Zoek.exe v5.0.0.0 Updated 05-July-2014 Tool run by Admin on wo 09/07/2014 at 20:11:58,10. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Admin\Desktop\Nieuwe map\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 9/07/2014 20:14:59 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\Admin\AppData\Roaming\QuickScan deleted successfully C:\Users\Admin\AppData\Roaming\Windows Live Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Ace Stream Media 2.2.4-next Adobe Flash Player 14 Plugin Adobe Reader XI (11.0.07) - Nederlands Adobe Shockwave Player 12.1 Apple Application Support Apple Software Update Bitdefender Internet Security CCleaner D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Google Chrome Google Update Helper HiJackThis Junk Mail filter update Malwarebytes Anti-Malware versie 2.0.2.1012 Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker Mozilla Firefox 30.0 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 NVIDIA-configuratiescherm 335.23 NVIDIA 3D Vision stuurprogramma 335.23 NVIDIA Grafisch stuurprogramma 335.23 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 10.4.0 NVIDIA Update Core PCStreams Photo Common Photo Gallery QuickTime 7 Samsung Master Samsung USB Driver Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SopCast 3.8.3 Speccy SUPERAntiSpyware swMSM Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.3.1406.1149_x86__8wekyb3d8bbwe\Solitaire.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Admin\Desktop\Nieuwe map\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\NetCrawl not found C:\PROGRA~2\SopCast deleted C:\PROGRA~3\APN deleted C:\windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 2039 MB CPU Info: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz CPU Speed: 2677,3 MHz Sound Card: Luidsprekers (High Definition A | Hoofdtelefoon (High Definition | Digitale audio (S/PDIF) (High D | Display Adapters: NVIDIA GeForce 8400 GS | NVIDIA GeForce 8400 GS Monitors: 1x; Generic PnP Monitor | SyncMaster 2033SB,SyncMaster Magic CX2033SB(Digital) | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth-apparaat (Personal Area Network) | Intel(R) 82578DC Gigabit-netwerkverbinding CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-S223C Ports: COM3 | COM4 | COM5 | COM6 | COM7 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 465,4GB Hard Disks - Free: C: 435,0GB Manufacturer *: Intel Corp. BIOS Info: AT/AT COMPATIBLE | 08/02/09 | INTEL - 7a Time Zone: Romance (standaardtijd) Motherboard *: Intel Corporation DP55WB Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Bitdefender Antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Bitdefender Firewall disabled Default Browser: Google Chrome 35.0.1916.153 Internet Explorer Version: 11.0.9600.17126 Mozilla Firefox version: 30.0 (x86 nl) Google Chrome version: 35.0.1916.153 Adobe Reader version: 11.0.07.79 Flash Player version: 14.0.0.145 Shockwave Player version: 12.1.1r151 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Admin\AppData\Local\Temp ==== 2014-07-09 14:55:50 2EE2BB57A13E9C13F4F8A90C568D5354 543520 ----a-w- C:\Users\Admin\AppData\Local\Temp\NetCrawlUninstallertemp.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-06-20 13:34:54 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-06-20 13:34:24 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-06-20 13:34:24 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-06-20 13:34:24 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-06-11 17:06:38 A9749FD0A06E22009EA972D8B9CB046B 428888 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-11 17:06:38 4B666AE119D2ADBAC816BEA7DB4D6881 2518872 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-06-11 17:06:37 D18EC2C83C2F773C9476A4FB0AA4C314 295424 ----a-w- C:\Windows\Sysnative\drivers\ks.sys 2014-06-11 17:05:56 92370F46AF28D54B67C135FA8C2AFCFC 1200128 -c--a-w- C:\Windows\Sysnative\drivers\bthport.sys 2014-06-11 17:05:55 7C7BE474915166B61B84C025F1F10157 563200 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2014-06-11 17:05:54 78514B073CC5775800A65BFB82A0D66B 443904 ----a-w- C:\Windows\Sysnative\drivers\nwifi.sys 2014-06-11 17:05:53 FD163F487CBA9C98AFFEB546C80F49A2 677376 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2014-06-11 17:05:53 DBA635C6398782C549E3BE45CF1D0411 206848 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2014-06-11 17:05:53 4BB9BC49DEE1A319EC58274A7BBED663 310616 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys 2014-06-11 17:05:52 0696F66E4D423793951A60562F794D14 402432 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2014-06-11 17:05:51 498288DD5CA42C2D36D125893E968C53 77312 -c--a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys 2014-06-11 17:05:50 F152D55E497E12256290C43B31C7D0CE 589656 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys 2014-06-11 17:05:49 CADCE0D6C30427F70A4BFA426256F68C 337240 ----a-w- C:\Windows\Sysnative\drivers\Classpnp.sys 2014-06-11 17:05:49 716059F37BCCB1ABEDE99EBE82E8E362 246272 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2014-06-11 17:05:48 D90AB68D0FAC9F357F663670FDBB511E 275800 -c--a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-06-11 17:05:47 6592D192E2823C043EDBC010E7774053 360792 ----a-w- C:\Windows\Sysnative\drivers\fltMgr.sys 2014-06-11 17:05:47 4C1E71E37B56C768900B1FCF81205027 372568 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-06-11 17:05:47 33977549C2CED09936E05BEE7659EAFF 384856 -c--a-w- C:\Windows\Sysnative\drivers\spaceport.sys 2014-06-11 17:04:48 182561A14F2E93E81E66FE3700D17A5A 55328 ----a-w- C:\Windows\Sysnative\drivers\wpcfltr.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-09 15:27:58 -------- d-----w- C:\Program Files\Speccy 2014-06-21 18:46:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware ======= C:\PROGRA~2 ===== 2014-07-09 12:48:06 -------- d-----w- C:\PROGRA~2\Trend Micro 2014-07-04 16:44:43 -------- d-----w- C:\PROGRA~2\QuickTime ======= C: ===== ====== C:\Users\Admin\AppData\Roaming ====== 2014-06-20 17:16:36 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google 2014-06-20 13:32:55 -------- d-----w- C:\Users\Admin\AppData\Local\Programs ====== C:\Users\Admin ====== 2014-07-09 17:07:32 541CF254FBCA757FEBB1BFDE8D14867C 191359104 ----a-w- C:\Users\Admin\Downloads\17772_04.exe 2014-07-09 15:26:56 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Admin\Downloads\spsetup126.exe 2014-07-09 14:55:29 2EE2BB57A13E9C13F4F8A90C568D5354 543520 ----a-w- C:\Users\Admin\Downloads\NetCrawlUninstaller.exe 2014-07-04 16:44:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-07-04 16:44:43 -------- d-----w- C:\ProgramData\Apple Computer 2014-06-21 18:46:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware ====== C: exe-files == 2014-07-09 17:07:32 541CF254FBCA757FEBB1BFDE8D14867C 191359104 ----a-w- C:\Users\Admin\Downloads\17772_04.exe 2014-07-09 15:26:56 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Admin\Downloads\spsetup126.exe 2014-07-09 14:55:50 2EE2BB57A13E9C13F4F8A90C568D5354 543520 ----a-w- C:\Users\Admin\AppData\Local\Temp\NetCrawlUninstallertemp.exe 2014-07-09 14:55:29 2EE2BB57A13E9C13F4F8A90C568D5354 543520 ----a-w- C:\Users\Admin\Downloads\NetCrawlUninstaller.exe === C: other files == 2014-07-09 18:09:54 9CE1D9D488E3D5B79E70F02E4D699BAC 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2980793151-4220202154-4047133139-1001\$I6C3VKS.com 2014-07-09 18:04:54 D371448E41AA26DEC9E79917BB4CCEF3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2980793151-4220202154-4047133139-1001\$ILFJQHR.zip 2014-07-09 18:03:38 63A9E8A7CB614C7008E295E6AD1906DB 4095664 ----a-w- C:\$Recycle.Bin\S-1-5-21-2980793151-4220202154-4047133139-1001\$RLFJQHR.zip 2014-07-09 17:41:37 07E33226AD218A2A162662A05CAFB52F 63488 ----a-w- C:\Windows\LastGood\system32\DRIVERS\bthmodem.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-21-2980793151-4220202154-4047133139-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" ==== Startup Folders ====================== 2014-05-09 18:00:54 1316 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3BA90F3D-BB10-46CD-B41A-A636A7C4A270}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [11/04/2014 11:33] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "magicplayer@torrentstream.org"="C:\Users\Admin\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org" [10/05/2014 15:35] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\at9p44xu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\at9p44xu.default E87B316A42763D519DDDA65628E06E71 - C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll - Ace Stream P2P Multimedia Plug-in E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[03/03/2014 14:59] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions kpckgflgdapkpabemgkielbefdildaio - C:\Users\Admin\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx[28/01/2014 10:13] IBA Opt-out (by Google) - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb AdBlock - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard O4 - HKCU\..\Run: [Bitdefender Agent Wallet-toepassing] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Agent Wallet-toepassing] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=108 folders=18 13451808 bytes) ==== Empty Temp Folders ====================== C:\Users\Admin\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 09/07/2014 at 20:26:25,30 ======================