Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Nino on vr 12/06/2015 at 10:04:46,05. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: G:\Bureaublad\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12/06/2015 10:07:12 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Common Files\Symantec Shared deleted successfully C:\Users\Nino\AppData\Roaming\MailWasherPro deleted successfully C:\Users\Nino\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Nino\AppData\Local\EmieSiteList deleted successfully C:\Users\Nino\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2469757143-1591298742-1055540553-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2787A152-D55A-4BDA-BBAA-F856C9D38C81} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2787A152-D55A-4BDA-BBAA-F856C9D38C81} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2787A152-D55A-4BDA-BBAA-F856C9D38C81} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Reader XI (11.0.10) - Nederlands Adobe Shockwave Player 11.6 Apowersoft Gratis Audiorecorder V2.1.7 Bonjour Canon IJ Scan Utility Canon MG3500 series MP Drivers Canon MG3500 series On-screen Manual Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu CCleaner Connected Music powered by Universal Music Group version 1.0 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Energy Star Facebook Video Calling 3.1.0.521 Fotogalerie Galerie de photos Gebruikersregistratie voor Canon MG3500 series Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.2.3 HP 3D DriveGuard HP Connected Music (Meridian - installer) HP Connected Remote HP CoolSense HP Customer Experience Enhancements HP Documentation HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client LastPass(alleen de‹nstalleren) Malwarebytes Anti-Malware versie 2.1.6.1022 Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Paragon Backup and RecoveryT 2014 Free Photo Common Photo Gallery Ralink RT5390R 802.11bgn Wi-Fi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader Revo Uninstaller 1.95 swMSM Synaptics Pointing Device Driver Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe G:\Bureaublad\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\syswow64\wwahost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Connected Music powered by Universal Music Group deleted C:\PROGRA~3\CyberlinkOutput.txt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Public\sdelevURL.tmp deleted "C:\Windows\Installer\18c9fe7.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3989 MB CPU Info: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz CPU Speed: 2424,4 MHz Sound Card: Luidsprekers / HP (IDT High Def | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVD A DS8A8SH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 87,5GB | D: 17,6GB | G: 244,1GB | T: 115,3GB Hard Disks - Free: C: 49,9GB | D: 2,2GB | G: 232,5GB | T: 76,0GB Manufacturer *: Insyde BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 1843 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17842 Google Chrome version: 43.0.2357.124 Adobe Reader version: 11.0.10.32 Shockwave Player version: 11.6.6r636 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Nino\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-06-10 05:30:12 BD7E7AC5639FFE7CDDAA5A3F7A05D4A7 2483712 ----a-w- C:\WINDOWS\SysWOW64\msftedit.dll 2015-06-10 05:30:10 7F78583D91D0FCA9678778F45328C99F 367104 ----a-w- C:\WINDOWS\SysWOW64\puiobj.dll 2015-06-10 05:30:02 02BE9F037101364A565D224194337B0C 207872 ----a-w- C:\WINDOWS\SysWOW64\rastapi.dll 2015-06-10 05:30:01 5027CAF4BFB31E4CD2918B2C2DFFC4CB 1920000 ----a-w- C:\WINDOWS\SysWOW64\mssrch.dll 2015-06-10 05:30:00 E9A91A0A589AED5328E30D8C7E59E5AE 2749952 ----a-w- C:\WINDOWS\SysWOW64\tquery.dll 2015-06-10 05:30:00 B95D112E19CFEC74692F7791ABBB03BE 391680 ----a-w- C:\WINDOWS\SysWOW64\mssph.dll 2015-06-10 05:30:00 8D4CEAEE747097A70342B80EA32E018D 710144 ----a-w- C:\WINDOWS\SysWOW64\SearchIndexer.exe 2015-06-10 05:29:59 50B6B1D4EFCB81298DE7F9415879C51B 699392 ----a-w- C:\WINDOWS\SysWOW64\mssvp.dll 2015-06-10 05:29:59 14B5D6506A366585F8D6B6097530F7F2 272896 ----a-w- C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2015-06-10 05:29:57 00ED6F8562702A00D8AEC9F70CA7DDFE 1018880 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-06-10 05:29:55 CF6502529F3819C984A26BBD83ED3C8E 180224 ----a-w- C:\WINDOWS\SysWOW64\authz.dll 2015-06-10 05:29:53 B0EDCA1168C874812A180EBCD1A43EB5 549888 ----a-w- C:\WINDOWS\SysWOW64\comctl32.dll 2015-06-10 05:29:38 33BC1A74FA72C3B0EE04A23FDE1045FC 158720 ----a-w- C:\WINDOWS\SysWOW64\rgb9rast.dll 2015-06-10 05:29:24 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-06-10 05:29:15 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-06-10 05:29:13 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-06-10 05:29:10 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-06-10 05:29:08 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-06-10 05:29:08 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\WINDOWS\SysWOW64\jscript9diag.dll 2015-06-10 05:29:08 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2015-06-10 05:29:04 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2015-06-10 05:29:03 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\WINDOWS\SysWOW64\html.iec 2015-06-10 05:29:03 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-06-10 05:29:02 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-06-10 05:29:01 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2015-06-10 05:29:01 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-06-10 05:29:01 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-06-10 05:29:00 AE8F02C9B1DC7364A94ABEB6E396611C 327168 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-06-10 05:29:00 3B850134010B7CCC546C29D51405C9DA 1042944 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll 2015-06-10 05:28:59 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2015-06-10 05:28:58 8AE1E22527BC203BAD89212F6D09F038 880128 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2015-06-10 05:28:58 7467B0605897898F8F32B4B9B9041F51 128000 ----a-w- C:\WINDOWS\SysWOW64\iepeers.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-06-10 05:30:12 3F8C7B8A4C345D0378AC79746E927158 3097600 ----a-w- C:\WINDOWS\Sysnative\msftedit.dll 2015-06-10 05:30:10 4DC765353D890B9813AC809C0EFF488A 477184 ----a-w- C:\WINDOWS\Sysnative\puiobj.dll 2015-06-10 05:30:10 4A5D524C19BEB337797D6448020025B4 1091072 ----a-w- C:\WINDOWS\Sysnative\localspl.dll 2015-06-10 05:30:09 9DF4C369F556A4FBAE7E1D86F1AA5593 309760 ----a-w- C:\WINDOWS\Sysnative\compstui.dll 2015-06-10 05:30:08 574F2184043FAF24B588BA12B3CC99CC 410336 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2015-06-10 05:30:06 16D44C27EE81892ED918DA21544665DC 1020928 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2015-06-10 05:30:05 F0CACB26E37A19A8049F7C4448ECC2F5 1119232 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2015-06-10 05:30:05 E87D4371B24BC9E5BAE95AEA60FFD959 193536 ----a-w- C:\WINDOWS\Sysnative\aepic.dll 2015-06-10 05:30:05 ACDA86BD8FE54376586173BD55F678F9 756736 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2015-06-10 05:30:05 2C14C7A76B728DF9F2A0425166FDEE8F 422912 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2015-06-10 05:30:05 009FD5658121B32791D55D0F34B63883 700416 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2015-06-10 05:30:04 FC504D3310BBDABA4449C598C3F8113B 45568 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-06-10 05:30:04 90BFB92CF2AB75A01BF40D22BD1670A8 227328 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2015-06-10 05:30:02 D044FD35EEC3BF683B963DE10A5E00C3 222208 ----a-w- C:\WINDOWS\Sysnative\rastapi.dll 2015-06-10 05:30:01 F2CBC74E403A4251279D0BA9D0ECFBDB 2551808 ----a-w- C:\WINDOWS\Sysnative\mssrch.dll 2015-06-10 05:30:01 279C2DB5C56A3674DCB98165E85237CF 3633664 ----a-w- C:\WINDOWS\Sysnative\tquery.dll 2015-06-10 05:30:00 F52C9F18BE8899CF503D7D40E62C47C3 903168 ----a-w- C:\WINDOWS\Sysnative\SearchIndexer.exe 2015-06-10 05:30:00 42FFA34D6A1ABBC6064E0D8A452039D3 774144 ----a-w- C:\WINDOWS\Sysnative\mssvp.dll 2015-06-10 05:30:00 3B8D14C7D33E3991090C726DD4CF7088 468480 ----a-w- C:\WINDOWS\Sysnative\mssph.dll 2015-06-10 05:29:59 98D0A8C3BF81774D76EAAB5977B69AB3 337408 ----a-w- C:\WINDOWS\Sysnative\SearchProtocolHost.exe 2015-06-10 05:29:59 62B3D51F60859F595317D7C3AEC5E5F2 248832 ----a-w- C:\WINDOWS\Sysnative\mssphtb.dll 2015-06-10 05:29:58 B0B46D29B9F34D19B819B48E208871A5 36864 ----a-w- C:\WINDOWS\Sysnative\UtcResources.dll 2015-06-10 05:29:58 3ECB752A6963B1CBC9AD65ED89C8ACED 1430528 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll 2015-06-10 05:29:57 3C03E08CBB76B7081173924C52D329EE 1249280 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll 2015-06-10 05:29:55 CD7DC91A7F84B4C81A06B511545DE867 275968 ----a-w- C:\WINDOWS\Sysnative\authz.dll 2015-06-10 05:29:53 0341BF7622E0D547446DB254868EF965 653824 ----a-w- C:\WINDOWS\Sysnative\comctl32.dll 2015-06-10 05:29:27 A29BAFC1543F9D2234AFFFEA9BCE76C8 24917504 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-06-10 05:29:17 CFA52E2FE8E623042A1EEF96EB1B9481 6026240 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-06-10 05:29:16 417F80E4AFBA1AA9EBBD618F1C6D9165 2426880 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-06-10 05:29:12 AE5A2843B4A2E1E558B9EE13EF62CCE5 14404096 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-06-10 05:29:10 6E295C7364DAEB151CC0E98434B6AC92 2885632 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-06-10 05:29:09 6ABFC5736EC920C4436F32111F5CBCEE 1545728 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-06-10 05:29:06 7B4A7D55E905ED9A0A4B1263BA7C6944 2865152 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll 2015-06-10 05:29:05 33B5F1A727FACDEA7CDA0E35FFAADDCF 584192 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-06-10 05:29:04 FF84182188CA8F0DC28CFED06C9B7816 2125824 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2015-06-10 05:29:03 2BC2D3A41BB755487FD55C09938F00BC 417792 ----a-w- C:\WINDOWS\Sysnative\html.iec 2015-06-10 05:29:03 083BCA14FCE290D682D8DAC9372CBF23 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-06-10 05:29:02 83781DF625A4448B39410D7FA2BDC48D 816640 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-06-10 05:29:02 7F8F9AE03D1BA4354671E05F07A40F1A 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2015-06-10 05:29:01 3854BFE1C0F14872C94501421CC40813 814080 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll 2015-06-10 05:29:00 86FDFEA67833DB261EC01A777594EDCF 316928 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2015-06-10 05:29:00 614604C8D322D0779E426917CAFE4F3E 262144 ----a-w- C:\WINDOWS\Sysnative\webcheck.dll 2015-06-10 05:28:59 ACD6FE6C82B93813F023FC01A51CB940 92160 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2015-06-10 05:28:59 9EFAF10AF9BFA6CDBDDE3D8C5EDC3453 145408 ----a-w- C:\WINDOWS\Sysnative\iepeers.dll 2015-06-10 05:28:59 35622F5A652C4E16774234DCA0026E74 633856 ----a-w- C:\WINDOWS\Sysnative\ieui.dll 2015-06-10 05:28:59 1E31F06BE53F11CF5E660284E68587AC 374272 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2015-06-10 05:28:58 11E5CD954CC38080471E7CC2CA1558AE 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2015-06-10 05:28:35 6CCC851608DD076C13E37737BB75A9DC 4177920 ----a-w- C:\WINDOWS\Sysnative\win32k.sys ====== C:\WINDOWS\Sysnative\drivers ===== 2015-06-10 05:29:56 44603DA5A87FB491EF59C889EBBB4DDB 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2015-05-15 05:46:08 FE14D249D39368CA62D8DA6BC94AC694 80384 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-05-15 05:46:02 95B0179BDA907252025DEEA183699FB3 467776 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2015-05-15 05:46:01 272A62B660A48AEF366F8A1836CED19F 57856 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthhfenum.sys 2015-05-15 05:45:32 C61EAF8E1E4B2F62BA4FDF457440B2C6 316416 ----a-w- C:\WINDOWS\Sysnative\drivers\udfs.sys 2015-05-15 05:45:30 C54B6B2170BF628FD42F799A66956D75 239424 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-05-15 05:45:30 95E295FD19F80B3AD33629B5AEFEC9C7 154432 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-06-08 10:59:55 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Nino\AppData\Roaming ====== 2015-06-05 18:35:54 -------- d-----w- C:\Users\Nino\AppData\Local\Deployment 2015-06-05 05:04:55 -------- d-----w- C:\Users\Nino\AppData\Local\GWX ====== C:\Users\Nino ====== 2015-06-08 18:00:50 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2015-06-06 13:27:34 -------- d-----r- C:\Users\Nino\SkyDrive ====== C: exe-files == 2015-06-10 05:30:00 F52C9F18BE8899CF503D7D40E62C47C3 903168 ----a-w- C:\Windows\System32\SearchIndexer.exe 2015-06-10 05:30:00 8D4CEAEE747097A70342B80EA32E018D 710144 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe 2015-06-10 05:29:59 98D0A8C3BF81774D76EAAB5977B69AB3 337408 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2015-06-10 05:29:59 14B5D6506A366585F8D6B6097530F7F2 272896 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe 2015-06-10 05:29:07 52956B4DD1899CB09BB50FB939F6E99D 490496 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-06-10 05:29:06 EDF367CD1545891C5D1758C1E07EA051 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-06-10 05:29:06 AE6F7122808C84ECA37CFF7B16C3A9C9 814256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-06-10 05:29:06 29874C10D7D0088CD8743EC8F5DABBE4 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-06-10 05:28:34 80E3FB97400D521F16D6B531B0D950BC 232424 ----a-w- C:\Windows\vpnplugins\juniper\JunosPulseVpn.exe 2015-06-10 05:23:37 74D7DFE507EA48737061EA8E990157E8 2212944 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E2D610AD-41BF-4659-A83C-C61ACD3CFE0F}\43.0.2357.124_43.0.2357.81_chrome_updater.exe 2015-06-10 05:23:37 74D7DFE507EA48737061EA8E990157E8 2212944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.124\43.0.2357.124_43.0.2357.81_chrome_updater.exe 2015-06-08 18:05:36 634D94E682D501285EFE9EEC505D8739 140856 ----a-w- C:\Windows\Temp\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_5a9d5387-c238-4b37-ad4e-9a07d4fd1263\hpdobject.exe 2015-06-08 18:05:21 4A2EC5639C9562E3B4EA517F8F95D2BF 29184 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDiscReminder_V2.exe 2015-06-08 18:05:21 1CB4CFEC665437714BE782EB881387B8 33592 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SystemRestoreCheck_V2.exe 2015-06-08 18:05:20 66FB3AA3F14E3D59567FEA3D22085321 28160 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_GuestAccount_V2.exe 2015-06-08 10:59:55 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Nino.exe 2015-06-06 13:27:34 732FDC044713EB9E6C320B655FC49658 5563840 ----a-w- C:\Users\Nino\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveSetup.exe 2015-06-06 13:27:34 23AE50BB7267E8739487B52B14479E84 238528 ----a-w- C:\Users\Nino\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe 2015-06-06 13:27:26 8401044538B17C4AF1A114FC9898B67C 74688 ----a-w- C:\Users\Nino\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveConfig.exe 2015-06-06 08:58:21 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\BE5EB00F-D9EB-4B38-8433-BA47F872BF38\DismHost.exe === C: other files == 2015-06-10 05:29:56 44603DA5A87FB491EF59C889EBBB4DDB 325464 -c--a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2015-06-10 05:28:35 6CCC851608DD076C13E37737BB75A9DC 4177920 ----a-w- C:\Windows\System32\win32k.sys 2015-06-06 13:27:25 40A379C64F2A1B473D8A5F8B760FC7C8 5843 ----a-w- C:\Users\Nino\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\CollectSkyDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2469757143-1591298742-1055540553-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" "Facebook Update"="C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "GoogleChromeAutoLaunch_42D6027BFDA84D9058D740EFEBEC1CEC"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" "Facebook Update"="C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "GoogleChromeAutoLaunch_42D6027BFDA84D9058D740EFEBEC1CEC"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-02-19 16:29:30 1314 ----a-w- C:\Users\Nino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2013-02-19 18:38:19 2114 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2469757143-1591298742-1055540553-1001Core.job --a-------- C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/08/2014 17:12] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2469757143-1591298742-1055540553-1001UA.job --a-------- C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/08/2014 17:12] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/02/2013 17:10] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/02/2013 17:10] C:\WINDOWS\tasks\HPCeeScheduleForNino.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 23:15] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [07/07/2014 20:21] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2469757143-1591298742-1055540553-1001Core" [C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2469757143-1591298742-1055540553-1001UA" [C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForNino" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\HPGenoobeReminder" ["C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe"] "C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{4C79D1A6-4A07-4EAD-ADF2-CF05E7F5E2EC}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hdokiejnpimakedhajhdlcegeplioahd - C:\Program Files (x86)\LastPass\lpchrome.crx[19/02/2013 20:45] Google Docs - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf LastPass - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd Chrome Hotword Shared Module - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Google Wallet - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Nino\AppData\Local\Google\Chrome\User Data\Default\Preferences .]www.imedi.ge,*":{"fullscreen":1},"[*.]www.iptv.ge,*":{"fullscreen":1},"[*.]www.palitratv.ge,*":{"fullscreen":1},"http://karaoke.ketnet.be:80,*":{"last_used":{"media-stream-camera":1432123236.922459,"media-stream-mic":1432123236.92237},"media-stream-camera":1,"media-stream-mic":1},"http://www.imovies.ge:80,http://dakalebi.ge:80":{"fullscreen":1},"http://www.imovies.ge:80,http://www.imovies.ge:80":{"fullscreen":1},"http://www.mshoblebi.ge:80,http://www.mshoblebi.ge:80":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://www.google.be:443,*":{"media-stream-mic":2}},"pref_version":1},"created_by_version":"36.0.1985.125","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13078528057258505","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","password_manager_enabled":false,"password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{},"selectfile":{"last_directory":"F:\\DCIM\\101MSDCF"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13050348715363701"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAfFoHiXLDfUyCmE9+6qrHEAAAAAACAAAAAAAQZgAAAAEAACAAAADcYEtx56Xzpt8dBqORyJnjxK0ZLiPen0Yv1vBQ0x4fdAAAAAAOgAAAAAIAACAAAADr9xR48Ah6LWQDrcDLkAPzFe6wQwdcgD+w5e+pjp0y+EAAAACmlMoHiW0GggV0WKOxhCFCzg2WMKgTtYSrQO7knBqruD1mq+DQMWPM3Y4hnpYF71slLHfqQOvfFf1iuvNy5gBKQAAAAHXZC/50rm+oPhdboRTvdLGXm04OHLgZE6pMf27aDcz2BqK8WDoyJZcuvzbMp50zjMrW3s06sVVe+eOKj+NLu2E=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054313756997197","has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAfFoHiXLDfUyCmE9+6qrHEAAAAAACAAAAAAAQZgAAAAEAACAAAAAERxJTd1wf43rdjuWPnkn4NVKqllzJGuBzA8meZjMPZAAAAAAOgAAAAAIAACAAAAAV95zQCq6eTkuUpnHx3i0BcExOW9YF3X7BDBvsE/Zw2lAAAAD+VUrvsvC6DIARzSiJPOWQ4zzqGA73F6DPK2F7nSH3o5VRthFCzraFE6tcWTkYuJd+nkMqPVLlIA4bjwZ0p9YK0K21bzV1msC7uMVfELUG6EAAAAC5z1iMXZqbj/dC+5A+uFJEi8PX2IL+V3QThaQHikNQPaqqvrALRm1XolcN6+uhC7TWRMEs1lQdBVYMC863QrsR","last_synced_time":"13078531535918893","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncdXNO8B/pWZuWuM2MXSRR3g==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":4},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"fr":0,"it":0,"ka":0,"ru":0,"und":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"de":36,"en":28,"fr":10,"it":2,"ka":749,"ru":119,"und":5},"translate_last_denied_time":1.413561e+12,"translate_too_often_denied":true,"translate_whitelists":{}} untime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13050437017538958","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072016692148394","last_active_pingday":"13053596399557451","last_launch_time":"13053603251181300","lastpingday":"13078479597491572","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"nbeladidze@gmail.com","username":"nbeladidze@gmail.com"}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"5466BAC171EEFB8652E13BFACF7AB45CEBDBE01AF0D7DA04371CF8CCFE33976B"},"default_search_provider":{"keyword":"BB5E8B7041A22A9F65115098821628353DC6D43333526877AFA4E13EC32736FD","name":"9C62608237025C97AFD81C01DC07AED8139AB71BF7E29E17FB8EEB605057DD6F","search_url":"930137E4762C96EFF7B3995A250211AFDF13F83FB430DAED5B7DC2C39111BBA5"},"default_search_provider_data":{"template_url_data":"64C6A3A8B6F07C5F1E7879880489712AF2CFBC89A6B50F7F5EF4B942E090B1EB"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"59FB259273EC36559E35993E10A48B22A2C42B4FF6A3929D801AA1B5D3EB1D37","aohghmighlieiainnegkcijnfilokake":"6DCB8E929C1BF28D5E96C30C5885BDAA5CF094C3D0344532470EC3EAEB14D613","apdfllckaahabafndbhieahigkjlhalf":"7117FEF7DB1A5B50EC8CC9C000E39315F9EA42F23E07B8D89AF544071FF61097","bepbmhgboaologfdajaanbcjmnhjmhfn":"99CD619C9B65EDD38E912992CD93AA3C693CBCF4C5E29AD7942E1694A2711F7D","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A70D1C6944B152B9F581364DBEB4C8F34D9AB879D80480E9FBCBBAFF5525121A","coobgpohoikkiipiblmjeljniedjpjpf":"BEF36C2A2A934BE95BFBC3610C0B4A91678A4AFD7AE985D1ABAB0AEA58DE459C","dnhpdliibojhegemfjheidglijccjfmc":"1AA8DE6D36837D5CD06D7BD418BD8BD9C90781B0B289A46777D940CB2F9C64CA","eemcgdkfndhakfknompkggombfjjjeno":"60845ECC9043F53473C32EDC340FD49213F2C8B56E4B920D4C4E2410C538F80C","ennkphjdgehloodpbhlhldgbnhmacadg":"5BD86BE0ECE4805E456CF6BB9D27F033A5807D1A7D8D4570449037F8CE5E6D81","gfdkimpbcpahaombhbimeihdjnejgicl":"0F3B2D8D2FBC117F7927262EE78C021999CDD983D74D2E194FA16710E5318958","hdokiejnpimakedhajhdlcegeplioahd":"4C92BD4E51F6AC0F51CD15C845AE5C2D98A486B0BB0FE05B56E6A7355211C003","ihjbpjahiibmjdlcgodcnmpelpmilamk":"5EDC5B62A98A843DA8C97599B77687F416EA4062BA5B3924FFA654DBE7CBA154","kmendfapggjehodndflmmgagdbamhnfd":"30FDFE67AE1C1C8482A08B223ADFC9E357B83FBD1D168A819832E8A1A142EB5B","lccekmodgklaepjeofjdjpbminllajkg":"0B0258EA8DD4A6B91AF208EAB3E0E81A1887DA7FAC7E5DC39322F3B878D613C8","mfehgcgbbipciphmccgaenjidiccnmng":"DBB2FB11D37175282EB647C8CCD10E2A4AD7598708CC111B7F60C4036BE95030","mfffpogegjflfpflabcdkioaeobkgjik":"CA58EA57F46BC56F667A8A56A43A933E17F251CD6637A918914B87AC9467F69C","mgndgikekgjfcpckkfioiadnlibdjbkf":"A9888BAB226B2B3EF66DE5E3578573A32F3BAF3034F00C3BD446202422BBF684","mhjfbmdgcfjbbpaeojofohoefgiehjai":"99F8E0A223E5C725A148DC038B750AB6615E34F21043689D97786B445636BC44","nbpagnldghgfoolbancepceaanlmhfmd":"6BE2A5A1CE7EB48B430B784BB4C860342587EFE0950714EA9AC40DB6FBCC3FE1","neajdppkdcdipfabeoofebfddakdcjhd":"BD09BA2EAF9B6101C02762A550E410024DFA037D60161215A0764E7F2028F00C","nkeimhogjdpnpccoofpliimaahmaaome":"51B2627A12E10056AB640CD481B34E94C0215E62B8A91CBFCF92DE17F3AA9550","nmmhkkegccagdldgiimedpiccmgmieda":"534265A62163EAEEF8500A790F34B790F1806550E16F080F00E7193791E3A326","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"DA776DCF07F41136DE54B82CDD75E90165D0E22EC4B169A442DD5ECF24B764C0","pjkljhegncpnkpknbcohdijeoejaedia":"8A342CA46C7F790F9C59AED5E4D97A70D0B5C84483BEF59ABF2A68AF85D8F28C"}},"google":{"services":{"last_username":"2DE1FD58A233A6DFF3BA2AD1BE09DEC1F3411C9CEC610BFE3C430B2DE019E492","username":"8A4F512D29038D19BDDBD88C95A918F178F3DACD876F5FF203E378AF44D33D37"}},"homepage":"6D59AC63DDB0403019C84BED907E461D7CE1CBD1585973F2FF468AC73769FBCF","homepage_is_newtabpage":"F3B643D52F5AFCDA45941C9872AC3D401F9A1186B62000EEBAFB7BD3C2D83D29","pinned_tabs":"E39CFB2B759B9D4DDC709265B60B9BC13C574393F6615A55574E648F0BFBD33D","prefs":{"preference_reset_time":"BF137BB0AD737464BD2BE1A1CC7A6DD968D5EBC6C1BA6A2323AE05B7C201FF86"},"profile":{"reset_prompt_memento":"A5842E04A813CDD1F44CB900297B27FBCAC69131E6E09FD62079C4C94E608A12"},"safebrowsing":{"incidents_sent":"A69FDF18FD2881B99F09780B6DA2B526DC72078847136D3BEF0ACEA122D01459"},"search_provider_overrides":"D44540577C7170E558CF53CF4630CE90BE6C9AA1B1F899F5880A4D70FF688B41","session":{"restore_on_startup":"87FD80742881D1859940F9C62C8C94291993F4780B5677A43B1ECC047DB57A9C","startup_urls":"5F0EA4FB8B78351743CD81DDDAB9B87B98CBCEF52411A7F923CB6435FAB09FD2"},"software_reporter":{"prompt_reason":"DC57103EA1ACDEDBEE24821138C6D69CA7BDF67DC1C74050879EF9A4D5104383","prompt_seed":"4F8EC194E4200D99F702DA477DA8DA48404F56C7B215FEF1414CECE91AC5F913","prompt_version":"75731109AE3C80511950230E53D0EBEF0FE399408AA55605F06086322B10E776"},"sync":{"remaining_rollback_tries":"97AACFBC2A32ED10A0FDCC2CEE49378FC885232841513258401B840D0035FEAC"}},"super_mac":"A0280B14E81993400467CC376BF9F39224D90FB3CD414E732FBD56B3C345B82B"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Nino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.be_0.localstorage deleted successfully C:\Users\Nino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shopping.de_0.localstorage deleted successfully C:\Users\Nino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Nino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\69A9FA1138D6B3C4D8BC61AEA253E8F3 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\69A9FA1138D6B3C4D8BC61AEA253E8F3 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nino\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_42D6027BFDA84D9058D740EFEBEC1CEC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: LastPass - file://C:\Users\Nino\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Users\Nino\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @oem19.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel(R) Rapid Storage Technologie (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Nino\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=56 folders=42 10917231 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Nino\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Nino\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 12/06/2015 at 10:24:24,44 ======================