Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by hulya on zo 30/08/2015 at 13:02:54,06. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hulya\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 30/08/2015 13:04:21 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Realtek deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\CrypKey deleted successfully C:\Users\hulya\AppData\Roaming\Malwarebytes deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2057583968-2438982928-40907176-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully HKEY_USERS\S-1-5-21-2057583968-2438982928-40907176-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B739642-8711-440C-83BE-A94B3CA8AC32} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Acer Arcade Deluxe Acer Crystal Eye webcam Ver:1.1.88.610 Acer ePower Management Acer eRecovery Management Acer GridVista Acer Registration Acer ScreenSaver Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 18 NPAPI Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Adobe Shockwave Player 11.6 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver AVG PC TuneUp 2015 (nl-NL) BitComet 1.39 64-bit Compatibiliteitspakket voor het 2007 Microsoft Office system D3DX10 Facebook Video Calling 3.1.0.521 Free Audio Converter version 5.0.60.713 Free YouTube to MP3 Converter version 3.9 Fuji Fotoservice 4.5 Google Chrome Google Earth Google Update Helper Identity Card Intel(R) Graphics Media Accelerator Driver Java 8 Update 51 Java 8 Update 60 Java Auto Updater JavaFX 2.1.0 Junk Mail filter update Kruidvat fotoservice Launch Manager Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 OLYMPUS Master 2 Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3054888) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3054890) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2863812) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965208) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2986254) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3054992) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3055051) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3055052) 32-Bit Edition swMSM Synaptics Pointing Device Driver TomTom HOME TomTom HOME Visual Studio Merge Modules Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3055023) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Visual C++ 8.0 Runtime Setup Package (x64) VLC media player 2.0.8 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.30 beta 3 (64-bit) ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\crypserv.exe C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Fuji Fotoservice\Fuji Fotoservice\dd.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Users\hulya\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Crypkey License deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Crypkey License deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Realtek not found C:\PROGRA~2\OptOn deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\hulya\AppData\Roaming\LogFile.txt deleted C:\Users\hulya\AppData\Local\MyWinLockerInstaller.txt-20091220.log deleted C:\Windows\Tasks\RegCure Pro_sch_538C235C-BFAE-11E3-A71D-0026225912EE.job deleted C:\windows\SysNative\Tasks\RegCure Pro_sch_538C235C-BFAE-11E3-A71D-0026225912EE deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\User deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3002 MB CPU Info: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz CPU Speed: 432.7 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR8132 PCI-E Fast Ethernet Controller | Atheros AR5B93 Wireless Network Adapter CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT30N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 220.8GB Hard Disks - Free: C: 66.7GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 08/03/09 | ACRSYS - 1 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire 7715Z Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 44.0.2403.157 Internet Explorer Version: 11.0.9600.17959 Google Chrome version: 44.0.2403.157 Adobe Reader version: 11.0.12.18 Sun Java version: 1.8.0_60 (32-bit) Sun Java version: 1.8.0_60 (64-bit) Flash Player version: 18.0.0.232 Shockwave Player version: 11.6.5r635 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-08-12 09:58:05 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe ====== C:\Users\hulya\AppData\Local\Temp ==== 2015-08-30 10:59:39 F722BFAAAEE292415CC101143D888B1D 769736 ----a-w- C:\Users\hulya\AppData\Local\Temp\MSS\3.11.149.2\McInstallerStartup.dll 2015-08-30 10:59:39 DF68B3980EF6CA7D3AA6D57D57103151 153760 ----a-w- C:\Users\hulya\AppData\Local\Temp\MSS\3.11.149.2\McInstallerRes_LD.dll 2015-08-30 10:59:39 C4CF03B998D4D758B89CD07F22D7A7F9 645168 ----a-w- C:\Users\hulya\AppData\Local\Temp\MSS\3.11.149.2\McUICnt.exe 2015-08-30 10:59:39 C323F35DD66BC87BEFEDF51354A53C96 264488 ----a-w- C:\Users\hulya\AppData\Local\Temp\MSS\3.11.149.2\McInstallerRes.dll 2015-08-30 10:59:39 43A07A01F731A01F6B5158A034EBBFD0 560664 ----a-w- C:\Users\hulya\AppData\Local\Temp\MSS\3.11.149.2\mcbrwsr2.dll 2015-08-30 10:58:23 E859B62F9041CF7E4E088D0F821A4FDC 1099712 ----a-w- C:\Users\hulya\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_26597.exe 2015-08-28 16:03:01 DBEC43E45E35EBB67470B79A33317593 186168 ----a-w- C:\Users\hulya\AppData\Local\Temp\TUUUninstallHelper.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-08-28 19:11:32 A98799EBA5BAABF1AB2BAFCE488FC9F9 19871232 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-08-28 19:11:32 225DB7BABA68ED284693EAEE04E94EA1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-08-28 19:11:33 E5F2BB962F84A8F8D996FEA33F4C817B 25191936 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-08-28 19:11:32 4FD63532DBF78DC6B50078F769E7949F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb ====== C:\Windows\Sysnative\drivers ===== 2015-08-12 17:06:17 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2015-08-12 10:01:10 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-08-12 10:01:05 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-08-12 10:01:05 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-08-12 10:01:01 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-08-12 10:01:01 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-08-12 10:01:01 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys ====== C:\Windows\Tasks ====== 2015-08-28 16:39:45 BD7693C4B5FDB72B521CDFF0C75D0992 4052 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA1d0e1b024b6e101 2015-08-28 16:39:44 5959F55DC277494DC90B0BAC5C2797B6 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e1b024b6e101.job 2015-08-28 16:39:42 8826A53B6AB54011A97968586A48B021 3800 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore1d0e1b02158dc51 2015-08-28 16:39:38 1E5686CB6A7C3731DA4E442910FD7D21 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e1b02158dc51.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-08-28 16:35:24 -------- d-----w- C:\Program Files\trend micro 2015-08-28 15:54:48 -------- d-----w- C:\Program Files\WinRAR 2015-08-14 19:32:19 -------- d-----w- C:\Program Files\BitComet ======= C:\PROGRA~2 ===== 2015-08-30 10:58:28 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\hulya\AppData\Roaming ====== 2015-08-30 10:57:59 -------- d-----w- C:\Users\hulya\AppData\Roaming\Sun 2015-08-28 15:55:20 -------- d-----w- C:\Users\hulya\AppData\Roaming\WinRAR 2015-08-28 15:54:58 -------- d-----w- C:\Users\hulya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-14 19:32:24 -------- d-----w- C:\Users\hulya\AppData\Roaming\BitComet 2015-08-01 15:46:22 -------- d-----w- C:\Users\hulya\AppData\Local\GWX ====== C:\Users\hulya ====== 2015-08-30 10:57:58 -------- d-----w- C:\Users\hulya\.oracle_jre_usage 2015-08-28 16:35:00 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hulya\Desktop\RSITx64.exe 2015-08-28 15:54:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-28 15:49:44 EED1880EC01E2AD041A8EE193E61E583 1618432 ----a-w- C:\Users\hulya\Desktop\adwcleaner_5.004.exe 2015-08-14 19:32:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit) 2015-08-12 17:08:20 -------- d-----w- C:\ProgramData\Skype ====== C: exe-files == 2015-08-30 10:59:39 C4CF03B998D4D758B89CD07F22D7A7F9 645168 ----a-w- C:\Users\hulya\AppData\Local\Temp\MSS\3.11.149.2\McUICnt.exe 2015-08-30 10:58:23 E859B62F9041CF7E4E088D0F821A4FDC 1099712 ----a-w- C:\Users\hulya\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS_26597.exe 2015-08-30 10:56:48 6A5A2FDB6D09E02A3283C55237DA10F6 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\unpack200.exe 2015-08-30 10:56:47 BDFF5086FC1F20E631A070EEF43A7BEC 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\tnameserv.exe 2015-08-30 10:56:47 B804A4E31F4BAD4D5BA05FE684756BA2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\servertool.exe 2015-08-30 10:56:47 7A0DE452F677EF2971C7B75B0267B6ED 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssvagent.exe 2015-08-30 10:56:46 D94C31E9C9C9A1273CC67DC6FFAF9984 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\policytool.exe 2015-08-30 10:56:46 606A24A64E164B345A79F8F22A5DAC6F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\pack200.exe 2015-08-30 10:56:46 5A503CFE5B553A9721A469FCC9CE8562 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmiregistry.exe 2015-08-30 10:56:46 3292748E640429C2682484BD23D43F6B 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmid.exe 2015-08-30 10:56:46 08427EADE480F21412696582170B1167 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\orbd.exe 2015-08-30 10:56:45 E408E46C5DD2D03A7474AA12BAABEFEE 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\klist.exe 2015-08-30 10:56:45 B9DE149653ED8B9C5C6CB68131AB66D2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jjs.exe 2015-08-30 10:56:45 30387BE3E5D04FE969B731441C89D2D8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ktab.exe 2015-08-30 10:56:45 21B5D297A9191E4D833BB39456CEDAD0 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\kinit.exe 2015-08-30 10:56:45 0FCF9F3D9518B90FB58CC950FA33998C 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2launcher.exe 2015-08-30 10:56:45 0F6E0DD1263ACB2A1AC559BB7742B54D 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\keytool.exe 2015-08-30 10:56:44 BC949C957CEB9FAFDF0F3949CDDF1A72 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe 2015-08-30 10:56:44 8C6BDB56CD4DEED1AF2790D37B54CFE9 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe 2015-08-30 10:56:44 7080B965215703EA1340C3C4903C7D73 274016 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaws.exe 2015-08-30 10:56:44 5DC0128E8A2017E82289191820C736A5 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe 2015-08-30 10:56:43 86CC77A8189758834CF83F7F2FEA5162 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java-rmi.exe 2015-08-30 10:56:43 262BBCE84B9C8784CC5A5E1975898022 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jabswitch.exe 2015-08-29 08:45:46 3FEA0616A7C34AD431291D36F044F86E 42996304 ----a-w- C:\Program Files (x86)\Google\Update\Install\{AE287523-AC67-4A14-87B9-E7D9DCFC4491}\44.0.2403.157_chrome_installer.exe 2015-08-29 08:45:44 3FEA0616A7C34AD431291D36F044F86E 42996304 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_chrome_installer.exe 2015-08-28 16:45:31 E2AB465A4F48E9E64FE028374249B881 981584 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E760E8FD-D5F7-4D38-B5D2-14A2A2D4F449}\44.0.2403.157_44.0.2403.155_chrome_updater.exe 2015-08-28 16:45:31 E2AB465A4F48E9E64FE028374249B881 981584 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_44.0.2403.155_chrome_updater.exe 2015-08-28 16:38:57 000975A5E8399A6EB7104A31DA947279 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateWebPlugin.exe 2015-08-28 16:38:56 E2CD6F76B2E57B3D61DC21FB58A5EC10 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe 2015-08-28 16:38:51 0ECB154C98DD6A404B7DEB62C7425F60 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateBroker.exe 2015-08-28 16:37:46 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateSetup.exe 2015-08-28 16:35:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\hulya.exe 2015-08-28 16:35:00 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hulya\Desktop\RSITx64.exe 2015-08-28 16:25:57 93EA3D9300F9A4B29D12A60D50142D5B 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateComRegisterShell64.exe 2015-08-28 16:20:06 042ED5CED9032D093CACF785BFA39D65 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe 2015-08-28 16:18:55 3ED2B00729E2D4F974C1418F1B2CDF60 245064 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe 2015-08-28 16:16:23 DD7423ABBE2913E70D50E9318AD57EE4 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdate.exe 2015-08-28 16:12:57 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\Install\{7F419BAE-3212-4BA3-820B-6094FE736D5F}\GoogleUpdateSetup.exe 2015-08-28 16:12:50 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.13\GoogleUpdateSetup.exe 2015-08-28 16:03:01 DBEC43E45E35EBB67470B79A33317593 186168 ----a-w- C:\Users\hulya\AppData\Local\Temp\TUUUninstallHelper.exe 2015-08-28 15:54:52 2C833DE5D11C4EFCEFC0E1944D59AE76 62968 ----a-w- C:\Program Files\WinRAR\Ace32Loader.exe 2015-08-28 15:54:50 CC58D2EE6A3A2425E5443BC4171D7060 1528824 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2015-08-28 15:54:49 DE4D2C6A2AE28C45DD8162553E18BC9B 531448 ----a-w- C:\Program Files\WinRAR\Rar.exe 2015-08-28 15:54:49 B72D49CFAAF48312FDF54351FD8B8A44 188920 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2015-08-28 15:54:49 73E615A3B86876CF84F0080838C2DD75 335352 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2015-08-28 15:49:44 EED1880EC01E2AD041A8EE193E61E583 1618432 ----a-w- C:\Users\hulya\Desktop\adwcleaner_5.004.exe === C: other files == 2015-08-30 10:56:50 4E221C69F3B103481534D1B6CB6A90DD 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2057583968-2438982928-40907176-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\hulya\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Device Detection"="C:\Program Files (x86)\Fuji Fotoservice\Fuji Fotoservice\dd.exe" "GoogleChromeAutoLaunch_FE51A3DB6FD6F0D5595AE76270DCC6BB"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\hulya\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Device Detection"="C:\Program Files (x86)\Fuji Fotoservice\Fuji Fotoservice\dd.exe" "GoogleChromeAutoLaunch_FE51A3DB6FD6F0D5595AE76270DCC6BB"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeDeluxeAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeDeluxeAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_FE51A3DB6FD6F0D5595AE76270DCC6BB] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_FE51A3DB6FD6F0D5595AE76270DCC6BB" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NortonOnlineBackupReminder" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OM2_Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OM2_Monitor" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\OLYMPUS\\OLYMPUS Master 2\\MMonitor.exe\" -NoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/08/2015 22:00] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2057583968-2438982928-40907176-1000Core.job --a------ C:\Users\hulya\AppData\Local\Facebook\Update\FacebookUpdate.exe [28/07/2014 18:15] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2057583968-2438982928-40907176-1000UA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e1b02158dc51.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 18:13] C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0e1b024b6e101.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 18:13] C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\Registry Mechanic\RegMech.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2057583968-2438982928-40907176-1000Core" [C:\Users\hulya\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2057583968-2438982928-40907176-1000UA" [C:\Users\hulya\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0e1b02158dc51" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0e1b024b6e101" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\RMSchedule" [C:\Program Files (x86)\Registry Mechanic\RegMech.exe] "C:\Windows\SysNative\tasks\RMSmartUpdate" ["C:\Program Files (x86)\Registry Mechanic\update.exe"] "C:\Windows\SysNative\tasks\Recovery Management\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\hulya\AppData\Roaming\Mozilla\Firefox\Profiles\tzry64i7.default user_pref("browser.startup.homepage", "http://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\hulya\AppData\Roaming\Mozilla\Firefox\Profiles\tzry64i7.default - OptOn - %ProfilePath%\extensions\p@MgPFxO.edu - Noia 2.0 eXtreme - %ProfilePath%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\hulya\AppData\Roaming\Mozilla\Firefox\Profiles\tzry64i7.default 3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 3CD19649B2C3023D65E67C056457A2BC - C:\Users\hulya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Gast\AppData\Local\Torch deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\hulya\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\hulya\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.157 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhigneefebkcagnpnpbibganpmfgebnk - No path found[] Google Slides - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf BitComet Download Extension for Chrome - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhigneefebkcagnpnpbibganpmfgebnk Google Sheets - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Chrome Web Store Payments - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - hulya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\hulya\AppData\Local\Google\Chrome\User Data\Default\Preferences ifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13077491301727839","last_active_pingday":"13077529196162983","last_launch_time":"13077491496012984","lastpingday":"13085305193986158","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"nl","default_locale":"en","description":"Een snelle, doorzoekbare e-mailfunctie met minder spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"hulyavardar1983@gmail.com","last_username":"hulya.vardar1983@gmail.com"}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"BD073B9BF84F8AE22F669E45623B94AEC3A2F586DC507BED2EF43B6568BA2532"},"default_search_provider":{"keyword":"331018D4D014CBD89D69ECC909225E89A8090FE91A62E9D52262B7E931C51369","name":"E6AB29C7BFC097AE14ACE5B6747A8BCC606D4894F0E4EEDC374BC25928A73C39","search_url":"95B1BCF574B407F379FE4702179D4996AAF30ECB559246290D9451E67C3E32F5"},"default_search_provider_data":{"template_url_data":"3291F06973386A9B1343DFE019C1DAD7F30367DB854C28A79BB713D8D9572D3D"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"E77C3AA43D7C2B16251A88491D3E11268014128D8250D4688F0DD4128D3394A5","ahfgeienlihckogmohjhadlkjgocpleb":"9AC56D6DB6105ADFE24A0735CCEF72AB5AA15542EBF312620D4CECDA02C9A843","aohghmighlieiainnegkcijnfilokake":"3C31AEE71E14AB7B11F4A76CE16C676782C7EA5DA21569D94B98EE1B793AF020","apdfllckaahabafndbhieahigkjlhalf":"414D689E13DFDDFF2DE0E206AB65AB342A7D499AC56B0E2730CF36F84BC71648","bepbmhgboaologfdajaanbcjmnhjmhfn":"7EC4942B1B485C9B7441637B88A1C59E0A203ABA7B234E6A8964B09701EF8AFC","blpcfgokakmgnkcojhhkbfbldkacnbeo":"E49D6072D0F1904AFB6EFB4426BEDE80A7FECDEDE6CE27E51EDEED424A3E3862","coobgpohoikkiipiblmjeljniedjpjpf":"2AEE99D61302AC09803CD19458854AAC995BBAA76F520B285C887533231CB249","dhigneefebkcagnpnpbibganpmfgebnk":"08660D25CF3328E0CC33D9F1DB9766CF68C91938CA6D3F424D69C580DA918714","eemcgdkfndhakfknompkggombfjjjeno":"E61AE13B7FCAECA3462CB22212FC82A5C80C69B1AFA606D92EF9A5E336CD2D2E","ennkphjdgehloodpbhlhldgbnhmacadg":"6041F224F4EE0CABB1A74C2AC17923B8AD367228842DB00CBAFC958E2A4A532B","felcaaldnbdncclmgdcncolpebgiejap":"766E3D4E715D52B72647FA03D9C8CAF61CE2042C6261C4CFEC362D84FC4FE84B","gfdkimpbcpahaombhbimeihdjnejgicl":"61D608C77586E232E7FE2C680783155C33B6EDF189477E3D15006C7DCF2DA26E","kmendfapggjehodndflmmgagdbamhnfd":"427A75089AC2AC8E89A0C1421B694DC77C4E0916FE8BFA39ED22AE061FA506B4","mfehgcgbbipciphmccgaenjidiccnmng":"DBE5BEC95396ADE6930DE075A6E794BB5C6B5FBE4999C3D6682C63F7D98BD277","mfffpogegjflfpflabcdkioaeobkgjik":"AED312E3A730D7E27C5062D7CB77534F6E3D829B523FF24BAB939C63F4BE62FF","mgndgikekgjfcpckkfioiadnlibdjbkf":"D07731F37F9DB17BB3F910B3EBE5BCA12F6353CBF796FFD5C5AC7345358C3D89","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A099ABB49B4F4866C2A151C1C44B9A4FCA5675631AAB22BD27AE3D4C8DDC92E7","neajdppkdcdipfabeoofebfddakdcjhd":"DADF534BD2DAB76BA3D7BE110ADE4BF3B92B74ED2A735A583582038E043FF447","nkeimhogjdpnpccoofpliimaahmaaome":"A7895C6F652B2C5E1AED96FEDD64FD41BB6EA5D7E0B1A37D164CEA829C0800E5","nmmhkkegccagdldgiimedpiccmgmieda":"0BBF59E25122F6592CF34B542765B2BF4FB57480B6B3B8A7371A6871AF82ED75","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"95CAF8D0B5E2BCE50C5DA4CD6523AD90E7D2BFA5C1514D2A0DD88BD506D594D5","pjkljhegncpnkpknbcohdijeoejaedia":"9BE5D9FA759C07E9ACB4E90BD3D6FACB05EFC288EF4892B30A1FD7D5E7B77E23"}},"google":{"services":{"account_id":"AB1A2D425F4D481CCD92A48B1AAFE356553E7044CDB469DBFDEFF938ED5072CE","last_username":"D76E37EC36C2E3BAF505801265D4EC117A8A70020DAD7095AF68863906ADC5A2","username":"F404C154E185709BD846FBA788938A552F33059C2DDABCCD1CA6EC828391C808"}},"homepage":"993DB7DAA17C4978F6A4C1F37A3E03D7CBFE68B01753516930DE2E774BD28965","homepage_is_newtabpage":"C7527F074B71C01393017C85B3AE6F09786F4A3B9220F055C82E22147DA2D4E1","pinned_tabs":"55AF028538490AF4EE7BD527FC14D0698985C892B46159AA93C98D2CB3F49E3B","prefs":{"preference_reset_time":"F25B9138801EE0486838537D3B4B87229666B1B190C16E2CE0B8A0AA0CD2F825"},"profile":{"reset_prompt_memento":"EC5CF1C7E12A472A0B34889F2714AEB0D34C4367F89D175BF6004E6DA4B018F9"},"safebrowsing":{"incidents_sent":"8B8F04A81CE819C94B68548C8EAAF529D1FA2FC04AF07F29A9A9E5DED4B20905"},"search_provider_overrides":"97A57B3D0A6351A9154DB6123506FD8BE4782CA65EA160F3B0BF541CC17127FD","session":{"restore_on_startup":"FBCB241BB7EB26679E89655C4DA75C2CF3D21333852456925B749855011F7FED","startup_urls":"588C728DEED62805F974528BD0057DEE2C5553BD898102EDDA300EDBB2DF10A2"},"software_reporter":{"prompt_reason":"77D230EBC6CD772DA2DC54EB0C1542B55F371948FF53DB2E66B1A2B0BAB7219B","prompt_seed":"13591FC3D78071B67B4753AC6E69D126CE6A66F27730EE099CEC306E815C81F3","prompt_version":"D59651A16C9F255F4B8A838F343DA5A8FC6083C164C9D46796B3D2E8EFEC80EF"},"sync":{"remaining_rollback_tries":"E4D3E65964C0910DE05D1F2416EAE61739F47EBA6821CA68102FA468D5583C69"}},"super_mac":"EC94A3881A552344E7821539392B0D0BC30F08EE1FFB0A08BB346910A9723DDE"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\hulya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\hulya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://be.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7715z&r=273612090355l0344z175t48i2c83r" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\hulya\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\Fuji Fotoservice\Fuji Fotoservice\dd.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FE51A3DB6FD6F0D5595AE76270DCC6BB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\hulya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - Unknown owner - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hulya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hulya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\hulya\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=141 folders=25 19443944 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hulya\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\hulya\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 30/08/2015 at 13:46:08,93 ======================