Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Lander Aernouts on za 18/04/2015 at 21:02:47,41. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Lander Aernouts\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/04/2015 21:04:03 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\DYNALOG deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\PDFC deleted successfully C:\Users\Lander Aernouts\AppData\Roaming\Blum deleted successfully C:\Users\Lander Aernouts\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Lander Aernouts\AppData\Local\PDFC deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56E57FA1-02D7-4F09-9CA3-CC3A0EB11A5F} deleted successfully HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1002\Software\Microsoft\Internet Explorer\SearchScopes\{56E57FA1-02D7-4F09-9CA3-CC3A0EB11A5F} deleted successfully HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC4D4B11-3B05-48FC-9F3C-9AC863BBB23C} deleted successfully HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0EA4F72-74A9-48BF-8693-B7CC2B1F329D} deleted successfully HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E638D5A1-4BA4-4A43-B55E-F1D1DC6B7350} deleted successfully HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEF1793A-6AFB-4975-8CCF-8185F010A77A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56E57FA1-02D7-4F09-9CA3-CC3A0EB11A5F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56E57FA1-02D7-4F09-9CA3-CC3A0EB11A5F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\prevhost.exe C:\Users\Lander Aernouts\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\DYNALOG not found C:\PROGRA~2\Visual Event deleted C:\Users\Lander Aernouts\AppData\Roaming\appdataFr3.bin deleted C:\Users\Lander Aernouts\AppData\Roaming\ap_movie deleted C:\Users\Lander Aernouts\AppData\Roaming\GoldenGate deleted C:\Users\Lander Aernouts\AppData\Local\nsg13A7.tmp deleted C:\Users\Lander Aernouts\AppData\Local\nsz3A29.tmp deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\Users\Lander Aernouts\Downloads\Friday deals-18-07-2014.pdf deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Windows\Installer\3fbfb37b.msi" deleted "C:\Windows\Installer\2514342a.msi" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8173 MB CPU Info: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz CPU Speed: 3353.9 MHz Sound Card: Not detected Display Adapters: NVIDIA GeForce GT 545 | NVIDIA GeForce GT 545 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-H653TN Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 1382.2GB | D: 14.9GB Hard Disks - Free: C: 1266.3GB | D: 1.9GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | 09/28/11 | HPQOEM - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Foxconn 2ABF Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 42.0.2311.90 Internet Explorer Version: 11.0.9600.17691 Google Chrome version: 42.0.2311.90 Adobe Reader version: 10.1.7.27 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\LANDER~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-18 10:38:49 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-03-23 18:00:40 -------- d-----w- C:\PROGRA~2\Silabs 2015-03-23 17:59:36 -------- d-----w- C:\PROGRA~2\Dexcom ======= C: ===== ====== C:\Users\Lander Aernouts\AppData\Roaming ====== 2015-03-23 18:01:08 -------- d-----w- C:\Users\Lander Aernouts\AppData\Local\IsolatedStorage ====== C:\Users\Lander Aernouts ====== 2015-04-18 10:38:39 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Lander Aernouts\Downloads\RSITx64.exe 2015-03-23 18:00:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dexcom ====== C: exe-files == 2015-04-18 10:43:09 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files (x86)\Google\Update\Install\{2BF06447-A195-4B03-BEC7-30076C5E6AF7}\42.0.2311.90_41.0.2272.118_chrome_updater.exe 2015-04-18 10:43:09 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.90\42.0.2311.90_41.0.2272.118_chrome_updater.exe 2015-04-18 10:38:49 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Lander Aernouts.exe 2015-04-18 10:38:39 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Lander Aernouts\Downloads\RSITx64.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Windows\CurrentVersion\Run] "HP Officejet Pro 8600 (NET)"="C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN1C81R2QF05KD:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "Software Informer"="C:\Program Files\Software Informer\softinfo.exe -autorun" [HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #1"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1395342470&rver=6.4.6456.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2067&id=64855&mkt=nl-be&cbcxt=mai&snsc=1 --extensions-on-chrome-urls --test-type --load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app\37.1329.3.6" [HKEY_USERS\S-1-5-21-2939929581-2716270836-1952389377-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchHPOSIAPP"="C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "IsaKbcCertUpdate"="C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Officejet Pro 8600 (NET)"="C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN1C81R2QF05KD:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "Software Informer"="C:\Program Files\Software Informer\softinfo.exe -autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #1"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1395342470&rver=6.4.6456.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2067&id=64855&mkt=nl-be&cbcxt=mai&snsc=1 --extensions-on-chrome-urls --test-type --load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app\37.1329.3.6" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Application Restart #2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Application Restart #2" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1395342470&rver=6.4.6456.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2067&id=64855&mkt=nl-be&cbcxt=mai&snsc=1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OfficeSyncProcess" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Lander Aernouts\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" ==== Startup Folders ====================== 2012-02-06 19:23:12 1936 ----a-w- C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk 2012-06-14 13:52:24 1302 ----a-w- C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18/04/2015 21:06] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2014 18:37] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2014 18:37] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPOSIAPP64" ["%ProgramFiles(x86)%\Hewlett-Packard\HP Keyboard\ModLEDKey.exe"] "C:\Windows\SysNative\tasks\hpUrlLauncher.exe_{2DE75AC1-F55F-43BF-BBB3-5BA7E632710D}" [C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe] "C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe] "C:\Windows\SysNative\tasks\SoftwareInformerService" ["C:\Program Files\Software Informer\softinfo.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8EBA8FD3-375C-4D11-91F3-1C4D7AD1C36E}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\LANDER~1\AppData\Roaming\TomTom\HOME\Profiles\ga1843cp.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db] YouTube - Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Visual Event - Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbmmieigblcbldgdokdjpioljjninaim Gmail - Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ] ==== Chromium Fix ====================== C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage-journal deleted successfully C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbmmieigblcbldgdokdjpioljjninaim deleted successfully C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbmmieigblcbldgdokdjpioljjninaim_0.localstorage deleted successfully C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbmmieigblcbldgdokdjpioljjninaim_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-7?mpre=http://shop.ebay.com/?_nkw={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Lander Aernouts\Desktop\FastImageResizer.lnk - C:\Program Files (x86)\Fast Image Resizer\fastimageresizer.exe C:\Users\Lander Aernouts\Desktop\Indigo Renderer.lnk - C:\Program Files (x86)\Indigo Renderer\indigo.exe C:\Users\Lander Aernouts\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lander Aernouts\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Lander Aernouts\Desktop\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe C:\Users\Lander Aernouts\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Lander Aernouts\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Lander Aernouts\Desktop\Spotify.lnk - C:\Users\Lander Aernouts\AppData\Roaming\Spotify\spotify.exe C:\Users\UpdatusUser\Desktop\cut.lnk - C:\Program Files (x86)\Optimal Programs\Cutting Optimization pro\cut.exe C:\Users\UpdatusUser\Desktop\FastImageResizer.lnk - C:\Program Files (x86)\Fast Image Resizer\fastimageresizer.exe C:\Users\UpdatusUser\Desktop\Play Flappy Bird.lnk - C:\Users\Lander Aernouts\AppData\Roaming\Gameo\gameo.exe gameo.dat game:410 gameMode:standalone ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader X .lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Allway Sync.lnk - C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe C:\Users\Public\Desktop\Dexcom Studio 12.0.4.6.lnk - C:\Windows\Installer\{B9E28443-0C3E-416B-A034-5390A9F8B0E4}\Dexcom.Studio.exe C:\Users\Public\Desktop\DYNALOG.lnk - C:\Program Files (x86)\Blum\DYNALOG\Dynalog.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk - C:\Program Files (x86)\hp\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\KashExpert.lnk - C:\Program Files (x86)\KashExpert\KashExpert.exe C:\Users\Public\Desktop\KBC-Online for Business.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.kbc.be/ondernemen C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1C81R2QF05KD;CONNECTION=NW;MONITOR=1; ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dexcom\Dexcom Studio 12.0.4.6.lnk - C:\Windows\Installer\{B9E28443-0C3E-416B-A034-5390A9F8B0E4}\Dexcom.Studio.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Image Resizer\Fast Image Resizer.lnk - C:\Program Files (x86)\Fast Image Resizer\fastimageresizer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Image Resizer\Online Documentation.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Image Resizer\Uninstall.lnk - C:\Program Files (x86)\Fast Image Resizer\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Image Resizer\Website.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Software Informer.lnk - C:\Program Files\Software Informer\softinfo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Uninstall Software Informer.lnk - C:\Program Files\Software Informer\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging Console.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -config C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging starten.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -userstart C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging stoppen.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -shutdown ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AutoFit.lnk - C:\AutoFIT\AutoFit.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Korpus.lnk - C:\Korpus\Korpus.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\KBC-Online for Business.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Lander Aernouts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D19020E056919C04096C3D76FBAEDC64 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E02091D-1965-40C9-90C6-D367BFEACD46} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D19020E056919C04096C3D76FBAEDC64 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup O4 - HKLM\..\Run: [IsaKbcCertUpdate] C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1C81R2QF05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1395342470&rver=6.4.6456.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2067&id=64855&mkt=nl-be&cbcxt=mai&snsc=1 --extensions-on-chrome-urls --test-type "--load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app\37.1329.3.6" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2939929581-2716270836-1952389377-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2939929581-2716270836-1952389377-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Inktwaarschuwingen controleren - HP Officejet Pro 8600 (netwerk).lnk = ? O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://cbc-pdf.cbc.be O15 - Trusted Zone: http://static.cbc.be O15 - Trusted Zone: http://www.cbccorporate.be O15 - Trusted Zone: http://www.csob.cz O15 - Trusted Zone: http://www.csob.sk O15 - Trusted Zone: http://www.isabel.be O15 - Trusted Zone: http://www.beta.isabel.be O15 - Trusted Zone: http://www.isabel.eu O15 - Trusted Zone: http://www.beta.isabel.eu O15 - Trusted Zone: http://kbc-pdf.kbc.be O15 - Trusted Zone: http://static.kbc.be O15 - Trusted Zone: http://www.kbcam.be O15 - Trusted Zone: http://www.kbcam.com O15 - Trusted Zone: http://wp-a.kbcbankingforbusiness.com O15 - Trusted Zone: http://www.kbcbankingforbusiness.com O15 - Trusted Zone: http://www.kbccorporates.com O15 - Trusted Zone: http://www.kbcfi.com O15 - Trusted Zone: http://wp-a.kbcmerchantbanking.com O15 - Trusted Zone: http://www.kbcmerchantbanking.com O15 - Trusted Zone: http://www.kh.hu O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM) O15 - Trusted Zone: http://static.cbc.be (HKLM) O15 - Trusted Zone: http://www.cbccorporate.be (HKLM) O15 - Trusted Zone: http://www.csob.cz (HKLM) O15 - Trusted Zone: http://www.csob.sk (HKLM) O15 - Trusted Zone: http://www.isabel.be (HKLM) O15 - Trusted Zone: http://www.beta.isabel.be (HKLM) O15 - Trusted Zone: http://www.isabel.eu (HKLM) O15 - Trusted Zone: http://www.beta.isabel.eu (HKLM) O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM) O15 - Trusted Zone: http://static.kbc.be (HKLM) O15 - Trusted Zone: http://www.kbcam.be (HKLM) O15 - Trusted Zone: http://www.kbcam.com (HKLM) O15 - Trusted Zone: http://wp-a.kbcbankingforbusiness.com (HKLM) O15 - Trusted Zone: http://www.kbcbankingforbusiness.com (HKLM) O15 - Trusted Zone: http://www.kbccorporates.com (HKLM) O15 - Trusted Zone: http://www.kbcfi.com (HKLM) O15 - Trusted Zone: http://wp-a.kbcmerchantbanking.com (HKLM) O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM) O15 - Trusted Zone: http://www.kh.hu (HKLM) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lander Aernouts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lander Aernouts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Lander Aernouts\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=26 folders=7 1353117902 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Lander Aernouts\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\LANDER~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 18/04/2015 at 21:33:16,39 ======================