Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Elke on ma 10/08/2015 at 10:34:36,06. Microsoft Windows 7 Ultimate 6.1.7600 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Elke\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 10/08/2015 10:37:06 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Malwarebytes' Anti-Malware deleted successfully C:\Users\Elke\AppData\Roaming\FirefoxToolbar deleted successfully C:\Users\Elke\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Elke\AppData\Roaming\Media Player Classic deleted successfully C:\Users\Elke\AppData\Roaming\Solvusoft deleted successfully C:\Users\Elke\AppData\Roaming\WinZip deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent Adobe Acrobat Reader DC Adobe Digital Editions 2.0 Adobe Flash Player 18 ActiveX Adobe Flash Player 18 NPAPI Adobe Photoshop CS6 Adobe Refresh Manager Adobe Shockwave Player 12.0 Age of Empires complete version 1.0c Akamai NetSession Interface ANT Drivers Installer x86 ASIO4ALL Avast Free Antivirus Belgium e-ID middleware 4.0.7 (build 7466) CCleaner Cheat Engine 6.4 DAEMON Tools Lite Elevated Installer FARO LS 1.1.501.0 Freemake Audio Converter versie 1.1.0 Garmin Express Garmin Express Tray Google Chrome Google Drive Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper HP Deskjet 3520 series Basic Device Software HP Deskjet 3520 series Help HP Deskjet 3520 series Product Improvement Study HP Deskjet 3520 series Setup Guide HP FWUpdateEDO2 HP Photo Creations HP Update HPDiagnosticAlert Intel(R) Network Connections Drivers ISOBuddy Java 8 Update 51 Java Auto Updater K-Lite Codec Pack 9.6.5 (Full) Lenovo Mouse Suite Lenovo System Update Malwarebytes Anti-Malware version 2.1.6.1022 Max en het Vreemde dier McAfee Security Scan Plus MergeModule_x86 Metric Collection SDK Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 39.0.3 (x86 nl) Mozilla Maintenance Service PlayMemories Home PMB_ModeEditor PMB_ServiceUploader QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Recuva ScummVM 1.7.0 Skype Click to Call SkypeT 7.6 SOHLib for PlayMemories Home SoundMAX swMSM Tell me More Kids Tomb Raider Chronicles US-122 MKII / US-144 MKII VLC media player Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Windows Driver Package - Fedict SmartCard (04/30/2014 4.0.7.5) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) WinRAR 4.20 (32-bit) YouTubeByClick ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\Elke\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe C:\Windows\system32\vssvc.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\UI0Detect.exe C:\Users\Elke\Pictures\Tor Browser\App\vidalia.exe C:\Users\Elke\Pictures\Tor Browser\App\tor.exe C:\Windows\system32\conhost.exe C:\Users\Elke\Pictures\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskhost.exe C:\Users\Elke\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k swprv ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Freemake Improver deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Freemake Improver deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Freemake Improver deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Freemake Improver deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McComponentHostService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default user.js not found ---- Lines easylife removed from prefs.js ---- user_pref("extensions.XN5ZEw9KN98ttumD.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")> user_pref("extensions.kHlLKIr7zu2rvpoN.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")> ---- Lines extensions.XN5ZEw9KN98ttumD removed from prefs.js ---- user_pref("extensions.XN5ZEw9KN98ttumD.epoch", "1417464728"); user_pref("extensions.XN5ZEw9KN98ttumD.url", "http://veterance.com/sync2/?q=hfZ9ofV9CShEAen0rTaErjnMg708BNmGWj8cmihGheDUojw9rjwHrdsErdU9qchIC7n0rjnFrj ---- Lines extensions.kHlLKIr7zu2rvpoN removed from prefs.js ---- user_pref("extensions.kHlLKIr7zu2rvpoN.epoch", "1417464848"); user_pref("extensions.kHlLKIr7zu2rvpoN.url", "http://couponbluemy.us/sync2/?q=hfZ9oetKCGhEAen0rTaErjnMg708BNmGWj8cmihGheDUojw9rjwHrdsErdY8pihIC7n0rjnF ---- FireFox user.js and prefs.js backups ---- prefs_20151008_1109_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Program Files\YoutubeAdBlocke deleted C:\ProgramData\McAfee Security Scan deleted C:\PROGRA~2\3096321867619289218 deleted C:\PROGRA~2\Adobe deleted C:\Users\Elke\AppData\Local\simedit.log deleted C:\Users\Elke\AppData\Local\nss6B3E.tmp deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Windows\system32\roboot.exe deleted C:\Users\Elke\Desktop\MAXIM\Maximus\SoftonicDownloader_for_3dracs.exe deleted "C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe" deleted "C:\Program Files\McAfee Security Scan" deleted "C:\PROGRA~2\Package Cache" deleted "C:\Program Files\McAfee Security Scan\3.8.150" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (Build 7600) Memory (RAM): 3046 MB CPU Info: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz CPU Speed: 2327,3 MHz Sound Card: Speakers (TASCAM US-144 MKII) | Speakers (SoundMAX Integrated D | Display Adapters: Intel(R) Q35 Express Chipset Family (Microsoft Corporation - WDDM 1.0) | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Intel(R) 82566DM-2 Gigabit Network Connection CD / DVD Drives: 4x (D: | E: | F: | G: | ) D: TSSTcorpDVD-ROM TS-H353B | E: HL-DT-STDVD-RAM GSA-H60L | F: DTSOFT BDROM | G: WBQ GDAZ8DQ Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 74,4GB Hard Disks - Free: C: 9,4GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | 01/25/08 | LENOVO - 60400d0 Time Zone: Romance Standard Time Motherboard *: LENOVO LENOVO Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 44.0.2403.130 Internet Explorer version: 8.0.7600.16385 Mozilla Firefox version: 39.0.3 (x86 nl) Google Chrome version: 44.0.2403.130 Adobe Reader version: 15.8.20082.147029 Sun Java version: 1.8.0_51 (32-bit) Flash Player version: 18.0.0.209 Shockwave Player version: 12.0.7r148 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Elke\AppData\Local\Temp ==== ====== Java Cache ===== 2015-07-20 10:03:18 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-4829b4bc 2015-07-20 10:03:18 0C668DE77852874786BCF820943A8F75 425 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-07-20 10:03:17 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-77a9e69e 2015-07-20 10:07:24 09A7ACF6262CD1AB5F5B55881A2EEF8D 625 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4f535a58-4da37912 2015-07-20 10:07:25 F27333C716BEEF1DDADC8D2CB8CBAFEC 1056859 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\521b41c-62dccd9f 2015-07-20 10:03:25 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47c58863-7624db5c 2015-07-20 10:07:22 903BBE34D4F2E79B9648A12EDD5833D7 491 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\247dde9-9cdb29eedf58e6545911426ccc9bd614b17d9aefb54ce498ffa121e9411c6df0-6.0.lap 2015-07-20 10:03:18 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-70ae1c01 2015-07-20 10:07:33 8C0951513877057E221DBA2878B5F93B 120 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6382116c-eae1b0698bb54c09600ad52bfb7e679c7322d207aec3148ef34f24184ffa3287-6.0.lap 2015-07-20 10:07:24 96383A59BE4E6E4A339F781BFD645EF2 1784 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3e4ff6c5-555f19fd 2015-07-20 10:07:26 0D53B5E596093306ADAF6282BAB32D55 369 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\baab472-3152afbf 2015-07-20 10:07:24 B0989C4FFA3E129C401CF265A64B1E33 440 ----a-w- C:\Users\Elke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2142f3bc-257f203c ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-08-09 12:41:39 -------- d-----w- C:\Program Files\YouTubeByClick 2015-07-20 10:00:25 -------- d-----w- C:\Program Files\Common Files\Java 2015-07-20 09:52:22 -------- d-----w- C:\Program Files\Java ======= C: ===== ====== C:\Users\Elke\AppData\Roaming ====== 2015-08-09 12:42:17 -------- d-----w- C:\Users\Elke\AppData\Roaming\YouTubeByClick 2015-08-09 12:39:27 -------- d-----w- C:\Users\Elke\AppData\Local\Downloaded Installations 2015-08-05 09:15:26 -------- d-----w- C:\Users\Elke\AppData\Roaming\Adobe 2015-08-05 07:18:55 -------- d-----w- C:\Users\Elke\AppData\Local\Adobe 2015-08-04 07:21:30 -------- d-----w- C:\Users\Elke\AppData\Local\Garmin_Ltd._or_its_subsid 2015-08-04 07:19:24 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Garmin_Ltd._or_its_subsid 2015-07-17 08:33:28 -------- d-----w- C:\Users\Elke\AppData\Local\CEF ====== C:\Users\Elke ====== 2015-08-09 12:41:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTubeByClick.com 2015-08-09 12:39:06 9F722BFC7732F0E32AED50AAB44544CA 16966888 ----a-w- C:\Users\Elke\Downloads\setup.exe 2015-08-06 20:15:13 A3868DC3BA0C1B72182EF59B7EADB484 1187032 ----a-w- C:\Users\Elke\Downloads\flashplayer18_ga_install.exe 2015-08-04 07:31:34 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Elke\Documents\RSIT.exe 2015-08-04 07:19:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-07-20 09:52:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-07-17 08:03:31 -------- d-----w- C:\ProgramData\Oracle ====== C: exe-files == 2015-08-09 12:39:06 9F722BFC7732F0E32AED50AAB44544CA 16966888 ----a-w- C:\Users\Elke\Downloads\setup.exe 2015-08-06 20:15:13 A3868DC3BA0C1B72182EF59B7EADB484 1187032 ----a-w- C:\Users\Elke\Downloads\flashplayer18_ga_install.exe 2015-08-05 21:03:31 1DEEF4A41F33D307E6EE2FBE8B179BE2 959568 ----a-w- C:\Program Files\Google\Update\Install\{FBD0DADE-178A-4D0A-AEFF-ABC46FE2A7F4}\44.0.2403.130_44.0.2403.125_chrome_updater.exe 2015-08-05 21:03:31 1DEEF4A41F33D307E6EE2FBE8B179BE2 959568 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_44.0.2403.125_chrome_updater.exe 2015-08-05 09:33:49 B1798BC27E40983B12FEFD0D85C05B3F 873800 ----a-w- C:\Users\Elke\AppData\Local\Google\Chrome\User Data\SwReporter\4.28.1\software_reporter_tool.exe 2015-08-05 09:16:54 36D45D0D2FA722D39AD78D8312B273B1 364224 ----a-w- C:\Program Files\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\Data\PhotoshopCS6\AppDataAll\Setup\{AC76BA86-7AD7-1043-7B44-AB0000000001}\setup.exe 2015-08-05 09:16:47 31657ADA786863B73FAC28E5BD0753AD 382168 ----a-w- C:\Program Files\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\Data\PhotoshopCS6\AppDataAll\ARM\Reader_11.0.00\21197\ReaderUpdater.exe 2015-08-05 09:16:47 31657ADA786863B73FAC28E5BD0753AD 382168 ----a-w- C:\Program Files\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\Data\PhotoshopCS6\AppDataAll\ARM\Reader_11.0.00\21197\AdobeARMHelper.exe 2015-08-05 09:16:46 3E04F1E482357B1FC8B088197C3D9FF8 1022152 ----a-w- C:\Program Files\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\Data\PhotoshopCS6\AppDataAll\ARM\Reader_11.0.00\21197\AdobeARM.exe 2015-08-05 09:16:46 31657ADA786863B73FAC28E5BD0753AD 382168 ----a-w- C:\Program Files\Adobe\Adobe Photoshop CS6\Adobe Photoshop CS6\Data\PhotoshopCS6\AppDataAll\ARM\Reader_11.0.00\21197\AcrobatUpdater.exe 2015-08-05 05:48:48 1D04AADC5043A051ABBAAF9D3DFB1142 25944 ----a-w- C:\Program Files\Garmin\Express SelfUpdater\esu.exe 2015-08-04 07:31:34 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Elke\Documents\RSIT.exe 2015-08-04 07:08:58 5CF687673BD7D76DE51D25DB84C7957D 42834472 ----a-w- C:\Windows\Temp\tmpE25.tmp.exe === C: other files == 2015-08-10 06:59:21 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Elke\AppData\Local\Temp\_MEI40482\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-08-10 06:59:21 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Elke\AppData\Local\Temp\_MEI40482\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "uTorrent"="C:\Users\Elke\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Daemon for Mouse Suite"="C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "PMBVolumeWatcher"="C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "uTorrent"="C:\Users\Elke\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/08/2015 22:16] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13/09/2013 11:01] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 306fa1163424425b8575b45cda62b786b7339f673fc947889603a642cd08b529" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 53e87de216c64571ba7c7263db082b2b4919c46b9ad84b9aa903d5473321af71" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 6935414a800449a5b02fe2cbdca84b2abf75b9c067134545bbb4b534a7a22992" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 775a7c0c46af4cbda1a8fa85ffe4c8e851d471cb03414053b8a7b0eb3e2b8252" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HP AR Program Upload - bdd84ec8812b4e3587427456f27443bdade292f2faa746a3a6ae222a5cc6a4ad" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3520 series" ["C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\{8D711F62-0DFE-44B4-8909-8B3A8D01FFC8}" [C:\Program Files\Lucidity\revLoader.exe] "C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\system32\tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms" [C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe] "C:\Windows\system32\tasks\TVT\TVSUUpdateTask" ["C:\Program Files\Lenovo\System Update\tvsuShim.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default user_pref("browser.startup.homepage", "www.ecosia.com"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [07/08/2015 11:44] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Facebook Select All - %ProfilePath%\extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi - Invite All for Facebook - %ProfilePath%\extensions\jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default 8975852E3CC0A83CB3EEE37C29E50F4D - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 6.5.1 83AD28DE9ABD4AAE3DA2A643337CA234 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 6.5.1 B0A611FF04AD8BBCC712D13F70F6E6EC - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 6.5.1 5F3B48F64C4B1E8249FE77208185144C - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 6.5.1 0A22874C3E98E3AAE224C25ED0244D87 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 6.5.1 BD5617C5815F6634C7C55BE1D07F9F16 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 6.5.1 985FF575B7E5197D7D06268DEE0DBF4A - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 6.5.1 0A1788EE70EF444DABA1E958092F4B85 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat 1F352B5944AF5C2204D9EFF7F845C5AF - C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll - Google Update BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In C7090AB2D8473D12D48B818FC1FE7AF9 - C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U51 95479782C832632116E0FC0C8373F43E - C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.510.16 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director 0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director FD82108FD60B63010325D9AF6F00AF99 - C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll - Shockwave Flash B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[01/07/2015 17:02] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Elke\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[21/07/2014 20:41] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Slides - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Hotword Shared Module - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Skype Click to Call - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Drive App Launcher - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Chrome Web Store Payments - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Preferences rtt":43766}},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":35646},"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":31312}},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":63454},"supports_spdy":true}},"supports_quic":{"address":"213.119.124.159","used_quic":true},"version":3}},"password_bubble":{"nopes":2},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13071186854242417"},"sync_promo":{"show_on_first_run_allowed":false},"translate_accepted_count":{"nl":0},"translate_blocked_languages":["en"],"translate_denied_count":{"nl":3},"translate_last_denied_time":1.426851e+12,"translate_too_often_denied":true,"translate_whitelists":{}} ooglenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\41.0.2272.89\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13073232763154763","lastpingday":"13083577198849087","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1651A96E07B9A662A4EB49D9CF2C9F1659D38AFED7C005AE14120F2720C00B26"},"default_search_provider":{"keyword":"A0D18479200E9A4270FF8E33495E192CF233460142C673E3658D97F199DE2E9B","name":"58B58B32257299A3656393FC22A9C15868B6FAA5765835A83D71AD566D81824D","search_url":"F9C6E5B9B76BCF16CAEE093F4D32BB8018E027C516F7579BDA53DF84EC383E66"},"default_search_provider_data":{"template_url_data":"545E20A716FF1B0D122B25CDA41F562F682E75BF4C1430607CC508A403673C8C"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"3D6751CA74DF84F52B77DA5958F7F9D63A73A678CF6232BE81EBC0FD130DBA37","ahfgeienlihckogmohjhadlkjgocpleb":"393A9F160565C479C08A6CF7C987287EEB91B1F0121C579387B2119B5DF17924","aohghmighlieiainnegkcijnfilokake":"FFC469E5A152F4CAEA183B15F11264536B0D5AB6BB191B03E95F37C232DE6EAB","apdfllckaahabafndbhieahigkjlhalf":"BDECA1F95AB687863EF6BBAD63244EA457828DC4D70ADDE59EDFF9FE31D78CE0","bepbmhgboaologfdajaanbcjmnhjmhfn":"8E65734E33D3515C2BF86656B6B88E23529FD8C187A4EA48BC458171CFA0D1C5","blpcfgokakmgnkcojhhkbfbldkacnbeo":"D72FB108D571B4881ADE5276EE631FCB656D6A10A93B6A5A9248573A2A1A9FE8","coobgpohoikkiipiblmjeljniedjpjpf":"C89B9CB3517A445E63629C0D6AA5F0FA81E0E5EEB4CA039CEED9C173A90041FB","eemcgdkfndhakfknompkggombfjjjeno":"B49E79B37D45DBEBFAD27D991CA2187DAABEF77C9C0367FDA0420DCD54D4D41D","ennkphjdgehloodpbhlhldgbnhmacadg":"3778ED84FA5CCB980CA7ACD5465462083F227F2253150A77DF1393893CBB33CA","felcaaldnbdncclmgdcncolpebgiejap":"E9733AFBE54B0663F9855AD08A601EA33BB901586CED9E6DBA1566E5B25267F5","gfdkimpbcpahaombhbimeihdjnejgicl":"3F9F0A2D52B500F7889F30A813A2141BAFDD370B8504D066E0C36008116D276E","gomekmidlodglbbmalcneegieacbdmki":"799CAE5CDED60482ADCEE203469819E61A749CE22C8EF81C18FFA6578356348C","kmendfapggjehodndflmmgagdbamhnfd":"9347A1E4120122DC5262C5BA454B5F03E0AE41BE3640CB6372D7AB02F0C2D71E","lccekmodgklaepjeofjdjpbminllajkg":"89C79118062A1D7C785AF5EEFA3B4187964A2B4CC4C4C7E09C19FC41B39847AA","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"E45A4EBF10BFDB03076481A3DBFB853AEAE757B851C69B9345A9685A571AEF31","lmjegmlicamnimmfhcmpkclmigmmcbeh":"7DC88F46862DD2B4C6DE35E6593CD1858A0162F8A0A23123B02674B088EFE02F","mfehgcgbbipciphmccgaenjidiccnmng":"6CCF1D228F764D62A95B051E6DBD095049C8AEEEF0FB190C66D04635BEF7C9EB","mgndgikekgjfcpckkfioiadnlibdjbkf":"51069FC04F068146A311D82B86B9D5A59E1B64930139BDC8A58642B72FFAFEF0","mhjfbmdgcfjbbpaeojofohoefgiehjai":"0EB0D89BA0BFF3C3AAEFB180B1C8F9EEE54DDA8EC36E14569DDC790E5FC37F05","nbpagnldghgfoolbancepceaanlmhfmd":"5C7B9A64886847889CEFF06DFA30F2A17EB308ED5C27023FA80D23EE16987E7D","neajdppkdcdipfabeoofebfddakdcjhd":"2EA12E22FFF26755219DE61A9882B9D753C209984F41E7FEE6FFC9E6F11EBCDD","nkeimhogjdpnpccoofpliimaahmaaome":"043A03836D21E1A3F6AA552A275350DACD3D37482C1936081D5383AAADDE6812","nmmhkkegccagdldgiimedpiccmgmieda":"11CEC90964A3AB04CF80762DA36B7736A45D38365D6AAC91E72B4C7B6603E86F","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"7B92EC47997BCCCFB36BF9A1C4C4891724F2D4AC462E27CAC1EB8E1B23C9EC72","pjkljhegncpnkpknbcohdijeoejaedia":"8A7BEC1DF35477909FBBE93E03BB63B678DD9AA64A81F6A13C441F138FA243CB"}},"google":{"services":{"account_id":"AF62CDFFE58FA45C5DC92AA35CB3E86627271F1782CFA3C4939E5AB5B3B825E8","last_username":"BFE4847C5D59924058BB54707F18A81A57A66D0E04DB3E3FA9822DB081FE7710","username":"333195C4DAFDEBAF1A32365A39A2B8326AD4E3180236FD8897804527DC4BC72A"}},"homepage":"6212A98EA92BFFA8ACF9B377B561C043FAEFE5F286A35BFA7D05BCC66BE245F0","homepage_is_newtabpage":"5F13B56392DDE62CC36ECE69367CAB4A9D8030962BF7A5AA5EBA3DAD377DC3F1","pinned_tabs":"32E649C94A2C343909FFF8B653B42A1429342F6235AC0BD7CB2EDAE2A523D230","prefs":{"preference_reset_time":"9C0C60D472DD0EC0A6E5781DF073D651AC238476CEF7A1BBAAB73B1FBD17C004"},"profile":{"reset_prompt_memento":"B686FB86613C3B15F4602D344E1F00FAB591737FBBAA4A0D1A3D8D8A7163BFC9"},"safebrowsing":{"incidents_sent":"1374ED1C259258271C487BA009972ABE12B3DDEFB945EEDB5F6AB3605804F174"},"search_provider_overrides":"A78F844713DFAB42D7AD50529BADC2D6C2A1F7DE09E1D19BA22882953D2CAB7D","session":{"restore_on_startup":"7D57521BD34B3CE5DE5C2E88C8AC32E91384D2048B3823474C89BE134272D1E2","startup_urls":"5291909020ACF3728250212649249317FF86FCD129133ABBA3B4647DD76F5C5A"},"software_reporter":{"prompt_reason":"283704F42320A0001441C87B7AB60446DAC3A38625B7A5600CC70E9EFE1D7623","prompt_seed":"6AA01FE0AE294CB89B3150E2113CE7CA9CF74F692BAA8285478861189846F49A","prompt_version":"3F27EC18EFEA03F216993E063F440B582DAD570422EC05847E85C46A5F98E3B5"},"sync":{"remaining_rollback_tries":"D92872A8367EE551A9589FAE439F6E7BDE5E33F8D1FD88917DAAE1B806A19A50"}},"super_mac":"9A6892FB24A7CB714B1D5A0AB5980C426DB31805A89ABDBE72DE84F800C1239E"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com"]}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30 O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Users\Elke\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Session Launcher Service (PelService) - Unknown owner - C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sony Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: Sony Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Elke\AppData\Local\Mozilla\Firefox\Profiles\prwxdqng.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=65 folders=26 81021427 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Elke\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Elke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Elke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 10/08/2015 at 11:34:01,17 ======================