Zoek.exe v5.0.0.0 Updated 18-01-2015 Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Katrien & Joachim\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-24-085733.log 868 bytes C:\zoek-results2015-01-24-142526.log 336 bytes ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\KATRIE~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-01-14 12:32:23 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:32:22 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:32:20 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-01-14 12:23:37 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:23:37 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll ====== C:\Windows\SysWOW64\drivers ===== 2015-01-23 19:01:02 5656701F6375B30604C32673AC348161 71 ----a-w- C:\Windows\SysWOW64\drivers\EICAR.COM ====== C:\Windows\Sysnative ===== 2015-01-23 15:33:13 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe 2015-01-14 12:32:24 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-01-14 12:32:21 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-01-14 12:32:21 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-01-14 12:32:21 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-01-14 12:25:39 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-14 12:23:44 DCD00561CBDE7FC42A49D84783F4C00B 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-01-14 12:23:37 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll ====== C:\Windows\Sysnative\drivers ===== 2015-01-14 12:20:58 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-01-23 15:33:32 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-23 18:42:10 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== 2015-01-23 15:34:58 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs 2014-12-29 19:12:12 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015 2014-12-29 19:11:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015 2014-12-29 19:03:33 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015 2015-01-25 18:48:12 -------- d-----w- C:\\_OTL\MovedFiles 2015-01-24 16:06:07 3FA397839998EC2861177269AD275F90 1237 ----a-w- C:\\AdwCleaner\AdwCleaner[S1].txt 2015-01-24 16:02:22 2097F42E77FB42E2CDCE71A6EA422B4D 1219 ----a-w- C:\\AdwCleaner\AdwCleaner[R4].txt 2015-01-23 18:42:19 0C4F4C3E535D929F12B896C40B3E3558 42401 ----a-w- C:\\rsit\info.txt 2015-01-23 18:42:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\\Program Files\trend micro\Katrien & Joachim.exe 2015-01-23 18:42:10 -------- d-----w- C:\\Program Files\trend micro 2015-01-23 15:33:13 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\\Windows\System32\sdnclean64.exe 2015-01-15 18:48:58 36FC4252DDB437957CE6FAB3EF9E1AAE 1071 ----a-w- C:\\AdwCleaner\AdwCleaner[R3].txt 2015-01-14 20:31:56 C23252BA10355788BF36AC779C209EBC 21612 ----a-w- C:\\AdwCleaner\AdwCleaner[S0].txt 2015-01-14 20:28:16 E8497D6E0A1552739630237E74E588CF 22940 ----a-w- C:\\AdwCleaner\AdwCleaner[R2].txt 2015-01-14 20:25:56 0072DA80FF3ED985BA555A9E63CC8BC6 22880 ----a-w- C:\\AdwCleaner\AdwCleaner[R1].txt 2015-01-14 20:16:55 D79983A799914A321F9A0D59A559C79A 22819 ----a-w- C:\\AdwCleaner\AdwCleaner[R0].txt 2015-01-14 20:16:43 -------- d-----w- C:\\AdwCleaner\Quarantine 2015-01-14 12:32:24 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\\Windows\System32\ntoskrnl.exe 2015-01-14 12:32:23 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:32:22 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:32:21 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\\Windows\System32\srcore.dll 2015-01-14 12:32:21 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\\Windows\System32\rstrui.exe 2015-01-14 12:32:21 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\\Windows\System32\srclient.dll 2015-01-14 12:32:20 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\\Windows\SysWOW64\srclient.dll 2015-01-14 12:25:39 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\\Windows\System32\profsvc.dll 2015-01-14 12:23:44 DCD00561CBDE7FC42A49D84783F4C00B 62976 ----a-w- C:\\Windows\System32\TSWbPrxy.exe 2015-01-14 12:23:37 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:23:37 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\\Windows\SysWOW64\ncsi.dll 2015-01-14 12:23:37 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\\Windows\System32\nlasvc.dll 2014-12-29 19:11:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-12-29 19:08:31 -------- d-----w- C:\ProgramData\AVG2015 2014-12-29 19:08:31 -------- d-----w- C:\\ProgramData\AVG2015 ====== C: exe-files == 2015-01-24 15:58:02 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Katrien & Joachim\Desktop\adwcleaner_4.109.exe 2015-01-23 18:42:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Katrien & Joachim.exe 2015-01-23 18:38:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Katrien & Joachim\Desktop\RSITx64.exe 2015-01-23 17:53:23 1D6B5D9C318209299EE1D37A31672859 377783032 ----a-w- C:\Users\Katrien & Joachim\Downloads\Norman_Malware_Cleaner.exe 2015-01-23 15:22:43 12B0836D10022CFC6BE3B5A669D9E16B 2001540 ----a-w- C:\Users\Katrien & Joachim\Downloads\pc-decrapifier-3.0.0.exe 2015-01-23 13:51:15 E45823AE0D754FC0206F14C1FC43EB74 5317104 ----a-w- C:\Users\Katrien & Joachim\Downloads\ccsetup501.exe === C: other files == 2015-01-26 17:11:43 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Katrien & Joachim\AppData\Local\Temp\_MEI39042\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-01-26 17:11:43 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Katrien & Joachim\AppData\Local\Temp\_MEI39042\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2015-01-25 17:21:52 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Katrien & Joachim\Desktop\OTL.com 2015-01-23 19:01:02 5656701F6375B30604C32673AC348161 71 ----a-w- C:\Windows\SysWOW64\drivers\EICAR.COM ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-748706070-3823825615-209406529-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" "MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAA1ADEAMQAyADEAOAAxADYALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADIAMAA2ADgANwAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0ARgA5ADAATQAxADIARQBOACsAMQAtAFQAQgBOACsAMQAtAEwAOQAwAE0ASgArADEALQBGADkAMABNADEAMgBKAFQAKwAxAC0ARgA5ADAATQAxADIAUgArADEALQBWAEkAUAAxADIAKwAxAA&prod=90&ver=9.0.894" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" "MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe -s" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25/01/2015 19:29] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\Norton Security Scan for Katrien & Joachim.job --ah----- C:wG:F t@-C:\PROGRA2\NORTON2\Engine\4101.28\Nss.exe [] C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [02/07/2009 12:04] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\elbyExecuteWithUAC" [C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton Security Scan for Katrien & Joachim" [C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe] "C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe] "C:\Windows\SysNative\tasks\{09B27D19-2EBD-48C2-9422-C5BE22DFF9EF}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{25150B3D-6C9C-47CA-8BDE-DE475EC8FD93}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{64B832E1-1135-487E-8D6C-BEBFF4C9E292}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{76F2E567-2654-4F07-B6FD-81A24EB47C54}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{7C2FD68E-2810-4C5D-95A3-7E1EE871D008}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{8B5FDA68-4641-4C3A-B8CF-89F00A0EDA1A}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{BF2ED637-184E-4FC9-A2AF-A3867FEE9BA8}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\{C2C05D27-4D2A-4661-B764-4AB608EDFC4E}" [G:\werkplaatshandboeken\auto\toyota corolla\040314_1754\SETUP.EXE] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [08/01/2012 11:31] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\KATRIE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[12/07/2014 11:41] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] ==== Reset Google Chrome ====================== Nothing found to reset ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on ma 26/01/2015 at 18:28:35,91 ======================