Zoek.exe v5.0.0.0 Updated 01-September-2015 Tool run by Johen on wo 02-09-2015 at 11:45:35,37. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Johen\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-09-02-091038.log 997 bytes ==== Empty Folders Check ====================== C:\Users\Johen\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== "Messenger" pagalbine priemone "Windows Live Essentials" "Windows Live Mail" "Windows Live Messenger" "Windows Live" fotogalerija ???? ??? Windows Live ???? Windows Live ????? Messenger ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?? Messenger ???????? ?????????? Windows Live ????????? Messenger ??????????? ?? Windows Live Adobe AIR Adobe Flash Player 18 ActiveX Adobe Reader 9.1 - Nederlands Atheros Client Installation Program Avast Free Antivirus BatteryLifeExtender Belkin 54Mbps Wireless Network Adapter Bing Bar Bing Bar Platform Bing Rewards Client Installer Broadcom 802.11 Network Adapter Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compl‚ment Messenger Complemento Messenger D3DX10 Doplnok programu Messenger Easy Display Manager Easy Network Manager Easy Resolution Manager Easy SpeedUp Manager EasyBatteryManager EasyFileShare Fast Start Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galer¡a fotogr fica de Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Google Chrome Google Update Helper Intel(R) Graphics Media Accelerator Driver Intel© Matrix Storage Manager Junk Mail filter update Marvell Miniport Driver Mesh Runtime Messenger-kumppani Messenger ??? ?? Messenger ???? Messenger ????? Messenger Assistent Messenger Companion Messenger k¡s‚ro Messenger Pratilac Messenger Suradnik Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Starter 2010 - Nederlands Microsoft Security Client NL-NL Language Pack Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Color Enhancer MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Poczta uslugi Windows Live Podstawowe programy Windows Live Pomocnik Messenger Posta Windows Live Raccolta foto di Windows Live Ralink RT2870 Wireless LAN Card Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Samsung AnyWeb Print Samsung Recovery Solution 5 Samsung Support Center 1.0 Samsung Universal Print Driver Samsung Update Plus Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3035490) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) SkypeT 7.8 Speccy Spremljevalec Messenger SRS Premium Sound Control Panel User Guide Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogal‚ria Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotograf Galerisi Windows Live Fot¢t r Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Posta Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennusty”kalu Windows Liven s„hk”posti Windows Liven valokuvavalikoima ==== Running Processes ====================== C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\wininit.exe C:\windows\system32\csrss.exe C:\windows\system32\services.exe C:\windows\system32\winlogon.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe c:\windows\Prey\wpxsvc.exe C:\windows\Prey\current\bin\node.exe C:\windows\system32\conhost.exe C:\Program Files\Ralink\Common\RaRegistry.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE c:\windows\Prey\versions\1.4.1\node_modules\triggers\bin\lightevt.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Users\Johen\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Ralink\Common\RaUI.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\DllHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Johen\Desktop\zoek.exe C:\windows\system32\conhost.exe C:\windows\system32\conhost.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\svchost.exe -k utcsvc C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\prefs.js deleted C:\Users\Johen\AppData\Roaming\GetRightToGo deleted C:\windows\system32\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted C:\windows\system32\GroupPolicy\Machine deleted C:\windows\system32\GroupPolicy\gpt.ini deleted "C:\Users\Johen\AppData\Local\{EB932038-DFC8-47CB-9DD2-3F919CC2E11A}" deleted ==== System Specs ====================== Windows: Windows 7 Starter Edition Service Pack 1 (Build 7601) Memory (RAM): 2038 MB CPU Info: Intel(R) Atom(TM) CPU N550 @ 1.50GHz CPU Speed: 1506.3 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) Graphics Media Accelerator 3150 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic Non-PnP Monitor | Screen Resolution: 1024 X 600 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth Device (Personal Area Network) #4 | Broadcom 802.11n Network Adapter | Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller CD / DVD Drives: No optical drives found. Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Mouse Present Hard Disks: C: 87.0GB | D: 128.8GB | Q: 0.0MB Hard Disks - Free: C: 49.9GB | D: 128.7GB | Q: 0.0MB Manufacturer *: Phoenix Technologies Ltd. BIOS Info: AT/AT COMPATIBLE | 10/04/10 | SECCSD - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: SAMSUNG ELECTRONICS CO., LTD. NF110/NF210/NF310 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Internet Explorer Version: 10.0.9200.16576 Google Chrome version: 44.0.2403.157 Adobe Reader version: 9.1.0.2009022700 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2015-08-21 12:43:45 B58952E67FC2FA0E689F4F0F4E3091E6 43112 ----a-w- C:\windows\avastSS.scr 2015-08-21 12:10:01 5A16DAA7075CB752793B5555AAF187BC 213896 ----a-w- C:\windows\ETDUninst.dll ====== C:\Users\Johen\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\windows\system32 ===== 2015-08-21 12:44:23 0AA106F0F81E0733C111DB7AA8691753 313472 ----a-w- C:\windows\System32\aswBoot.exe ====== C:\windows\system32\drivers ===== ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-08-30 13:37:22 -------- d-----w- C:\Program Files\trend micro 2015-08-25 08:33:19 -------- d-----w- C:\Program Files\Common Files\Skype 2015-08-25 08:33:17 -------- d-----r- C:\Program Files\Skype ======= C: ===== ====== C:\Users\Johen\AppData\Roaming ====== ====== C:\Users\Johen ====== 2015-08-30 14:27:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Johen\Downloads\RSIT.exe 2015-08-30 14:19:42 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Johen\Desktop\RSIT (1).exe 2015-08-25 08:33:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2015-09-02 08:53:51 E2CD6F76B2E57B3D61DC21FB58A5EC10 88392 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe 2015-09-02 08:53:51 0ECB154C98DD6A404B7DEB62C7425F60 88392 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleUpdateBroker.exe 2015-09-02 08:53:51 000975A5E8399A6EB7104A31DA947279 88392 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleUpdateWebPlugin.exe 2015-09-02 08:53:50 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files\Google\Update\1.3.28.13\GoogleUpdateSetup.exe 2015-09-02 08:53:46 DD7423ABBE2913E70D50E9318AD57EE4 144200 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleUpdate.exe 2015-09-02 08:53:46 93EA3D9300F9A4B29D12A60D50142D5B 130888 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleUpdateComRegisterShell64.exe 2015-09-02 08:53:46 3ED2B00729E2D4F974C1418F1B2CDF60 245064 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe 2015-09-02 08:53:46 042ED5CED9032D093CACF785BFA39D65 305992 ----atw- C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler64.exe 2015-09-02 08:53:41 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files\Google\Update\Install\{77F8FB81-E4D5-496A-B679-CF3D265E684D}\GoogleUpdateSetup.exe 2015-09-02 08:53:41 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.13\GoogleUpdateSetup.exe 2015-09-02 08:51:11 542B6A50DF347B764D743AAFCAE27007 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$I5DP8A9.exe 2015-09-02 08:51:02 469F3708FFD0D19D250F14711290FC73 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$I7TB0VN.exe 2015-09-02 08:18:10 F68A5507E37C1FC1C17F6B1A6BFF582E 1308672 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$R5DP8A9.exe 2015-09-02 08:17:24 F68A5507E37C1FC1C17F6B1A6BFF582E 1308672 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$R7TB0VN.exe 2015-08-30 14:27:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Johen\Downloads\RSIT.exe 2015-08-30 14:26:44 867B89DEFDADA720C1314BECFDD0A7C4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$IXF2OQY.exe 2015-08-30 14:19:42 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Johen\Desktop\RSIT (1).exe 2015-08-30 13:51:41 B038662D5B0907784C0D74990C02B846 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$IV5DVLQ.exe 2015-08-30 13:51:26 5B962ADB10A7735121ACE9E2D695A464 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$IG4MMT6.exe 2015-08-30 13:50:19 8895F602C64F95EAE74E427046EAC1C2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$I8OLOAM.exe 2015-08-30 13:50:05 4CC8A4E4FAA9FFA800618397E5BF8A6C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$IPFSL1H.exe 2015-08-30 13:49:50 E86501BF2B2BC04E1460AF1F8122E4AA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$I4DT05K.exe 2015-08-30 13:49:26 D4C9805D31269ED88F1BDCD8233CD458 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$IZALZKE.exe 2015-08-30 13:37:23 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Johen.exe 2015-08-30 13:35:03 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$RZALZKE.exe 2015-08-30 13:34:45 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\$Recycle.Bin\S-1-5-21-3598815426-2034822733-3092037878-1000\$RXF2OQY.exe 2015-08-27 15:29:01 B1798BC27E40983B12FEFD0D85C05B3F 873800 ----a-w- C:\Users\Johen\AppData\Local\Google\Chrome\User Data\SwReporter\4.28.1\software_reporter_tool.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3598815426-2034822733-3092037878-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GameXN GO"="C:\ProgramData\GameXN\GameXNGO.exe /startup" "BingSvc"="C:\Users\Johen\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f" "panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn /f" "panda4_1dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_1dn /f" "panda4_1dn_XP"="reg.exe delete HKCU\Software\panda4_1dn /f" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f" "panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn /f" "panda4_1dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_1dn /f" "panda4_1dn_XP"="reg.exe delete HKCU\Software\panda4_1dn /f" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "AutoEJCD_0ACE20FF"="C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE /VID=0ACE /PID=20FF" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GameXN GO"="C:\ProgramData\GameXN\GameXNGO.exe /startup" "BingSvc"="C:\Users\Johen\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Folders ====================== 2013-03-21 12:09:11 1936 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14-08-2015 19:31] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02-09-2015 10:53] C:\windows\tasks\GoogleUpdateTaskMachineCore1cca055a722f4b1.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02-09-2015 10:53] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:D0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\windows\system32\tasks\Adobe Flash Player Updater" [C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineCore1cca055a722f4b1" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\windows\system32\tasks\{4050D7A2-FE81-4D88-A5D8-6AB98F78BFFC}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.0.106/nl/abandoninstall?page=tsMain] "C:\windows\system32\tasks\{9C13FEC9-634A-4D4A-BC48-31E5A76768B7}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.0.60.100/nl/go/help.faq.installer?LastError=1618] "C:\windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21-08-2015 14:44] ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.157 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21-08-2015 14:43] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bmkckgpgekmanipelfidlhmkfcjicion - No path found[] Google Docs - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast Online Security - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Johen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_partner.support.services.microsoft.com_0.localstorage deleted successfully C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_partner.support.services.microsoft.com_0.localstorage-journal deleted successfully C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_charting.vwdservices.com_0.localstorage deleted successfully C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_charting.vwdservices.com_0.localstorage-journal deleted successfully C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advanced-cab-repair.en.softonic.com_0.localstorage deleted successfully C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advanced-cab-repair.en.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.upcmail.net/?v=upc&l=nl-NL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.upcmail.net/?v=upc&l=nl-NL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox" {FE447C4E-1CDA-4118-B916-8097F70B703C} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_nlNL430" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3598815426-2034822733-3092037878-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3598815426-2034822733-3092037878-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3598815426-2034822733-3092037878-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-3598815426-2034822733-3092037878-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\msntoolbar@msn.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D} deleted successfully ==== HijackThis Entries ====================== O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE /VID=0ACE /PID=20FF O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup O4 - HKCU\..\Run: [BingSvc] C:\Users\Johen\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Cron Service (CronService) - Fork, Ltd. - c:\windows\Prey\wpxsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Empty IE Cache ====================== C:\Users\Johen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Johen\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Johen\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Johen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Johen\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Johen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found ==== EOF on wo 02-09-2015 at 16:42:13,36 ======================