Zoek.exe v5.0.0.0 Updated 19-07-2014 Tool run by Sven on ma 21/07/2014 at 8:39:47,79. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sven\Downloads\zoek (1).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-07-20-080520.log 32205 bytes ==== Empty Folders Check ====================== C:\Users\arrow_000\AppData\Local\VirtualStore deleted successfully C:\Users\Sven\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== clear.fi SDK- Movie 2 clear.fi SDK - Video 2 Acer Device Fast-lane Acer Docs Acer Docs Office AddIn Acer Launch Manager Acer Media Acer Photo Acer Portal Acer Power Management Acer Recovery Management ALPS Touch Pad Driver Bejeweled 3 CCleaner Delicious: Emily's Childhood Memories Premium Edition Game Channels Google Chrome Google Update Helper Governor of Poker 2 Premium Edition Identity Card Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client Jewel Match 3 John Deere Drive Green Magic Academy Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) Microsoft Office Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime More Games from WildTangent Games Nero BackItUp Nero BackItUp 12 Essentials OEM.a01 Nero BackItUp Help (CHM) Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Launcher Nero RescueAgent Nero RescueAgent Help (CHM) Nero Update Norton Online Backup Norton Online Backup ARA Office Addin Plants vs. Zombies - Game of the Year Prerequisite installer Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Qualcomm Atheros WLAN and Bluetooth Client Installation Program Realtek High Definition Audio Driver Realtek PCIE Card Reader Shared C Run-time for x64 SkypeT 6.16 Speccy Spotify Tales of Lagoona Update Installer for WildTangent Games App Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) ==== Running Processes ====================== C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe C:\Users\Sven\Downloads\zoek (1).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1004\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1004\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- ==== Deleting Files \ Folders ====================== C:\Users\arrow_000\AppData\Pokki not found C:\Users\Sven\Searches deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3915 MB CPU Info: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz CPU Speed: 2421,2 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR956x Wireless Network Adapter | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT90N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 444,0GB Hard Disks - Free: C: 407,4GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer EA70_HC Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 10.0.9200.17028 Google Chrome version: 36.0.1985.125 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Sven\AppData\Local\Temp ==== 2014-07-21 06:35:40 FA09E920E9CDBC5E8AA4F839B5DEFE71 834664 ----a-w- C:\Users\Sven\AppData\Local\Temp\0007581405924540mcinst.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-07-10 17:47:59 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-10 17:47:59 06493306FF37328C0B8DC94F7A82DA85 105440 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-10 16:28:22 7DFD71542F9A7E819DDD241918EFDEEC 1408976 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2014-07-10 16:28:19 1FBAD711A0CB737E52EA9C129FE8AB57 566784 ----a-w- C:\Windows\SysWOW64\WSShared.dll 2014-07-10 16:28:18 1E19A295164B72CF06EE70D9DE5C48E1 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe 2014-07-10 16:28:14 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-10 16:27:53 A6F3DB155D86513C142C4CC8A0E7B6C0 452608 ----a-w- C:\Windows\SysWOW64\SHCore.dll 2014-07-10 16:26:17 8795FB612463119D7560EBA9C7F8784D 14368768 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-07-10 16:26:02 49E69D3C71522F14E88361139C96C4A7 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 16:26:01 A3FB2F617F15586B66A6E0ACF3A380FE 13732352 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-07-10 16:26:00 D143C6B9624E29E0AA1D682C9A678C95 2863616 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-07-10 16:26:00 43E4E8F5AFDD1A5E0D269D1DE5C717EB 2051072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-07-10 16:25:59 61B1C74ED24F2CD5D1B0C20AC51492F6 1141760 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-07-10 16:25:59 27631A4D65AB1FA5718EBBFED05B7815 1766400 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-07-10 16:25:56 1B91409DA29A30D899D257BCF86FD5B3 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 16:25:54 2ECF28B5EE03B12FAB7DFA680178B0BC 1440768 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 16:25:53 45E1DA8EF50FB8E5227CE8423EA43055 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-07-10 16:25:52 D97646D8E83B5AA8198182449C7FDCBF 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 16:25:51 841997B03FC48A0713247837563EF1D6 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 16:25:51 26582E103FD52094FC5ECA619BDE93FF 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2014-07-10 16:25:50 4A09112A94AC63DA93FF17F1E76DFA68 80896 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 16:25:49 9A598E8923FBF88DF356D6A523D56FA0 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll 2014-07-10 16:25:49 5FE1032BC879A8F39EA6F90FDD8DD838 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-07-10 16:25:49 1DB8DD378F5851CFC0D699A4B5EBA559 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-07-10 16:25:48 EFFC098B09760FFEEAE1C10533D74017 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 16:25:48 71A5B696671E2CC42376FF1ED9575C37 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-07-10 16:25:48 6D4A861C832CD598DE1267939CCEB154 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 16:25:48 2347AFDAF9DA06C99091227C93B884CC 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll 2014-07-10 16:25:41 1F3780A663053B4CAF108C3524E8CD40 497152 ----a-w- C:\Windows\SysWOW64\qedit.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-20 08:04:31 E672CFBCEDFCE8503DCAAB61FF508EA5 281240 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2014-07-10 16:28:33 C11C1BDBDE9ABD55717EDBC3842691D8 394240 ----a-w- C:\Windows\Sysnative\devinv.dll 2014-07-10 16:28:33 4D7AC68CB6BF3EB476842F225F02D256 702464 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-07-10 16:28:33 1A7AE6987B1D6AE17E03FD0862F8BD40 87552 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-07-10 16:28:32 410DD3FB1F579E79EB9AAAF66364B837 556544 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-07-10 16:28:24 9D87936649E3C7A4B319E6EE87D4280D 6974808 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-07-10 16:28:23 394B19F39139615C834E50265B544F23 1023488 ----a-w- C:\Windows\Sysnative\localspl.dll 2014-07-10 16:28:22 079051626A554ED91B75F5CEBF99AEF5 1824808 ----a-w- C:\Windows\Sysnative\ntdll.dll 2014-07-10 16:28:21 FE2BC9B69A0221B3A6C2726DF91127A1 693760 ----a-w- C:\Windows\Sysnative\WSShared.dll 2014-07-10 16:28:20 6B746A9668DB35E67518B658D4092FCB 126464 ----a-w- C:\Windows\Sysnative\Robocopy.exe 2014-07-10 16:28:14 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\Sysnative\osk.exe 2014-07-10 16:28:14 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-07-10 16:28:05 962025110A396E6D7790DA2CD4D8D424 265216 ----a-w- C:\Windows\Sysnative\InkEd.dll 2014-07-10 16:27:58 B4D60F193E7088A5020A9BFDAF0A8488 1281536 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-07-10 16:27:54 863C8A0F3F90E0E8D715AE9AB46FAC3B 588288 ----a-w- C:\Windows\Sysnative\SHCore.dll 2014-07-10 16:27:53 1DC9B701F8EB7D67774035AC9C3104F6 439808 ----a-w- C:\Windows\Sysnative\lsm.dll 2014-07-10 16:26:14 0DF61F84BC5542FFDA2F64D6697358E1 19277312 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-07-10 16:26:06 B56946EED9F6571EE1DB2A7FF6C0E47C 15369728 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-07-10 16:26:03 B07200A237E54AC9D453DE3661FF31C4 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-07-10 16:26:01 DAF42D53210C8FEC9087AD1E44C67854 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-07-10 16:26:00 3A691F30BB012EE0A4CC3E74BAFF1D66 2650624 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-07-10 16:25:59 CE6BBFFF2FEB9E43C58350AA506EDAB1 1366528 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-07-10 16:25:59 27E552632E6394DE0FA555EFDBA29A49 2239488 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-07-10 16:25:58 FC66C25C9060E0681A4ABCB96EC26A4F 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-07-10 16:25:58 E40183B5A2DC1C5761AE51E34312ACA5 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-07-10 16:25:56 CD2974BD1BB6551260AAB3D4D04BECD5 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-07-10 16:25:56 91FC6F95B04FD48DC6EBB99AE218D21B 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-07-10 16:25:56 74869FE2697E4A881B7C8C9F615F1204 1508864 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-07-10 16:25:54 5A000C8F02B22EF8F99F6D988A7A0444 97792 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-07-10 16:25:53 C0B6B7F1A1DFE1D6BC9C708AC221C82C 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll 2014-07-10 16:25:50 F43351A68833FC80135A394A656F4F4B 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2014-07-10 16:25:49 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-07-10 16:25:49 9046B20273767138A1A0CFABD005DFF0 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-07-10 16:25:49 200E468E3E83481DE4C08CB786DB19FC 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-07-10 16:25:49 10E1EC58E8B8BCD14DA36AAB8647009F 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll 2014-07-10 16:25:48 A6B7A11B37C1BF854D9AC43CFE215A22 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-07-10 16:25:48 9489C3323D2BCFB3AF60475CCDA66B1A 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-07-10 16:25:47 239293442AE3873D253BFEE72AD01874 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-07-10 16:25:41 47C22FAAC1EC02467790C79B8DB6FCCB 596480 ----a-w- C:\Windows\Sysnative\qedit.dll ====== C:\Windows\Sysnative\drivers ===== 2014-07-10 16:28:22 3865C4E388B31940C8BB9F73D9738E93 71168 ----a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys 2014-07-10 16:25:41 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-18 16:58:51 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Sven\AppData\Roaming ====== 2014-07-20 08:03:04 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-07-20 08:03:04 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-07-20 08:03:04 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-07-20 08:03:04 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-07-20 08:03:03 -------- d-----w- C:\Users\Sven\AppData\Local\Temp ====== C:\Users\Sven ====== 2014-07-18 16:58:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-07-18 16:58:07 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Sven\Downloads\spsetup126 (3).exe 2014-07-18 16:58:04 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Sven\Downloads\spsetup126 (2).exe 2014-07-17 17:20:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\arrow_000\Downloads\RSITx64.exe ====== C: exe-files == 2014-07-21 06:35:40 FA09E920E9CDBC5E8AA4F839B5DEFE71 834664 ----a-w- C:\Users\Sven\AppData\Local\Temp\0007581405924540mcinst.exe 2014-07-18 17:47:08 C5D237A3DA4A914D19D825C73FDE4487 8848464 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe 2014-07-18 16:58:07 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Sven\Downloads\spsetup126 (3).exe 2014-07-18 16:58:04 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Sven\Downloads\spsetup126 (2).exe 2014-07-17 17:20:11 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\arrow_000\Downloads\RSITx64.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1678010181-4120838532-3394036514-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" ==== Startup Folders ====================== 2014-07-21 06:35:28 0 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/04/2014 18:27] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe] "C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Launch Manager" ["C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe"] "C:\Windows\SysNative\tasks\Norton Online Backup ARA" [C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe] "C:\Windows\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe] ==== Chrome Look ====================== Google Docs - arrow_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - arrow_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - arrow_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - arrow_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - arrow_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - arrow_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{2F393D12-3619-41E1-805E-B4885C5BCAE4}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {2F393D12-3619-41E1-805E-B4885C5BCAE4} Google Url="http://www.google.com/search?q={searchTerms}" {2F393D12-3619-41E1-805E-B4885C5BCAE4} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = ? O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: McAfee Application Installer Cleanup (0007581405924540) (0007581405924540mcinstcleanup) - McAfee, Inc. - C:\Users\Sven\AppData\Local\Temp\000758~1.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\arrow_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\arrow_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAI2MPY5 will be deleted at reboot C:\Users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZ73QWTV will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\arrow_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7111 folders=3877 492407594 bytes) ==== Empty Temp Folders ====================== C:\Users\arrow_000\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Sven\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Sven\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAI2MPY5" not found "C:\Users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZ73QWTV" not found ==== EOF on ma 21/07/2014 at 8:52:34,88 ======================