Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Vanherle on di 14/04/2015 at 21:08:25,93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Vanherle\Desktop\zoek.exe [Scan all users] [Checkboxes used] ==== System Restore Info ====================== 14/04/2015 21:11:52 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Trend Micro deleted successfully C:\Program Files\ATI Technologies deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\Users\Vanherle\AppData\Roaming\TP deleted successfully C:\Users\Vanherle\AppData\Roaming\uTorrent deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{109B30C0-6AAD-4E19-8433-413F396B135} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{116687D6-7FE-412D-B35-151945E3F74} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25EB1EAC-1463-4F1B-A526-ED1637BDE0C9} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CA7883-9AFB-4E01-9F63-78AAA20E995} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{293D19FA-9E3B-43E7-9921-99401F5639D6} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF4C0C-25AD-4A89-B043-B420954B8683} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C5CB856-50B3-45D0-90C2-C61955A853DE} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D51A049-2A5B-4EA2-A2C7-AB5FECA037} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{398B0989-CDB6-413D-BC28-7BEB6C5B5289} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5502A253-EFED-43EA-9858-F759C98FB18E} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58051216-8959-4E70-ADF4-F3BCB3B022B7} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BAB50A8-C428-4F1B-A368-F1F19D1CA5E} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6327C40E-70D6-4C1A-B9DA-EE5F9392BF} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B4D785-E846-456B-BD37-9A9BCF36412} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{723FE18-A7D6-4B9E-BBF9-86A2A675A09E} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{731BEE46-37BE-4DA6-ABAC-4690A5399FD} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76081052-4996-46BE-8A1D-2EFEE017E3F9} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b68a327-e387-497f-88c4-10cba8eb048d} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F4BBDE1-1309-4B99-85F7-5C2C0D5173E} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87cf1a0f-538e-4ed2-9d72-a28334962e34} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87F6DF3F-D592-4CCA-9628-9034FC38883} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C0D66B-E27D-4ABF-B893-D9AA3956B1E5} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93B89865-B8CF-4FE1-8D59-E0976E259364} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9AB9432-DF7C-4D33-8238-289895E86F4} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AADB8B05-A8A1-4AC3-94BD-CAE87D54CE7} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCBD98DD-97DD-4A75-BB29-9D12C045FA1} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAB49FD4-F49A-4A82-82B7-F36CE6F2209F} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC437AE6-FF72-40B2-9E25-35D5E9F1322} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED12A30E-9611-40A4-8F99-4C43F9A46275} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F36FC087-3037-4A1E-B41F-A0D0E376F8CE} deleted successfully HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC308DC9-CD77-49B2-9842-82EC148CDEB8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b68a327-e387-497f-88c4-10cba8eb048d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87cf1a0f-538e-4ed2-9d72-a28334962e34} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 17 ActiveX Adobe Flash Player 17 NPAPI Adobe Reader XI (11.0.10) - Nederlands AMD Accelerated Video Transcoding AMD Catalyst Control Center AMD Catalyst Install Manager AMD Wireless Display v3.0 Avast Free Antivirus Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Control ActiveX de Windows Live Mesh para conexiones remotas Contr“le ActiveX Windows Live Mesh pour connexions … distance Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas Deluge 1.3.11 Dropbox Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galerˇa fotogr fica de Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Golden Trails - The New Western Rush Deluxe Google Afmelden voor advertentiecookie Google Chrome Google Toolbar for Internet Explorer Google Update Helper HP Update Java 7 Update 76 (64-bit) Java 8 Update 40 Java Auto Updater Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft_VC100_CRT_SP1_x64 Microsoft_VC100_CRT_SP1_x86 Mozilla Firefox 36.0.4 (x86 nl) Mozilla Thunderbird 31.6.0 (x86 nl) MyDriveConnect 3.3.0.1756 OpenOffice 4.1.1 Poczta uslugi Windows Live Podstawowe programy Windows Live Posta Windows Live Raccolta foto di Windows Live S?????? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?ća???sć??e? s??d?se?? TeamViewer 9 Uzak BaglantŐlar I‡in Windows Live Mesh ActiveX Denetimi VASCO Card Reader Plug-In (64-Bit) VASCO Smart Card Reader Plug-In (User) VDownloader 4.0.1001 Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Visual Studio C++ 10.0 Runtime Windows-stuurprogrammapakket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Fotograf Galerisi Windows Live Fot˘t r Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX-vez‚rlo t voli kapcsolatokhoz Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.1 ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe C:\Windows\Pixart\Pac7302\Monitor.exe C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Program Files (x86)\OpenOffice 4\program\soffice.bin C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgt02.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Vanherle\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Trend Micro not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\Users\Vanherle\AppData\Roaming\VDownloader deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk deleted C:\PROGRA~3\Package Cache deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Public\Desktop\VDownloader.lnk deleted C:\Users\Vanherle\Desktop\MiniGet Smart Downloader.lnk deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8159 MB CPU Info: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz CPU Speed: 3105,3 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: AMD Radeon HD 7400 Series | AMD Radeon HD 7400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic Non-PnP Monitor | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-216AB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 1346,2GB | D: 50,0GB Hard Disks - Free: C: 950,7GB | D: 30,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 04/18/12 | MEDION - 11112011 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDION MS-7728 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 41.0.2272.118 Internet Explorer Version: 11.0.9600.17691 Mozilla Firefox version: 36.0.4 (x86 nl) Google Chrome version: 41.0.2272.118 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_40 (32-bit) Sun Java version: 1.8.0_40 (64-bit) Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-04-14 06:05:01 29968EDF8EF795F91DD35A61988CC40C 43112 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Vanherle\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-04-14 06:05:41 5FA979EE982E893255D7808AB3E1EF94 364472 ----a-w- C:\Windows\Sysnative\aswBoot.exe ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-04-05 16:30:19 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird 2015-03-30 06:47:00 -------- d-----w- C:\PROGRA~2\OpenOffice 4 2015-03-17 18:33:58 -------- d-----w- C:\PROGRA~2\Deluge ======= C: ===== ====== C:\Users\Vanherle\AppData\Roaming ====== 2015-04-14 13:20:54 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\Vanherle\AppData\Local\recently-used.xbel 2015-03-17 18:34:19 -------- d-----w- C:\Users\Vanherle\AppData\Roaming\deluge ====== C:\Users\Vanherle ====== 2015-03-30 07:05:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-30 06:50:20 -------- d-----w- C:\Users\Public\Documents\sun 2015-03-30 06:47:19 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-03-18 16:20:11 -------- d-----w- C:\ProgramData\Google 2015-03-17 18:34:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge ====== C: exe-files == 2015-04-14 06:05:41 5FA979EE982E893255D7808AB3E1EF94 364472 ----a-w- C:\Windows\System32\aswBoot.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-219209752-1814971668-716802256-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe" "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyTomTomSA.exe" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\MyTomTom 3\\MyTomTomSA.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NokiaSuite.exe" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Vanherle\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VDownloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VDownloader" "hkey"="HKLM" "command"="\"C:\\Program Files\\VDownloader\\VDownloader4.exe\" /silent" ==== Startup Folders ====================== 2012-12-26 13:04:27 2103 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18/03/2015 18:23] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14/04/2015 08:04] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [26/12/2012 15:05] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19/03/2015 18:14] Google Docs - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast Online Security - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Vanherle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Vanherle\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.com/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{4C8CBB16-A7D3-4ADE-9475-E54ED8FC9FCA}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {21CA3304-8E8A-4684-9501-CD8EB2011C79} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {3AEB25E6-D905-4F7B-9E87-089FBF90D51C} (www.google.com)[3] Google Url="https://www.google.com/search?q={searchTerms}" {4C8CBB16-A7D3-4ADE-9475-E54ED8FC9FCA} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {542946E2-3275-47CD-AE77-4959EF14BF7F} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {6CCACA36-56E3-4E1E-9C03-5E2C8597284E} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {AF8DBE56-21E9-4F59-9F10-55F6202957E5} (www.google.com)[4] Google Url="https://www.google.com/search?q={searchTerms}" {DA214047-4B08-4F71-9796-5C1090AEF4D3} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393" {FAF43931-810F-488D-888E-4ADF54360B06} (www.google.com)[2] Google Url="https://www.google.com/search?q={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll O2 - BHO: Afmelden voor advertentiecookie - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1429001198 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Vanherle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Vanherle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Vanherle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=28 folders=19 15059522 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Vanherle\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Vanherle\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 14/04/2015 at 21:38:04,85 ======================