Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Eigenaar on za 11/04/2015 at 15:05:48,62. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-03-07-160908.log 32303 bytes C:\zoek-results2015-04-11-073722.log 19150 bytes ==== Empty Folders Check ====================== C:\Program Files\MyHeritage deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 32 Bit HP CIO Components Installer Adobe Flash Player 17 ActiveX Adobe Flash Player 17 NPAPI B110 BufferChm CCleaner CheckDrive Content Transfer Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition ExtractNow Free YouTube to MP3 Converter version 3.12.29.304 Google Chrome Google Update Helper HD Tune 2.55 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HPAppStudio HPPhotoGadget Kaspersky Internet Security Malwarebytes Anti-Malware versie 2.0.4.1028 Mediapurge Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneDrive Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD Mozilla Firefox 37.0.1 (x86 nl) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 neroxml Network NirSoft BlueScreenView NVIDIA-configuratiescherm 307.83 NVIDIA Drivers NVIDIA Grafisch stuurprogramma 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components NWZ-E450 WALKMAN Guide PS_AIO_07_B110_SW_Min QuickTransfer Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365) Security Update for Microsoft .NET Framework 4 Client Profile (KB2972106) Security Update for Microsoft .NET Framework 4 Client Profile (KB2972215) Security Update for Microsoft .NET Framework 4 Client Profile (KB2978125) Security Update for Microsoft .NET Framework 4 Client Profile (KB2979575v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2894842v2) Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2) Security Update for Microsoft Excel 2010 (KB2956142) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2883100) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2889839) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2956139) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Spotify SUPERAntiSpyware Free Edition Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD Toolbox Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2878283) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition VCRedistSetup VLC media player WD Link WebReg Wondershare AllMyTube(Build 4.2.2.0) ==== Running Processes ====================== C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\IoctlSvc.exe C:\Program Files\SUPERAntiSpyware\SASCore.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Windows\system32\conime.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Mail\WinMail.exe C:\Users\Eigenaar\Downloads\zoek.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HPService ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\MyHeritage not found C:\Users\Eigenaar\AppData\Roaming\bitlord_log.txt deleted "C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677\extensions\firefox@mega.co.nz.xpi" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2047 MB CPU Info: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz CPU Speed: 2439,7 MHz Sound Card: Luidsprekers (High Definition A | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH40F Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 285,1GB | E: 114,5GB Hard Disks - Free: C: 31,8GB | E: 75,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/10/08 | PacBel - 20080910 Time Zone: Romance (standaardtijd) Motherboard *: Packard Bell BV MCP73VT-PM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Kaspersky Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Kaspersky Internet Security disabled Default Browser: Firefox 37.0.1 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 37.0.1 (x86 nl) Google Chrome version: 41.0.2272.118 Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Eigenaar\AppData\Local\Temp ==== 2015-04-06 16:10:05 FDCF03208012026400DA8626656983F8 298096 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe 2015-03-31 12:29:57 1172DF3EABBD1E580882B2E14557B4F5 461824 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\2710.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-03-29 07:33:15 D7E28676D83AE6568CCF99BD01700734 2048 ----a-w- C:\Windows\System32\tzres.dll 2015-03-29 07:32:45 D6BACADF83661F08F9E1515AAE74B03E 92672 ----a-w- C:\Windows\System32\UIAnimation.dll 2015-03-29 07:32:44 22C2646DD3ED24004F994D0DA9755955 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2015-03-29 07:32:43 8C459CFAC2FB3DFB693BCFEC32F25407 3023360 ----a-w- C:\Windows\System32\UIRibbon.dll 2015-03-29 07:31:30 9B9108D3019C18BD6D38B860813E6E52 31232 ----a-w- C:\Windows\System32\BthMtpContextHandler.dll 2015-03-29 07:31:30 801FBDB89D472B3C467EB112A0FC9246 81920 ----a-w- C:\Windows\System32\wpdbusenum.dll 2015-03-29 07:31:30 1D7D7E32A80109D5C3167309265EAC83 30208 ----a-w- C:\Windows\System32\WPDShextAutoplay.exe 2015-03-29 07:31:23 B53BD9E63867CD9FD853F666CA172713 60928 ----a-w- C:\Windows\System32\PortableDeviceConnectApi.dll 2015-03-29 07:31:19 E92143D1B2E32FAF6CC56FD97B908F6A 2537472 ----a-w- C:\Windows\System32\wpdshext.dll 2015-03-29 07:31:19 C220FC95DA7AD00AB03C184AFDDC5314 196608 ----a-w- C:\Windows\System32\PortableDeviceWMDRM.dll 2015-03-29 07:31:19 B2B117BD8D1EA80536CDD91797EF4A0A 100864 ----a-w- C:\Windows\System32\PortableDeviceClassExtension.dll 2015-03-29 07:31:19 A8FB1B20C5ABD1817B7F96251293BFF9 226816 ----a-w- C:\Windows\System32\WpdMtp.dll 2015-03-29 07:31:19 883D02AB5D350BC45E0F60E8CFA97FDC 160256 ----a-w- C:\Windows\System32\PortableDeviceTypes.dll 2015-03-29 07:31:19 81072240917688254A55C1C568B2377B 546816 ----a-w- C:\Windows\System32\wpd_ci.dll 2015-03-29 07:31:19 6B5C53E0932C510606D700B7A896EF73 87552 ----a-w- C:\Windows\System32\WPDShServiceObj.dll 2015-03-29 07:31:19 58E42DDB9F734E8DBDA17E806EF3F64A 33280 ----a-w- C:\Windows\System32\WpdConns.dll 2015-03-29 07:31:19 49456BFE373D90B895795C5A1A13A7C8 350208 ----a-w- C:\Windows\System32\WPDSp.dll 2015-03-29 07:31:19 3501443C148C780E8CE6B5108CE6D95E 61952 ----a-w- C:\Windows\System32\WpdMtpUS.dll 2015-03-29 07:31:19 2205A220A264E8C8B86492BF3D112907 334848 ----a-w- C:\Windows\System32\PortableDeviceApi.dll 2015-03-29 07:16:02 0D8FBC644E556C40E06B7EB25A73F6E5 564224 ----a-w- C:\Windows\System32\oleaut32.dll 2015-03-29 06:23:25 BAC7D3632B09A5DF7D2BD067933E49E0 2264064 ----a-w- C:\Windows\System32\msi.dll 2015-03-29 06:14:11 76FD230DEAB73D2826458617DBB56A63 16896 ----a-w- C:\Windows\System32\winusb.dll 2015-03-29 06:14:09 FE47B7BC8EA320C2D9B5E5BF6E303765 73216 ----a-w- C:\Windows\System32\WUDFSvc.dll 2015-03-29 06:14:09 D5CF1536137026ACDED95BF6CBF849F6 172032 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2015-03-29 06:14:07 D689B2C2E69156D954C24810F4081C1E 38912 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2015-03-29 06:14:07 A36F7A256E65D858A7039DB00ADEEBDD 613888 ----a-w- C:\Windows\System32\WUDFx.dll 2015-03-29 06:14:07 980B6A5F92B8DB235C4A26728C2BE732 196608 ----a-w- C:\Windows\System32\WUDFHost.exe 2015-03-29 06:07:04 3FA837E3C30334BA8CA5EEB2B375D50C 2048 ----a-w- C:\Windows\System32\winrsmgr.dll 2015-03-29 06:06:38 9A626BF1143410771075503B2AB3F564 12800 ----a-w- C:\Windows\System32\wsmprovhost.exe 2015-03-29 06:06:38 2662DBEAD02082F1AB671E550B56E920 20480 ----a-w- C:\Windows\System32\winrshost.exe 2015-03-29 06:06:38 12C7EAF8A0EF6DE0066AAB801DCA021F 40448 ----a-w- C:\Windows\System32\winrs.exe 2015-03-29 06:06:32 D80AAE1CDAFAC1E0ADEDC7D312EF61D0 10240 ----a-w- C:\Windows\System32\wsmplpxy.dll 2015-03-29 06:06:32 19CFA2BAEE7FA471786897A0113B52D9 10240 ----a-w- C:\Windows\System32\winrssrv.dll 2015-03-29 06:06:30 F7D20026623E7136730FC42E25CBD2E6 56320 ----a-w- C:\Windows\System32\wecapi.dll 2015-03-29 06:06:30 D595A88D377366F93AFAEA20B8764A50 81408 ----a-w- C:\Windows\System32\wevtfwd.dll 2015-03-29 06:06:30 B48DB26FF92EA10802DDA092E4B44872 79872 ----a-w- C:\Windows\System32\wecutil.exe 2015-03-29 06:06:30 AE3736E7E8892241C23E4EBBB7453B60 146944 ----a-w- C:\Windows\System32\wecsvc.dll 2015-03-29 06:06:30 9E07A84FF9532B3DE8886A84F28EEB99 41472 ----a-w- C:\Windows\System32\pwrshplugin.dll 2015-03-29 06:06:30 1311171CF8F6D2954441EF2A42693035 54272 ----a-w- C:\Windows\System32\WsmRes.dll 2015-03-29 06:06:21 F6D48AE1F578493D2E19DD644B153976 201184 ----a-w- C:\Windows\System32\winrm.vbs 2015-03-29 06:06:21 B2EDF82825D979928AE07CBE9C7A2160 2426 ----a-w- C:\Windows\System32\WsmTxt.xsl 2015-03-29 06:06:20 3C436603213561E2E7DD3D4459DBB7D4 4675 ----a-w- C:\Windows\System32\wsmanconfig_schema.xml 2015-03-29 06:06:15 DE21E8012F3946A647C9B38A636EE9EC 145408 ----a-w- C:\Windows\System32\WsmAuto.dll 2015-03-29 06:06:14 D1C18ACA47C53DA18FAD42C8FB9D6BE3 241152 ----a-w- C:\Windows\System32\winrscmd.dll 2015-03-29 06:06:14 148DB2E11E0A44FEB053250303BA02DD 214016 ----a-w- C:\Windows\System32\WsmWmiPl.dll 2015-03-29 06:06:12 7CFE68BDC065E55AA5E8421607037511 1181696 ----a-w- C:\Windows\System32\WsmSvc.dll 2015-03-29 06:06:12 6D106AB92DDE6B605A74E13147039CA6 246272 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2015-03-29 06:06:12 6B57C7A878B176E6D95200CEF19DDEEC 252416 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll ====== C:\Windows\system32\drivers ===== 2015-03-29 07:54:29 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2015-03-29 07:53:58 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2015-03-29 07:31:19 DE9D36F91A4DF3D911626643DEBF11EA 40448 ----a-w- C:\Windows\System32\drivers\WpdUsb.sys 2015-03-29 06:14:26 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2015-03-29 06:14:11 867C301E8B790040AE9CF6486E8041DF 155136 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2015-03-29 06:14:11 06E6F32C8D0A3F66D956F57B43A2E070 66560 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys ====== C:\Windows\Tasks ====== 2015-03-29 08:03:45 -------- d-----w- C:\Windows\system32\Tasks\WPD ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-04 15:28:49 -------- d-----w- C:\Program Files\Microsoft OneDrive 2015-03-30 11:18:31 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2015-03-29 07:56:33 -------- d-----w- C:\Program Files\Windows Portable Devices 2015-03-28 11:34:31 -------- d-----w- C:\Program Files\Secunia ======= C: ===== ====== C:\Users\Eigenaar\AppData\Roaming ====== 2015-03-29 07:05:25 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2015-03-29 07:05:25 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2015-03-28 11:41:29 -------- d-----w- C:\Users\Eigenaar\AppData\Local\WindowsUpdate ====== C:\Users\Eigenaar ====== 2015-04-05 08:28:41 9BD1204442C40389BC6D33D35718C712 461312 ----a-w- C:\Users\Eigenaar\Downloads\CHICAGO FiRE S03E16 x264 1080p Eng nl subs TBS.exe 2015-04-04 15:28:49 4E0EA5397212C64154CDCBD0F3710A8A 7210656 ----a-w- C:\Users\Eigenaar\Downloads\OneDriveSetup.exe 2015-04-04 15:28:42 -------- d-----r- C:\Users\Eigenaar\OneDrive 2015-04-04 15:27:53 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2015-03-31 15:03:00 5C989C8B783D4B821568DA087549ACF0 461312 ----a-w- C:\Users\Eigenaar\Downloads\Download.exe ====== C: exe-files == 2015-04-06 16:10:05 FDCF03208012026400DA8626656983F8 298096 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe 2015-04-06 15:30:17 E69888A5F1F65AC3A538759E0F69395C 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-99750587-4078008973-3465543785-1000\$IU3XVNJ.exe 2015-04-05 08:28:41 9BD1204442C40389BC6D33D35718C712 461312 ----a-w- C:\Users\Eigenaar\Downloads\CHICAGO FiRE S03E16 x264 1080p Eng nl subs TBS.exe 2015-04-04 17:51:46 EEC20F949A3CB8B084AA77EDABD73494 1527312 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-99750587-4078008973-3465543785-1000\$RU3XVNJ.exe 2015-04-04 15:28:49 4E0EA5397212C64154CDCBD0F3710A8A 7210656 ----a-w- C:\Users\Eigenaar\Downloads\OneDriveSetup.exe 2015-04-04 15:28:49 4E0EA5397212C64154CDCBD0F3710A8A 7210656 ----a-w- C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe 2015-04-04 15:28:37 6CB24AD9998AC4F83F0EBE05B4DF8AAB 281248 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2015-04-04 15:28:37 4E0EA5397212C64154CDCBD0F3710A8A 7210656 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\OneDriveSetup.exe 2015-04-04 15:28:11 6383C82342A530B99BD8831BA526CD76 112808 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncConfig.exe === C: other files == 2015-04-04 15:28:10 6DA967AC75C23FBFB920A54A40607812 5843 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-99750587-4078008973-3465543785-1000\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-21-99750587-4078008973-3465543785-1002\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "ContentTransferWMDetector.exe"="C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28/03/2015 15:37] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/09/2014 14:29] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\UnHackMe Task Scheduler" [C:\Program Files\UnHackMe\hackmon.exe] "C:\Windows\system32\tasks\Abelssoft\CheckDriveBackgroundGuard" [C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02/02/2015 18:09] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677 - Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com - Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com - Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com - Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com - Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com - Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677 C2D756C95D5AE3D030E7D394B9C771B9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation E2B92179DA6F4CF6EC3778D2802C960F - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll - Plugins PDK 57686DF728BE5FE43A05B265051D1935 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll - Plugins PDK 4BA14D74164EC27A9A97663D7D9755A1 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll - Plugins PDK 43583AB4DFD406F4C188342F41B1F91C - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] Google Slides - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky Protection - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Google Sheets - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap IMG inspector - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpogobkggapdhmfnamfnhmchcbmehokb Google Wallet - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-99750587-4078008973-3465543785-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm O9 - Extra button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Kaspersky Anti-Virus-service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCore.exe ==== Empty IE Cache ====================== C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Eigenaar\AppData\Local\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3 folders=0 4223116 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eigenaar\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot