Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Eigenaar on di 09/06/2015 at 13:33:42,33. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: c:\Users\Eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 9/06/2015 13:38:23 Zoek.exe System Restore Point Created Successfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\system32\wininit.exe C:\Windows\system32\lsass.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe C:\Windows\system32\Dwm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe C:\Windows\system32\IoctlSvc.exe C:\Program Files\SUPERAntiSpyware\SASCore.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe C:\Program Files\Windows Sidebar\update.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe C:\Windows\system32\conime.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\Users\Eigenaar\Downloads\zoek.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\XTab not found C:\ProgramData\WindowsMangerProtect not found C:\Program Files\Common Files\DVDVideoSoft deleted C:\ComboFix deleted C:\Qoobox deleted C:\32788R22FWJFW deleted C:\Users\Eigenaar\AppData\Roaming\SPlayer deleted C:\Program Files\Full Player deleted C:\ProgramData\UVK deleted C:\Program Files\UVK - Ultra Virus Killer deleted C:\Program Files\BCUninstaller deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2047 MB CPU Info: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz CPU Speed: 2396,3 MHz Sound Card: Luidsprekers (High Definition A | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Apparaat voor digitale uitvoer | Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH40F Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 285,1GB | E: 114,5GB Hard Disks - Free: C: 81,7GB | E: 75,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/10/08 | PacBel - 20080910 Time Zone: Romance (standaardtijd) Motherboard *: Packard Bell BV MCP73VT-PM Country: België Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Kaspersky Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Kaspersky Internet Security disabled Default Browser: Firefox 38.0.5 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 38.0.5 (x86 nl) Google Chrome version: 43.0.2357.81 Sun Java version: 1.8.0_45 (32-bit) Flash Player version: 17.0.0.169 Shockwave Player version: 12.1.8r158 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-06-08 07:46:08 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2015-06-08 07:46:08 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2015-06-08 07:46:08 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2015-06-08 07:46:08 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2015-06-08 07:46:08 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe ====== C:\Users\Eigenaar\AppData\Local\Temp ==== 2015-06-08 13:07:58 E33CD56F2F344658C6000821611BBBD7 1205168 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\dllnt_dump.dll 2015-05-29 14:52:27 46796958E27851FBB8C4CC3E4163F9C7 429816 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\~un0526b6723\u0528e7c27.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-06-08 13:03:51 204FBC5577EEF260B5FEA3326148CF4A 96352 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2015-05-30 06:09:25 05169E0F72370D5C723C60555D9D9370 280 ----a-w- C:\Windows\System32\PDBootState ====== C:\Windows\system32\drivers ===== 2015-06-08 13:07:58 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-06-08 13:04:02 -------- d-----w- C:\Program Files\Common Files\Java 2015-06-08 12:58:46 -------- d-----w- C:\Program Files\Java 2015-05-29 14:57:59 -------- d-----w- C:\Program Files\Common Files\Raxco 2015-05-29 14:55:21 -------- d-----w- C:\Program Files\Raxco 2015-05-28 11:15:05 -------- d-----w- C:\Program Files\TomTom International B.V 2015-05-28 11:14:26 -------- d-----w- C:\Program Files\MyDrive Connect ======= C: ===== 2015-05-17 12:02:15 E5FE66800307BDD5A445ED20624167BC 3273038 ----a-w- C:\Andre Hazes - Zeg Maar Niets Meer‏.mp3 ====== C:\Users\Eigenaar\AppData\Roaming ====== 2015-06-09 10:55:50 -------- d-----w- C:\Users\Eigenaar\AppData\Local\CrashDumps 2015-06-08 13:03:54 -------- d-----w- C:\Users\Eigenaar\AppData\Locallow\Oracle 2015-06-08 12:57:14 -------- d-----w- C:\Users\Eigenaar\AppData\Locallow\Sun 2015-05-28 11:15:11 -------- d-----w- C:\Users\Eigenaar\AppData\Local\TomTom ====== C:\Users\Eigenaar ====== 2015-06-08 13:07:53 -------- d-----w- C:\ProgramData\RogueKiller 2015-06-08 13:04:04 -------- d-----w- C:\ProgramData\Sun 2015-06-08 13:02:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-06-08 12:59:01 -------- d-----w- C:\ProgramData\Oracle 2015-06-08 12:30:41 -------- d-----w- C:\ProgramData\SUPERSetup 2015-06-08 07:06:53 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Eigenaar\Downloads\RSIT.exe 2015-06-06 17:22:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Player 2015-06-06 17:19:51 9BFEF17A5350558C85D071DFEAD922FF 15326844 ----a-w- C:\Users\Eigenaar\Downloads\full_player.exe 2015-06-02 16:14:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer 2015-06-02 16:01:44 A21F48C70262BD4417CC9F51FE92FC9E 5198848 ----a-w- C:\Users\Eigenaar\Downloads\UVKSetup.exe 2015-05-29 14:58:00 -------- d-----w- C:\ProgramData\Raxco 2015-05-28 11:51:48 2AD2370FDC85C58E90147B1F28F269C4 23308160 ----a-w- C:\Users\Eigenaar\Downloads\InstallMyDriveConnect.exe 2015-05-28 11:50:32 2AD2370FDC85C58E90147B1F28F269C4 23308160 ----a-w- C:\Users\Eigenaar\Downloads\InstallMyDriveConnect(2).exe 2015-05-28 11:41:12 2AD2370FDC85C58E90147B1F28F269C4 23308160 ----a-w- C:\Users\Eigenaar\Downloads\InstallMyDriveConnect(1).exe 2015-05-28 11:15:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2015-05-16 11:23:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ====== C: exe-files == 2015-06-08 13:07:41 73273B82C3CF1B3D662F3D0F62EE7A09 17637624 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSYJ9O05\RogueKiller[1].exe 2015-06-08 13:02:53 EED888394AC81A663F12C6EC43AB2838 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-06-08 13:02:53 4586CD8F1C929EF184098A22FE31A857 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-06-08 13:02:53 1E2E159D0621A466CFA7CE06E4DA9CAE 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-06-08 13:02:11 FF589C55E0CB6A0A1BD9570217BB1A42 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\tnameserv.exe 2015-06-08 13:02:11 C57CA849D13177E1F43CFEF51374F1EE 159328 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\unpack200.exe 2015-06-08 13:02:10 B66ED84383EA6C6218CA47BC49C15615 50784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\ssvagent.exe 2015-06-08 13:02:08 2682BB5D60C30DCB5A2BC414D01D6764 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\rmiregistry.exe 2015-06-08 13:02:08 134D4B0A753808F8F8645DCF3FA00173 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\servertool.exe 2015-06-08 13:02:07 5DF39BE82C777B7EDAD34E3A7A7EADB7 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\rmid.exe 2015-06-08 13:02:06 A1A1BC927541346D840BBB511F557848 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\policytool.exe 2015-06-08 13:02:05 FD8978875A992C876AF430B35DF9CFA7 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\pack200.exe 2015-06-08 13:02:04 1F29E31C6B9A487FF32006C4E223BA4F 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\orbd.exe 2015-06-08 13:02:02 D3DA34876B7F6D06D26D29CA77BD25A2 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\ktab.exe 2015-06-08 13:02:01 98903A3C01AA820E7FCC19A0A60126C0 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\klist.exe 2015-06-08 13:02:01 4EA6A4DD2EB584C4C2BF39A9A7D0D580 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\keytool.exe 2015-06-08 13:02:01 3C0A1F0D13A8998E9A1825A853FF3B39 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\kinit.exe 2015-06-08 13:01:59 1CCD26E1E9FC582ABAA5D5FD1FA47A6B 76384 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jp2launcher.exe 2015-06-08 13:01:57 CF683290B3369A1491A5B8B4D19F79B3 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jjs.exe 2015-06-08 13:01:47 EED888394AC81A663F12C6EC43AB2838 191072 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe 2015-06-08 13:01:47 4586CD8F1C929EF184098A22FE31A857 271968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe 2015-06-08 13:01:45 EF66D96BC42BCE52686A7635AB11D8DD 68192 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe 2015-06-08 13:01:44 1E2E159D0621A466CFA7CE06E4DA9CAE 190560 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\java.exe 2015-06-08 13:01:43 F16868F20E4701142FAEF8C9FA847D27 30304 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jabswitch.exe 2015-06-08 13:01:43 88FFC43B0E3BB3E30F70CB7B08D499B4 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\java-rmi.exe 2015-06-08 12:56:32 FDE2F9FE7B6E7B43C7E1E485946F096B 37328992 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QTWKYDU\jre-8u45-windows-i586[1].exe 2015-06-08 12:56:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97C7XGH0\jre-8u45-windows-i586[1].exe 2015-06-08 12:46:41 C6D64BBC4092741B4958D4D5EE2D3059 879616 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V74DPAKH\avast-browser-cleanup[1].exe 2015-06-08 12:31:08 D56605A4F5CE2DBEBA1540304827B394 2231296 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V74DPAKH\adwcleaner_4.206[1].exe 2015-06-08 12:30:35 75BBA8059A3786D0BB9087202DFEC823 22061992 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V74DPAKH\SUPERAntiSpyware[1].exe 2015-06-06 17:22:14 37E3B851DFC881424F4D80C452D11685 69632 ----a-w- C:\Program Files\Windows Sidebar\update.exe === C: other files == 2015-06-08 13:07:58 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys 2015-06-08 13:02:14 5DDC15149346900F16B38C65502BACA9 14130 ----a-w- C:\Program Files\Java\jre1.8.0_45\lib\deploy\ffjcext.zip 2015-06-08 04:21:18 0C0558C776ECDC2C99DB8483B6D8B140 51149 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V74DPAKH\UAKdb2[2].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-99750587-4078008973-3465543785-1000\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "uTorrent"="C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "MyDriveConnect.exe"="C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe" "qwupdate"="C:\Program Files\Windows Sidebar\update.exe" [HKEY_USERS\S-1-5-21-99750587-4078008973-3465543785-1002\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "ContentTransferWMDetector.exe"="C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "uTorrent"="C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "MyDriveConnect.exe"="C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe" "qwupdate"="C:\Program Files\Windows Sidebar\update.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 14:11] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\UnHackMe Task Scheduler" [C:\Program Files\UnHackMe\hackmon.exe] "C:\Windows\system32\tasks\Abelssoft\CheckDriveBackgroundGuard" [C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02/02/2015 18:09] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677 - Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com - Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com - Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com - Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com - Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677 52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 08ACECEB47FAF053C468D8AFE44709AD - C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 073A22FDCDAFD513DAD0D972BD2DF76E - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll - Silverlight Plug-In 57686DF728BE5FE43A05B265051D1935 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll - Plugins PDK CA808688B28D12B368F9A511FC5E3697 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45 B28862688B70415A3C0C5DCC8B242388 - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.15 F4C5E12008B713FE1B2F2A5990F00A43 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director E2B92179DA6F4CF6EC3778D2802C960F - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll - Plugins PDK 4BA14D74164EC27A9A97663D7D9755A1 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll - Plugins PDK 9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash 6D23BB87BCF88731959BF79082D442E6 - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] Google Slides - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky Protection - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Google Sheets - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap IMG inspector - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpogobkggapdhmfnamfnhmchcbmehokb Google Wallet - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe" O4 - HKCU\..\Run: [qwupdate] C:\Program Files\Windows Sidebar\update.exe O4 - HKUS\S-1-5-21-99750587-4078008973-3465543785-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - HKUS\S-1-5-21-99750587-4078008973-3465543785-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm O9 - Extra button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Kaspersky Anti-Virus-service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCore.exe ==== Empty IE Cache ====================== C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Eigenaar\AppData\Local\Mozilla\Firefox\Profiles\cxtrx0rh.default-1424613678677\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=517 folders=35 431391640 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eigenaar\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on di 09/06/2015 at 14:26:42,75 ======================