Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by michael on wo 29/07/2015 at 16:47:43,45. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\michael\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 29/07/2015 16:53:11 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\michael\AppData\Roaming\ap_logs deleted successfully C:\Users\michael\AppData\Local\Adobe deleted successfully C:\Users\michael\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\michael\AppData\Local\EmieSiteList deleted successfully C:\Users\michael\AppData\Local\EmieUserList deleted successfully C:\Users\michael\AppData\Local\StormFall deleted successfully C:\Users\michael\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3814909378-1468106111-2737820274-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C71790D-78AF-461C-8C9F-862D3936C1D3} deleted successfully HKEY_USERS\S-1-5-21-3814909378-1468106111-2737820274-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3C76030-3866-4CA7-9C14-5C29C286F7B} deleted successfully HKEY_USERS\S-1-5-21-3814909378-1468106111-2737820274-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8157D8E-FE99-4210-A74C-373512C830A4} deleted successfully HKEY_USERS\S-1-5-21-3814909378-1468106111-2737820274-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8E20012-E27A-4419-98BA-7BBAF3E09643} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ACP Application Adobe Flash Player 18 NPAPI AMD Accelerated Video Transcoding AMD Catalyst Control Center AMD Catalyst Install Manager AMD Fuel AMD Quick Stream Ashampoo AppLauncher (Medion) v.1.0.0 Avast Free Antivirus BitTorrent Brother MFL-Pro Suite MFC-J470DW Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Classic Shell CyberLink Home Cinema 10 CyberLink LabelPrint 2.5 CyberLink PhotoDirector 4 CyberLink Power2Go 8 CyberLink PowerDirector 11 CyberLink PowerDVD 12 CyberLink PowerDVD Copy 1.5 CyberLink PowerRecover D3DX10 Fotogalerie Fotogalerija Fotogalleri Fotogalleriet Fotograf Galerisi Fot˘t r Galeria de Fotografias Galerˇa de fotos Galeria fotografii Galerie de photos Google Chrome Google Earth Google Update Helper Java 7 Update 71 Java Auto Updater LibreOffice 4.2.5.2 Microsoft Application Error Reporting Microsoft Office Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Movie Maker Mozilla Firefox 36.0.1 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP3 Parser Nuance PaperPort 12 Nuance PDF Viewer Plus PaperPort Image Printer 64-bit Photo Common Photo Gallery Podstawowe programy Windows Live Police Force 2 Raccolta foto RAR File Open Knife - Free Opener Realtek Ethernet Controller Driver Realtek High Definition Audio Driver S?????? f?t???af??? Scansoft PDF Professional Skype Click to Call SkypeT 7.6 Speccy System Requirements Lab CYRI TapinRadio 1.60.1 Unity Web Player Valokuvavalikoima VLC media player 2.1.3 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Liven peruspaketti ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\michael\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\michael\Downloads\zoek.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\FLEXnet\Connect\11\agent.exe C:\windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Raptr deleted C:\Users\michael\AppData\Local\nsd20B2.tmp deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk deleted C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-3814909378-1468106111-2737820274-1002 deleted C:\Users\michael\Downloads\SoftonicDownloader_for_tapin-radio.exe deleted C:\Users\michael\Downloads\SoftonicDownloader_voor_rar-file-open-knife.exe deleted C:\windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb deleted C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\2al3hpkd.default\extensions\bingsearch.full@microsoft.com deleted "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dll" deleted "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dll" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3949 MB CPU Info: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G CPU Speed: 3518,1 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: AMD Radeon(TM) R7 Graphics | AMD Radeon(TM) R7 Graphics | AMD Radeon(TM) R7 Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1360 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW SH-216DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 1801,3GB | D: 60,0GB Hard Disks - Free: C: 1674,9GB | D: 43,6GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | D3EW08 - 64 Time Zone: Romance (standaardtijd) Motherboard *: MEDION D3F3-EM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 44.0.2403.107 Internet Explorer Version: 11.0.9600.17905 Mozilla Firefox version: 36.0.1 (x86 nl) Google Chrome version: 44.0.2403.107 Sun Java version: 1.7.0_71 (32-bit) Flash Player version: 18.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2015-07-20 17:57:28 B8D7EE225189671CE978E420D568AE99 43112 ----a-w- C:\windows\avastSS.scr ====== C:\Users\michael\AppData\Local\Temp ==== 2015-07-26 13:29:53 AAA7F96D22168F5FC1F4DC7DD182843F 2109000 ----a-w- C:\Users\michael\AppData\Local\Temp\Low\UnityWebPlayer\temp\d790778e6b02f24a815faa193f8df791\mono-1-vc.dll 2015-07-26 13:29:53 33FFD00503B206260B0C273BAF7E122E 8319048 ----a-w- C:\Users\michael\AppData\Local\Temp\Low\UnityWebPlayer\temp\d790778e6b02f24a815faa193f8df791\webplayer_win.dll ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2015-07-20 17:52:57 EFAEF87C3500B146CBD620EDD815B75D 301056 ----a-w- C:\windows\SysWOW64\atmfd.dll 2015-07-20 17:52:57 48814EF371C4C7A5AE6DAAEA63E6F614 35840 ----a-w- C:\windows\SysWOW64\atmlib.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2015-07-20 17:58:05 C2786FB961963DB8579522F71B50C4DF 378880 ----a-w- C:\windows\Sysnative\aswBoot.exe 2015-07-20 17:52:57 EE451A7551CE545D07CED5710ABA9204 358912 ----a-w- C:\windows\Sysnative\atmfd.dll 2015-07-20 17:52:57 A6880A81F2C8C403683B45AF5825D4A0 44032 ----a-w- C:\windows\Sysnative\atmlib.dll ====== C:\windows\Sysnative\drivers ===== 2015-07-20 17:58:16 531ABFAFAE0AFA2F3E9BBB2C08477ED1 115152 ----a-w- C:\windows\Sysnative\drivers\ngvss.sys 2015-07-14 18:05:07 5917AFE4A3F695A54B99C1849C8207FE 59712 -c--a-w- C:\windows\Sysnative\drivers\kbdclass.sys 2015-07-14 18:05:07 49EE0AE9E5B64FFBBD06D55C4984B598 108544 -c--a-w- C:\windows\Sysnative\drivers\i8042prt.sys 2015-07-14 18:05:06 8CD840A062F6BDF41DDE3ACB96164B72 32256 -c--a-w- C:\windows\Sysnative\drivers\kbdhid.sys 2015-07-14 18:05:06 5FCBAB60598AE119E02B4C27DE6B99EA 30208 -c--a-w- C:\windows\Sysnative\drivers\mouhid.sys 2015-07-14 18:05:06 148195AE95D9BC7375A08846439FDAC1 26112 -c--a-w- C:\windows\Sysnative\drivers\sermouse.sys 2015-07-14 18:05:06 08374E4E5B8914DE6067CBA99F61E930 51008 -c--a-w- C:\windows\Sysnative\drivers\mouclass.sys 2015-07-14 18:04:56 0CC00ADC1B84C93FB46E1A0974E956E1 1201664 -c--a-w- C:\windows\Sysnative\drivers\bthport.sys 2015-07-14 18:04:55 312BB35275EB15145F4B6D1FFCE56C50 20992 ----a-w- C:\windows\Sysnative\drivers\usb8023.sys 2015-07-14 18:04:33 BCBD64220AD85C26823453FF1DC3EFBD 284672 ----a-w- C:\windows\Sysnative\drivers\mrxsmb10.sys 2015-07-14 18:04:33 6FBDF2B1B025A8E6E069234362FFFFB7 401408 ----a-w- C:\windows\Sysnative\drivers\mrxsmb.sys 2015-07-14 18:04:33 57C2473D501331211D6885FD59F3E44B 202240 ----a-w- C:\windows\Sysnative\drivers\mrxsmb20.sys 2015-07-14 18:04:32 46711F40D0F9E63F786ED23F9BD5215E 178008 ----a-w- C:\windows\Sysnative\drivers\ksecpkg.sys ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-07-28 19:44:35 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\michael\AppData\Roaming ====== ====== C:\Users\michael ====== 2015-07-28 19:43:59 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\michael\Downloads\RSITx64.exe 2015-07-23 20:33:08 2D07A92C72ED5077A933EC9BF395F4D2 71907561 ----a-w- C:\Users\michael\Downloads\RCT2_Demo.exe ====== C: exe-files == 2015-07-28 19:44:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\michael.exe 2015-07-28 19:43:59 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\michael\Downloads\RSITx64.exe 2015-07-26 21:29:20 D0244BE59F281B3EE991E689D85FB024 1070160 ----a-w- C:\Program Files (x86)\Google\Update\Install\{0057FFE3-65B9-4CF2-A6C7-4FBF430C23F0}\44.0.2403.107_44.0.2403.89_chrome_updater.exe 2015-07-26 21:29:20 D0244BE59F281B3EE991E689D85FB024 1070160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.107\44.0.2403.107_44.0.2403.89_chrome_updater.exe 2015-07-23 20:33:08 2D07A92C72ED5077A933EC9BF395F4D2 71907561 ----a-w- C:\Users\michael\Downloads\RCT2_Demo.exe 2015-07-22 23:29:12 AC592E12D89AB7E534699F4019ED1C9C 7331408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{D850E719-C462-4AA8-81D3-FC3AA6B61ED4}\44.0.2403.89_43.0.2357.134_chrome_updater.exe === C: other files == 2015-07-26 22:13:12 3A75170D2FC751D596A6BAD6E6EB965C 288 ----a-w- C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\Low\IE\JC148HOW\applet_detect_unity[1].vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3814909378-1468106111-2737820274-1002\Software\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Users\michael\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "AppEx Accelerator UI"="C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "BingSvc"="C:\Users\michael\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Viber"="C:\Users\michael\AppData\Local\Viber\Viber.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "PowerDVD12Agent"="C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" "PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" "PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" "PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" "ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Users\michael\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "AppEx Accelerator UI"="C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "BingSvc"="C:\Users\michael\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Viber"="C:\Users\michael\AppData\Local\Viber\Viber.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/07/2015 20:24] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/06/2014 13:54] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/06/2014 13:54] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{8F167091-F31E-445D-8598-157B3F1C27AD}" [C:\windows\system32\msfeedssync.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\2al3hpkd.default user_pref("browser.startup.homepage", "http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be"); user_pref("browser.search.selectedEngine", "Bing "); user_pref("keyword.URL", "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [20/07/2015 19:58] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "MFVersion"="MF36.0.1 (x86 nl)" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\2al3hpkd.default FD82108FD60B63010325D9AF6F00AF99 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll - Shockwave Flash EF3CA2A515FEC970E22D2C424A42401E - C:\Users\michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.107 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/07/2015 19:56] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] Google Docs - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf MSN Homepage Bing Search Engine - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd Unlimited Free VPN - Hola - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio Chrome Web Store Payments - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Preferences ","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13047593430523237","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Web","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072050332583999","lastpingday":"13082540391010071","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"nl","default_locale":"en","description":"Een snelle, doorzoekbare e-mailfunctie met minder spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"capuchonjongen@gmail.com","last_username":"capuchon.jongen@gmail.com"}},"homepage":"http://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M6D3DD9AC-F603-4D95-80FB-817A35102EB5&SearchSource=55&CUI=&UM=2&UP=SP8297C3CC-C5DF-425C-B072-BD5B97C750AA&SSPV=","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"68E8FF8E3C5695999DE0DCFE0A1A321CDDF3A7945EC83BB1394BA0CF9D8B5343"},"default_search_provider":{"keyword":"D31AF0307937A59A39E67EE28966CE5473F82A0C0BBA68EF4DA006D14A703A94","name":"5CF55A461FA1E0CA86640771CA80926552AF87164B8BE2E0561A9DF2246F95CC","search_url":"F4A213CDF8F82949588C7A2FAEE7013F9FCA182A22A42A136FF51D29A6B15CC0"},"default_search_provider_data":{"template_url_data":"1DD39EAFD5F1AA5320EA9DC83601C9E48D965C8D6EEF952BE87E19851EDA4581"},"extensions":{"settings":{"aaaaaiabcopkplhgaedhbloeejhhankf":"A64BB0C21692E5A6A23E8A78D21856ABC654FC9310EDBED4F58A751A13A6623C","ahfgeienlihckogmohjhadlkjgocpleb":"25065F35F2922DB167293000874145722EC4DBF30D2D6E42CA428B2EA8A63857","aohghmighlieiainnegkcijnfilokake":"C693A95EE48CD89CEE7BE258CC23E052D00828A83B9CB1E16EA2C18E95AB4583","apdfllckaahabafndbhieahigkjlhalf":"42B999EE4ED3E7156FDC90CC380A490484B567CC8B750975DE484B50C08B4092","bepbmhgboaologfdajaanbcjmnhjmhfn":"7E52EFD16A17899E5B960712462B12A30EF3CEE8752FF13BE09975F1C7CDA18E","blpcfgokakmgnkcojhhkbfbldkacnbeo":"73558563E57591BA592DFD1C9D555645E860911E4CFE06E1971DA59DFA8F355F","cfhdojbkjhnklbpkdaibdccddilifddb":"40C8C2F46DC2494DB530AE5F97138E237638D5F9247AC7548A50B0FBA317E761","coobgpohoikkiipiblmjeljniedjpjpf":"6769BE7E76D057D09CE098318FAB79FBC250348BCD939483863C47B8A987FFF5","eemcgdkfndhakfknompkggombfjjjeno":"7A8A7FF0CE9BB6ECEF8715F17710DB49656B473013E78CB4F07647C83C7D3A05","ennkphjdgehloodpbhlhldgbnhmacadg":"14CF2262B6E05ED3A1A5475D2FEB8B64258877FDB3C93DDEC8E5B8B791E33E5B","fcfenmboojpjinhpgggodefccipikbpd":"F4B85D5A1826824C523759D0AEB1E3A20273ABE0597588EC654E64A71CF74DDB","gfdkimpbcpahaombhbimeihdjnejgicl":"D3AE40E7D0BED11DFC766AA2ECAA76CFE3DD40C34FE37C0B0F30A60EC9A8885E","gkojfkhlekighikafcpjkiklfbnlmeio":"95E173DEFFE4D3B54EBADA3ACC8C955F9068108BA6977EA708872B9D0DB397F9","gomekmidlodglbbmalcneegieacbdmki":"8600F5B5DA324F5DCE879FF0525D7A78371767125251E60560579110D7B848FD","kmendfapggjehodndflmmgagdbamhnfd":"2FAEFE1814439A03489155D8B7B382F17458B0296C3349DE342065F245E0E1BA","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"D877A6644F32AA280B39F305FD97D663725D310DF6327CB185217EFF9A3C8B62","mfehgcgbbipciphmccgaenjidiccnmng":"AE3AF7BB3EDBB4D5118B6CED96B56B3B179C124C8A5347DC82C167756FA0C758","mfffpogegjflfpflabcdkioaeobkgjik":"C590D06430F76A62E8B85F5A6CC2A438BFA04188DBD718958F1A52AFD625E674","mgndgikekgjfcpckkfioiadnlibdjbkf":"51C2EF05E3D3E1BE214B14001703C0687B0A8BA035B29242DF1FC33F1489C6A1","mhjfbmdgcfjbbpaeojofohoefgiehjai":"079A2FCB5EE13082F680DD70BB9004FD2C31982062F5C6B30B91F72D56F82877","neajdppkdcdipfabeoofebfddakdcjhd":"78860D6D46343660D016F480232B9B1E9047397E4FC261F412275FEFE735F440","nkeimhogjdpnpccoofpliimaahmaaome":"371389355F7F077792B595AFBDB2F5B4FF6A4120D349849E7DFD38A34B4268D5","nmmhkkegccagdldgiimedpiccmgmieda":"856C0789C534D6A50466370A044345FBADEF7432CE6F5E90BF6DD6981CCBF5C8","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"31A452BE6D405E42C82BD0ED8673CC9EA8D152559E81AE162D3302B1B6033E55","pjkljhegncpnkpknbcohdijeoejaedia":"55E8D98FD88F0C55AA5D8D21595156FCCD99E485D01AA626EE06359451AA82FD"}},"google":{"services":{"account_id":"4FC87E6FD931D71FD36D491D768D4B46F4992AD33CEAECE298F248B09FA8461F","last_username":"56983F015D3405B36E70B1CF24C881C3C1DCC413FF2607E36C7326C363FC6A29","username":"D8E285C7FEB89F90F38856FAA3CA102739D3E1B4779F24F95F83F33EB391D6CC"}},"homepage":"39140572B578766F48BBCE0782667E2B420AC089F4154CC1D0D0B40E69E5CF13","homepage_is_newtabpage":"B1D63BF949225F8CF270D774260DB6D01F201695544770EE2EBA7DCCFD75B672","pinned_tabs":"2A96A0C08A874CBCB1026F34095A1FDBA7CDF7613E1AA15C51F7BF5F8CBB925F","prefs":{"preference_reset_time":"8D04902A02A1C67639BF5871E231C486B28CC1B42B96CDFE7E829EFB705E2F53"},"profile":{"reset_prompt_memento":"17C36EE115E9ED7E312D1F1A7216BC585FA56579921C1B74AEBAECF0AFFF427B"},"safebrowsing":{"incidents_sent":"0B32A2863E9537215EB734B3EC77B7BFB75BF4B776E3FC022D1A433B78B38094"},"search_provider_overrides":"FD13306E177E5D7E6FBE2C18C0E2A811575F52423064E891C033FBA8EBF5A87A","session":{"restore_on_startup":"9186EF7A14AAC6B56012F51689FB046EA43CD5F89D7A38C75191FFC93AC9D49D","startup_urls":"F4AC53254E6FC77465007821502417D2E6FD2F56C964F885DE134290FE93F1A6"},"software_reporter":{"prompt_reason":"E8AE4979ED4E6EDE0C4679FA222A8335EDB0643316D143C4F253F00FD148FC2F","prompt_seed":"C9833156C662DC2A086D852F2F55A90E78BE2D101A93BD0C58C10268541B14E8","prompt_version":"7C37E62160211C33CE8186DE169EB4549B9818617BE1B6C1F8C8F8CE1B057A45"},"sync":{"remaining_rollback_tries":"7DAA95861D9B1368ADE852DB6449DADC879CDD6D6ED20BB9531864D7EEB5C430"}},"super_mac":"812B72731798715A766D56B41E2264DDB75991AC9DC2FD94FF9ADCB5915C8A83"},"session":{"restore_on_startup":4,"startup_urls":["http://www.msn.com/?pc=AV01"]},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.auchanservices.fr_0.localstorage deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.auchanservices.fr_0.localstorage-journal deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rar-file-open-knife.nl.softonic.com_0.localstorage deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rar-file-open-knife.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_winrar.nl.softonic.com_0.localstorage deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_winrar.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {56F5A135-703D-462C-9317-77F1CAC044C7} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [BitTorrent] "C:\Users\michael\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [BingSvc] C:\Users\michael\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [Viber] "C:\Users\michael\AppData\Local\Viber\Viber.exe" O8 - Extra context menu item: Openen in PDF Viewer Plus - res://C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{BD153919-286D-4DD7-9006-22D3EBC3FCA2}: NameServer = 185.37.37.37,185.37.37.185 O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: ACP User Service (amdacpusrsvc) - Unknown owner - C:\AMD\amdacpusrsvc.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\Low\IE\RG97P57E will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\michael\AppData\Local\Mozilla\Firefox\Profiles\2al3hpkd.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=64 folders=39 1895500 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\michael\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\michael\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dllsearch" not found "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dllsearch" not found "C:\Users\michael\AppData\Local\Microsoft\Windows\INetCache\Low\IE\RG97P57E" not found "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 29/07/2015 at 18:07:12,89 ======================