EAC9F9147 370424 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 08:50:42 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 08:50:42 7B2643AE85322EA168B0E760B73258FF 424544 ----a-w- C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 08:50:42 4B07B24705A9225EB565650569BDA26B 344536 ----a-w- C:\WINDOWS\SysWOW64\AUDIOKSE.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-01-23 16:30:42 48BA9C6110A5EBA910E7FB2E7D23CFC1 110176 ----a-w- C:\WINDOWS\Sysnative\klfphc.dll 2015-01-14 18:50:57 9BC00C5608BF75BEAE893814A3AEC2AD 29888 ----a-w- C:\WINDOWS\Sysnative\aspnet_counters.dll 2015-01-14 08:50:45 19424364D8C03B990C4281BE53963FD0 225280 ----a-w- C:\WINDOWS\Sysnative\profsvc.dll 2015-01-14 08:50:44 FE11972797DED38CA55E88BD3579F6A2 360448 ----a-w- C:\WINDOWS\Sysnative\ncsi.dll 2015-01-14 08:50:44 E94EB2A95D7D016E119C4D6868788831 391680 ----a-w- C:\WINDOWS\Sysnative\nlasvc.dll 2015-01-14 08:50:44 6319232C1CE39AC35316CF51910EEEB5 86016 ----a-w- C:\WINDOWS\Sysnative\nlaapi.dll 2015-01-14 08:50:43 8EBC741DDE9409038262E2F317ED7CCE 535640 ----a-w- C:\WINDOWS\Sysnative\wer.dll 2015-01-14 08:50:43 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe 2015-01-14 08:50:43 2C354FA91EF605007FD11BB89EED2266 413248 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll 2015-01-14 08:50:43 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\WINDOWS\Sysnative\TSWbPrxy.exe 2015-01-14 08:50:42 E24D3259769A0218FE19BB306821C2E5 394120 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll 2015-01-14 08:50:42 D1E3B8D9130C70F6A3D4FDB52373FF34 37888 ----a-w- C:\WINDOWS\Sysnative\werdiagcontroller.dll 2015-01-14 08:50:42 A41B72F81B389786805CC4D5767B5FBC 531616 ----a-w- C:\WINDOWS\Sysnative\ci.dll 2015-01-14 08:50:42 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\WINDOWS\Sysnative\WerFaultSecure.exe 2015-01-14 08:50:42 8779FDAE68BC948B0FE152E758CC8DA7 229888 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2015-01-14 08:50:42 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe 2015-01-14 08:50:42 6F237EE5DDA34EAF3D9C79D4A283E250 482872 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll 2015-01-14 08:50:42 61EA45A645854FE81D8A924E2D93DFFE 911360 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2015-01-14 08:50:42 428F083690D7AAA012338FD5A0663EE3 500016 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll 2015-01-14 08:50:42 41C501FD9D42F3F04A8532C73E09F356 108944 ----a-w- C:\WINDOWS\Sysnative\EncDump.dll 2015-01-14 08:50:42 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2015-01-23 16:28:00 C10F8065188403857CD3AE1397185877 142344 ----a-w- C:\WINDOWS\Sysnative\drivers\klflt.sys 2015-01-23 16:28:00 0620A7BE4C98C4B1DDFE2BCBE6B29D1D 771272 ----a-w- C:\WINDOWS\Sysnative\drivers\klif.sys 2015-01-23 16:27:59 AB9F0954450B132CCC1CAD40AC3190B5 243808 ----a-w- C:\WINDOWS\Sysnative\drivers\klhk.sys 2015-01-23 11:43:03 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2015-01-23 11:41:54 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2015-01-23 11:41:54 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2015-01-23 11:41:54 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2015-01-23 10:09:09 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\WINDOWS\Sysnative\drivers\PSKMAD.sys 2015-01-18 18:07:18 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\WINDOWS\Sysnative\drivers\dtsoftbus01.sys 2015-01-14 08:50:44 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-01-14 08:50:44 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-01-24 19:09:55 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-01-23 16:28:42 -------- d-----w- C:\PROGRA~2\Kaspersky Lab 2015-01-18 18:41:37 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard 2015-01-18 18:11:30 -------- d-----w- C:\PROGRA~2\Dragon Age 2015-01-18 18:11:30 -------- d-----w- C:\PROGRA~2\COMMON~1\BioWare 2015-01-18 18:07:13 -------- d-----w- C:\PROGRA~2\DAEMON Tools Lite 2014-12-28 10:34:15 -------- d-----w- C:\PROGRA~2\Popcorn Time ======= C: ===== ====== C:\Users\lukas\AppData\Roaming ====== 2015-01-24 18:39:36 -------- d-----r- C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-01-23 13:02:13 -------- d-sh--w- C:\Users\lukas\AppData\Local\EmieBrowserModeList 2015-01-23 13:02:11 -------- d-sh--w- C:\Users\lukas\AppData\Locallow\EmieBrowserModeList 2015-01-20 12:17:30 -------- d-----w- C:\Users\lukas\AppData\Roaming\Adobe 2015-01-20 12:17:30 -------- d-----w- C:\Users\lukas\AppData\Local\Adobe 2015-01-18 18:07:15 -------- d-----w- C:\Users\lukas\AppData\Roaming\DAEMON Tools Lite 2015-01-09 08:11:30 -------- d-----w- C:\Users\lukas\AppData\Roaming\WinBatch 2014-12-28 10:35:17 -------- d-----w- C:\Users\lukas\AppData\Local\PopcornTimeDesktop 2014-12-27 20:42:06 -------- d-----w- C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time ====== C:\Users\lukas ====== 2015-01-24 19:05:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\lukas\Desktop\RSITx64.exe 2015-01-23 16:31:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2015-01-23 16:28:42 -------- d-----w- C:\ProgramData\Kaspersky Lab 2015-01-23 16:23:41 40C519BBF473DEA348276FF890A3AEFE 168766784 ----a-w- C:\Users\lukas\Downloads\kav15.0.0.463en_6021.exe 2015-01-23 11:40:56 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\lukas\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-21 14:32:38 0DFE0CAAB68CC8F2522C468B181FFBD0 6381120 ----a-w- C:\Users\lukas\Downloads\FileZilla_3.10.0.2_win32-setup.exe 2015-01-20 12:03:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus 2015-01-18 18:41:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-18 18:07:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-01-18 18:06:25 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2015-01-14 08:57:59 E247D0703C52116872F044AA0EB94226 34324222 ----a-w- C:\Users\lukas\Downloads\torbrowser-install-4.0.3_en-US.exe 2014-12-28 10:35:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2014-12-27 20:49:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2014-12-27 20:49:22 -------- d-----w- C:\Users\lukas\.openvpn ====== C: exe-files == 2015-01-24 19:09:58 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\lukas.exe 2015-01-18 18:23:03 F490AE80B7B75AB0E19A51AA4C99167C 1336552 ----a-w- C:\Program Files (x86)\Dragon Age\bin_ship\daupdater.exe 2015-01-18 18:23:03 914A7156B0C0F10BE645A02E13F576B2 25832 ----a-w- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe 2015-01-18 18:23:03 8930DE55AF20BA295996FCB419F4E4BB 10003688 ----a-r- C:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe 2015-01-18 18:23:03 755FB17FE9C1B6FA5097B8F609BB6A0E 2905320 ----a-w- C:\Program Files (x86)\Dragon Age\bin_ship\DAOriginsConfig.exe 2015-01-18 18:23:03 2F2EF80A4DB64D525D13E4B6C5F41BE2 1246440 ----a-w- C:\Program Files (x86)\Dragon Age\DAOriginsLauncher.exe 2015-01-18 18:07:18 BD217B63289396563D8E1CE82E20C405 52032 ----a-w- C:\Program Files (x86)\DAEMON Tools Lite\dtsoftbusinst64.exe === C: other files == 2015-01-18 18:07:18 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\Program Files (x86)\DAEMON Tools Lite\dtsoftbus01.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1884246182-1594293654-3750478002-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DellSystemDetect"="C:\Users\lukas\AppData\Local\Apps\2.0\XZZD13QM.KZC\OHEE1Z8R.XWZ\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe" "Spotify Web Helper"="C:\Users\lukas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "GoogleChromeAutoLaunch_335DEAC781E571D7D2368A08FFCEB343"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "PDFPrint"="C:\Program Files (x86)\PDF24\pdf24.exe" "InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe /LaunchSysTray" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSystemDetect"="C:\Users\lukas\AppData\Local\Apps\2.0\XZZD13QM.KZC\OHEE1Z8R.XWZ\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe" "Spotify Web Helper"="C:\Users\lukas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "GoogleChromeAutoLaunch_335DEAC781E571D7D2368A08FFCEB343"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1" "RtHDVBg_PushButton"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM" "QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Startup Folders ====================== 2014-01-22 15:28:31 1189 ----a-w- C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2014 18:45] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2014 18:45] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [23-08-2013 15:46] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C5CEEF52-07D4-4FB8-9AD8-7EA82CB79A67}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\t4qgrd95.default user_pref("browser.search.defaultenginename", "Yahoo NL"); user_pref("browser.search.selectedEngine", "Yahoo NL"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "url_advisor@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com" [23-01-2015 18:24] ==== Firefox Extensions ====================== ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\t4qgrd95.default - Search Manager for Moziila Firefox x2122; - %ProfilePath%\extensions\{71e6896a-7bed-49b8-bb69-e641e983b31b}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.65 (Possible outdated, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bakijjialdiiboeaknfpmflphhmljfkd - No path found[] dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bakijjialdiiboeaknfpmflphhmljfkd - No path found[] Google Slides - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_lyrics.wikia.com_0.localstorage deleted successfully C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_lyrics.wikia.com_0.localstorage-journal deleted successfully C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_daemon-tools.nl.softonic.com_0.localstorage deleted successfully C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_daemon-tools.nl.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{8E49BB15-DD63-4C31-8C54-25CE7774B2D1}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E49BB15-DD63-4C31-8C54-25CE7774B2D1}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1884246182-1594293654-3750478002-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lukas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\lukas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\lukas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\lukas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\lukas\AppData\Local\Mozilla\Firefox\Profiles\t4qgrd95.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\lukas\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\lukas\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Popcorn Time\init.txt" not found "C:\Program Files (x86)\Popcorn Time" not found ==== EOF on za 24-01-2015 at 22:22:03,42 ======================