Zoek.exe v5.0.0.0 Updated 05-September-2014 Tool run by leoroumans on vr 05-09-2014 at 9:34:32,45. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\leoroumans\AppData\Local\Temp\Temp1_zoek (1).zip\zoek.com [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 5-9-2014 09:36:39 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2640948650-3554147299-374822674-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_USERS\S-1-5-21-2640948650-3554147299-374822674-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_USERS\S-1-5-21-2640948650-3554147299-374822674-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_USERS\S-1-5-21-2640948650-3554147299-374822674-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_CLASSES_ROOT\CLSID\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 64 Bit HP CIO Components Installer Aangifte inkomstenbelasting 2012 Aangifte inkomstenbelasting 2013 Adobe Reader XI (11.0.07) - Nederlands Adobe Shockwave Player 11.6 B010 BufferChm CCleaner Connected Music powered by Universal Music Group version 1.0 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink Power2Go 8 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Driver Restore Energy Star Epson Connect Printer Setup Epson E-Web Print EPSON Printer Finder EPSON XP-205 207 Series Printer Uninstall Google Chrome Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.2.0.0 HP Customer Experience Enhancements HP Imaging Device Functions 14.0 HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 HP Postscript Converter HP Registration Service HP Solution Center 14.0 HP Support Assistant HP Support Information HP Update HPPhotoGadget HPProductAssistant HPSSupply Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client Java 7 Update 11 Java Auto Updater Junk Mail filter update McAfee Security Scan Plus Mesh Runtime Messenger Companion Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 voor Thuisgebruik en Zakelijke toepassingen Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2007 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSVCRT_amd64 PC_Booster PC_Sustainer 1.80 PDF Creator PDF Creator Packages pruiceechop PS_AIO_07_B010_SW_Min Realtek High Definition Audio Driver Recovery Manager Scan Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shop for HP Supplies Software Updater SolutionCenter Status swMSM TomTom HOME TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VSO ConvertXToDVD WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources YoutuBeAAdBLuOcke ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\pruiceechop deleted C:\Program Files (x86)\YoutuBeAAdBLuOcke deleted C:\ProgramData\YoutuBeAAdBLuOcke deleted C:\ProgramData\pruiceechop deleted C:\ProgramData\567c8c3b64bb96c8 deleted C:\Users\leoroumans\AppData\LocalLow\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted C:\Users\leoroumans\AppData\LocalLow\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted C:\Users\leoroumans\AppData\Local\Packages\windows_ie_ac_001\AC\{2920d0bb-4fc1-4bb0-a663-6f4db0883e8c} deleted C:\Users\leoroumans\AppData\Local\Packages\windows_ie_ac_001\AC\{9d85713a-45d7-4902-a8ba-497fd3752239} deleted C:\PROGRA~2\Connected Music powered by Universal Music Group deleted C:\PROGRA~2\PC_Booster deleted C:\PROGRA~3\Trusted Publisher deleted C:\Users\leoroumans\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\WINDOWS\tasks\PC_Booster-S-493389286.job deleted C:\windows\SysNative\tasks\PC_Booster-S-493389286 deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted "C:\windows\Installer\3069c6f5.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6011 MB CPU Info: Intel(R) Pentium(R) CPU G645T @ 2.50GHz CPU Speed: 2511,4 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Qualcomm Atheros AR8152 PCI-E Fast Ethernet-controller (NDIS 6.30) CD / DVD Drives: 1x (E: | ) E: hp DVD A DH16ACSHR Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 921,2GB | D: 8,4GB Hard Disks - Free: C: 860,8GB | D: 1,0GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: PEGATRON CORPORATION 2AE2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17239 Google Chrome version: 36.0.1985.143 Adobe Reader version: 11.0.07.79 Sun Java version: 1.7.0_11 (32-bit) Shockwave Player version: 11.6.8r638 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\LEOROU~1\AppData\Local\Temp ==== 2014-09-01 19:51:40 B0C2A4F1F7CB31192E30890650E8B5D3 1765376 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\setupbc.exe 2014-09-01 19:51:28 D77F3FD21DD2FA202D4724DBE9A88041 2764800 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\setupytb.exe 2014-09-01 19:51:17 929905F219FE400F55FD9AC00D157058 2682880 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\extIE_setup.exe 2014-09-01 19:51:05 A7B332042D3F714D9ABC3CE9FF2A923E 1847296 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\setupespl.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-08-28 07:22:30 568D6F1C730EC3A9B381F01020D600DC 4148224 ----a-w- C:\WINDOWS\Sysnative\win32k.sys ====== C:\WINDOWS\Sysnative\drivers ===== 2014-08-13 01:41:31 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-08-13 01:40:04 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-08-13 01:40:01 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys 2014-08-13 01:39:59 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\WINDOWS\Sysnative\drivers\vwifimp.sys 2014-08-13 01:39:56 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\WINDOWS\Sysnative\drivers\vwififlt.sys 2014-08-13 01:38:37 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2014-08-13 01:33:56 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys 2014-08-13 01:33:56 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys 2014-08-13 01:33:56 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys 2014-08-13 01:33:56 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2014-08-13 01:33:56 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys 2014-08-13 01:33:56 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys 2014-08-13 01:33:56 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-08-13 01:33:56 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys 2014-08-13 01:33:55 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\leoroumans\AppData\Roaming ====== 2014-09-01 19:51:05 -------- d-----w- C:\Users\leoroumans\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\leoroumans\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\leoroumans\AppData\Local\Chromatic Browser 2014-09-01 19:51:05 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-09-01 19:51:05 -------- d-----w- C:\Users\Gast\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\Gast\AppData\Local\Chromatic Browser 2014-09-01 19:51:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch 2014-09-01 19:51:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2014-09-01 19:51:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-01 19:51:04 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google 2014-09-01 19:51:04 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-09-01 19:51:04 -------- d-----w- C:\Users\Administrator\AppData\Local\Google ====== C:\Users\leoroumans ====== 2014-09-01 19:51:06 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2014-09-01 19:51:04 -------- d-----w- C:\Users\HomeGroupUser$\AppData 2014-09-01 19:51:04 -------- d-----w- C:\Users\Gast\AppData 2014-09-01 19:51:04 -------- d-----w- C:\Users\Administrator\AppData 2014-09-01 19:50:35 380262714325254772CDA9F22B119AB2 1261296 ----a-w- C:\Users\leoroumans\Downloads\Setup.exe 2014-09-01 19:50:32 EAC26DA6E23238FEB5DB7365893FC857 842608 ----a-w- C:\Users\leoroumans\Downloads\Soesi B - Depressief.mp4.exe ====== C: exe-files == 2014-09-01 19:51:40 B0C2A4F1F7CB31192E30890650E8B5D3 1765376 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\setupbc.exe 2014-09-01 19:51:28 D77F3FD21DD2FA202D4724DBE9A88041 2764800 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\setupytb.exe 2014-09-01 19:51:17 929905F219FE400F55FD9AC00D157058 2682880 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\extIE_setup.exe 2014-09-01 19:51:05 A7B332042D3F714D9ABC3CE9FF2A923E 1847296 ---ha-w- C:\Users\leoroumans\AppData\Local\Temp\s4nk\temp\setupespl.exe 2014-09-01 19:50:35 380262714325254772CDA9F22B119AB2 1261296 ----a-w- C:\Users\leoroumans\Downloads\Setup.exe 2014-09-01 19:50:32 EAC26DA6E23238FEB5DB7365893FC857 842608 ----a-w- C:\Users\leoroumans\Downloads\Soesi B - Depressief.mp4.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2640948650-3554147299-374822674-1001\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Driver Restore"="C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT EPLTarget\P0000000000000000 /M XP-205 207 Series" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Driver Restore"="C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT EPLTarget\P0000000000000000 /M XP-205 207 Series" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\pc_boo~1\\assist~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" C:\\PROGRA~2\\PC_BOO~1\\ASSIST~2.DLL" ==== Startup Folders ====================== 2013-01-17 13:02:19 1298 ----a-w- C:\Users\leoroumans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2012-11-27 18:23:06 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\HPCeeScheduleForleoroumans.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13-09-2010 23:15] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\Driver Restore-RTMRules" [C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe] "C:\WINDOWS\SysNative\tasks\Driver Restore-RTMScan" [C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe] "C:\WINDOWS\SysNative\tasks\Driver Restore-RTMUpdater" [C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForleoroumans" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F074503E-32A1-4C3C-A16B-C0792471D240}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [12-11-2013 16:02] ==== Firefox Extensions ====================== ProfilePath: C:\Users\LEOROU~1\AppData\Roaming\TomTom\HOME\Profiles\sd78tyfa.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] pricechOp - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Administrator\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Administrator\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - Gast\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - Gast\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - leoroumans\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - leoroumans\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - leoroumans\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - leoroumans\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - leoroumans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - leoroumans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon Google Wallet - leoroumans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda pricechOp - leoroumans\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - leoroumans\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon pricechOp - leoroumans\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff Speedy Shopper - leoroumans\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon ==== Chromium Startpages ====================== C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ], ==== Chrome Fix ====================== C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_espanol.babylon.com_0.localstorage deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_espanol.babylon.com_0.localstorage-journal deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\leoroumans\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\leoroumans\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\leoroumans\AppData\Local\Torch\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khagclindddokccfbmfmckaflngbmpon_0.localstorage deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khagclindddokccfbmfmckaflngbmpon_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\leoroumans\AppData\Local\Chromatic Browser\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\leoroumans\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\leoroumans\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully C:\Users\leoroumans\AppData\Local\Torch\User Data\Default\Extensions\aahibjpdmklfcggkiejmmmemlocokhff deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9B803B3A69EB433418F6D3281BA9D72E deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-493389286 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A3B308B9-BE96-4334-816F-3D82B19A7DE2} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{248642b4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9B803B3A69EB433418F6D3281BA9D72E deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-205 207 Series" O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\pc_boo~1\assist~1.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\leoroumans\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\leoroumans\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\leoroumans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1300 folders=235 784601038 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\leoroumans\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\LEOROU~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on vr 05-09-2014 at 10:00:55,98 ======================