Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by stefanie on ma 11/05/2015 at 17:36:53,58. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\stefanie\Desktop\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 11/05/2015 17:41:39 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\Users\stefanie\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe C:\Users\stefanie\Desktop\zoek(1).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565 user.js not found ---- Lines mystart removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "mystartsearch"); user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico"); user_pref("browser.search.searchengine.name", "mystartsearch"); user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=ds&ts=1431242864&z=e6a0c319f870b97597c35dfg6z3c1g4o1z3o3b2qbe&fro ---- Lines extensions.pd0XFZmAnKfOrAq2 removed from prefs.js ---- user_pref("extensions.pd0XFZmAnKfOrAq2.epoch", "1"); user_pref("extensions.pd0XFZmAnKfOrAq2.scode", "void(0);"); user_pref("extensions.pd0XFZmAnKfOrAq2.url", "http://yourappzzz.com/sync/?q=C6qUojwGrTCErHa6pjaFqTUHrTU5pjrEtMZPhd9FqdnHrHr6qHaFrdC7qTwHrTwEqShGheDUoj ---- Lines extensions.yLLoSmrw2B1U4iCv removed from prefs.js ---- user_pref("extensions.yLLoSmrw2B1U4iCv.epoch", "1"); user_pref("extensions.yLLoSmrw2B1U4iCv.scode", "void(0);"); user_pref("extensions.yLLoSmrw2B1U4iCv.url", "http://veterants.org/sync/?q=C6qUojwGrTCErHa6pjaFqTUHrTU5pjrEtMZPhd9FqdnHrHr6qHaFrdC7qTwHrTwEqShGheDUojw ---- FireFox user.js and prefs.js backups ---- prefs_20151105_1843_.backup ==== Batch Command(s) Run By Tool====================== C:\Windows\system32\appdata deleted ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\bestadblocker deleted C:\PROGRA~2\Ambient Aurea deleted C:\PROGRA~2\PriceMinus deleted C:\ProgramData\15317937129434912941 deleted C:\Users\stefanie\AppData\Roaming\Mipony deleted C:\Users\stefanie\AppData\Roaming\Rim.Desktop.Exception.log deleted C:\Users\stefanie\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted C:\Users\stefanie\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565\searchplugins\mystartsearch.xml deleted C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565\extensions\dQ9X@cn.edu deleted C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565\extensions\GbDHwy@w.com deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4078 MB CPU Info: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz CPU Speed: 2310,0 MHz Sound Card: Speaker/HP (Conexant SmartAudio | Display Adapters: NVIDIA GeForce 410M | NVIDIA GeForce 410M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 Wireless Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SN-208BB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Wheel Mouse Present Hard Disks: C: 226,3GB | F: 224,2GB | Q: 0,0MB Hard Disks - Free: C: 124,8GB | F: 220,2GB | Q: 0,0MB Manufacturer *: INSYDE BIOS Info: AT/AT COMPATIBLE | 11/17/11 | Sony - 20111117 Time Zone: Romance (standaardtijd) Motherboard *: Sony Corporation VAIO Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Emsisoft Anti-Malware On-access scanning disabled (Outdated) Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Emsisoft Anti-Malware disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Firefox 37.0.2 Internet Explorer Version: 11.0.9600.17728 Mozilla Firefox version: 37.0.2 (x86 nl) Adobe Reader version: 10.1.13.16 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) Flash Player version: 17.0.0.169 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-05-08 08:26:40 2169B4B1EFAA3453A4DA732F1F94C1E1 43112 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\stefanie\AppData\Local\Temp ==== 2015-05-06 06:26:45 93F43D0A481D6472A86A97FD1A554245 484960 ---ha-w- C:\Users\stefanie\AppData\Local\Temp\4200\temp\wpc_mystartsearch.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-05-11 03:02:53 4FB6465814FA57D4EC50932220983B1C 437336 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2015-05-08 08:26:47 9CA2FDD44F7C1F8AC1652F6C2638CFED 364472 ----a-w- C:\Windows\Sysnative\aswBoot.exe ====== C:\Windows\Sysnative\drivers ===== 2015-04-15 07:05:44 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-04-15 07:05:44 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-04-15 07:05:28 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-04-12 21:07:08 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype ======= C: ===== ====== C:\Users\stefanie\AppData\Roaming ====== 2015-05-10 07:08:09 CDEC972A8F2C52537EA2AF4ACB6DB66B 117792 ----a-w- C:\Users\stefanie\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\stefanie ====== 2015-05-10 18:21:19 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\stefanie\Downloads\RSITx64(1).exe 2015-04-12 21:07:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2015-05-10 07:25:28 8FAF108971598C59E152B2128ACD58D1 2358984 ----a-w- C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZPGQ1NX\Download.exe 2015-05-09 08:26:12 C73E5881FC9262E41D0C93AE99B1827F 5632080 ----a-w- C:\Users\stefanie\AppData\Local\NVIDIA\NvBackend\Packages\0000768a\DAO.19558264.exe 2015-05-08 12:32:44 2E3B2179DE4BC44BEED756AE4B3B8542 675256 ----a-w- C:\Users\stefanie\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-05-08 12:32:40 9CD064E9B289149158E9C07510DB752B 172984 ----a-w- C:\Users\stefanie\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-05-08 08:25:37 CEA213832D8ED9E2CACFEEB6D09B5600 451584 ----a-w- C:\Users\stefanie\AppData\Local\NVIDIA\NvBackend\Packages\0000767c\CoProc update.19556269.exe 2015-05-06 06:26:45 93F43D0A481D6472A86A97FD1A554245 484960 ---ha-w- C:\Users\stefanie\AppData\Local\Temp\4200\temp\wpc_mystartsearch.exe 2015-05-04 18:58:20 D1F9698C96BD79E6B697FED7292E33E3 36885984 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\a0bbf905-bdb2-46ba-8288-703ec0781ee6\GeForce_Experience_Update_v2.4.3.22.exe === C: other files == 2015-05-10 07:27:57 3778B57F5195B8102B53D498CA8366D3 144 ----a-w- C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4E3JTYF\2[1].zip 2015-05-10 07:27:35 33F9AB625C06D630369B1DC821B951E1 2076933 ----a-w- C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXVDUCH8\1[1].zip 2015-05-10 07:09:00 CE0B379A355AE63113C13764A0BA7508 274591 ----a-w- C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXVDUCH8\items_v1153[1].zip 2015-05-10 07:08:59 F77EF8FC6F675FE669D62907AE0E2911 256535 ----a-w- C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K9YNY21\nl[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1159067749-3342026126-2323833470-1001\Software\Microsoft\Windows\CurrentVersion\Run] "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Apoint"="%ProgramFiles%\Apoint\Apoint.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Elbserver] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Elbserver" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Sony\\Media Gallery\\ElbServer.exe /Stay" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISBMgr.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISBMgr.exe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Sony\\ISB Utility\\ISBMgr.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SkyDrive" "hkey"="HKCU" "command"="\"C:\\Users\\stefanie\\AppData\\Local\\Microsoft\\SkyDrive\\SkyDrive.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VRLPHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VRLPHelper" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Sony\\Media Gallery\\VRLPHelper.exe /Stay" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 14:44] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/03/2013 10:24] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/03/2013 10:24] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0B03EB33-269E-481C-90C7-3621A7F637C4}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\SONY\VAIO Gate\StartExecuteProxy" ["%programfiles%\Sony\VAIO Gate\ExecutionProxy.exe"] "C:\Windows\SysNative\tasks\SONY\VAIO Gate\VAIO Gate" [C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VAIO Care" ["%ProgramFiles%\Sony\VAIO Care\VCsystray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCOneClick" ["%ProgramFiles%\Sony\VAIO Care\VCOneClick.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader" [C:\Program Files\Sony\VAIO Improvement\viuploader.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation" [C:\Program Files\Sony\VAIO Improvement Validation\viv.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music stefanie" [C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start" [C:\Program Files\Sony\VAIO Smart Network\VSNClient] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update 5" ["C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565 user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006"); user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.defaultenginename", "Google (avast)"); user_pref("browser.search.selectedEngine", "Google (avast)"); user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sweetsearch@gmail.com"="C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565\extensions\sweetsearch@gmail.com" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565 CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\stefanie\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin 1919A4E982A86647F79ADD23B9AC3E11 - C:\Users\stefanie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash 1CDD28B47D8198F868349BDFBCD1281B - C:\Users\stefanie\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/04/2015 17:34] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {3F5DDB73-C158-4F21-8F84-8E183489B217} Zinio Url="http://services.zinio.com/search?s={searchTerms}&rf=sonyslices" {C19B24E8-0224-4CEB-A9F0-E9D9C3A045AD} eBay Url="http://rover.ebay.com/rover/1/1553-42507-16445-59/4?mpre=http://shop.benl.ebay.be/?oemInLn=ieSrch-Q311&_nkw={searchTerms}" {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\sweetsearch@gmail.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mipony Download Accelerator Packages deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Download met MiPony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\stefanie\AppData\Local\Mozilla\Firefox\Profiles\lwju0mub.default-1424937327565\cache2 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\wut3mccf.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5068 folders=1304 273026940 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\stefanie\AppData\Local\Temp will be emptied at reboot C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\stefanie\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 11/05/2015 at 20:56:50,03 ======================