Zoek.exe v5.0.0.0 Updated 14-September-2014 Tool run by Duquenne on wo 17-09-2014 at 16:09:57,46. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Duquenne\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-05-02-140628.log 24583 bytes ==== Empty Folders Check ====================== C:\Users\Duquenne\AppData\Roaming\autosave deleted successfully C:\Users\Duquenne\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Reader XI (11.0.08) - Nederlands AIMP3 Ashampoo Burning Studio 14 v.14.0.4 BitTorrent CCleaner Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition EaseUS Partition Master 10.0 Facebook Video Calling 3.1.0.521 MailWasher Malwarebytes Anti-Malware versie 2.0.2.1012 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Security Client Microsoft Security Essentials Mozilla Firefox 31.0 (x86 nl) Mozilla Maintenance Service Photo Slideshow Creator 3.0 Picasa 3 Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shark007 Advanced Codecs SkypeT 6.18 Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition WinRAR 5.01 (32-bit) ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Users\Duquenne\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Users\Duquenne\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Windows\system32\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 3071 MB CPU Info: AMD Turion(tm) 64 X2 Mobile Technology TL-64 CPU Speed: 815,3 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Display Adapters: Standaard-VGA grafische adapter | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen niet-PnP-beeldscherm | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Realtek RTL8187B 802.11b/g 54 Mbps draadloze USB 2.0-netwerkadapter | NVIDIA nForce-netwerkcontroller CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-5540A Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 141,0GB | D: 149,0GB Hard Disks - Free: C: 96,8GB | D: 148,9GB Manufacturer *: Phoenix Technologies Ltd. BIOS Info: AT/AT COMPATIBLE | 12/18/07 | PacBel - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: PACKARD BELL BV EasyNote_SJ82 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17280 Mozilla Firefox version: 31.0 (x86 nl) Adobe Reader version: 11.0.8.4 Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Duquenne\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-09-12 09:19:41 7C3D593AB1E2F5E5687D97772EF99AC7 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-09-12 09:19:39 E3D7B3F64C30994409BDF8E48048A854 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-09-12 09:19:38 6DD476318F524D2DCB73AFEB2EE27B4A 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-09-12 09:19:38 297EF1AB73B8FCE76BCA1365C2E49AFC 440320 ----a-w- C:\Windows\System32\ieui.dll 2014-09-12 09:19:37 2E2E40E5D92EEA979548E307C5781038 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-09-12 09:19:36 CC8F34B345DA638D77BB48C035DA628D 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-09-12 09:19:36 AE7BCEA48C8AE4C1A26A2A26C94DD29D 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-09-12 09:19:36 13C2C87C35E52AAB1B439FB2E26DF2DE 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-09-12 09:19:35 D603AC77E17E5B9583E382F2EE0381A7 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-09-12 09:19:35 84E96F4AF8A7748A3DE7C3EBBC6768E5 365056 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-09-12 09:19:35 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-09-12 09:19:35 1D8C086A39B9794D7131384586811B25 678400 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-09-12 09:19:34 AA595171932ACC79DA9851067DCBDABF 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-09-12 09:19:34 4F2EDC301EC63F803C0FDB6CC87EDA24 454656 ----a-w- C:\Windows\System32\vbscript.dll 2014-09-12 09:19:34 010DFAF3EF93994B805BAA1493D47973 243200 ----a-w- C:\Windows\System32\dxtrans.dll 2014-09-12 09:19:33 95D7609E05218407071E353800581BF2 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-09-12 09:19:33 88EBB8526981D03C5777AB0A4AEBA8B4 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-09-12 09:19:33 77F79126444896B5867E6761490735B8 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-09-12 09:19:33 5074835337862817DB3726558D0908DE 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-09-12 09:19:32 24225D0B94B800F4A78A0AC08E7FA4AE 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-12 09:19:32 074646C5A979DE79133DE4A8530A9C5D 603136 ----a-w- C:\Windows\System32\msfeeds.dll 2014-09-12 09:19:31 E16EA38E5E98E485BE566738367AF16F 673792 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-09-12 09:19:31 8D4FCAB2643DFEF68040B70F1EDCCBC5 327872 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-09-12 09:19:28 FD96C05DE700F5FD26273D6DDB6495A7 2185728 ----a-w- C:\Windows\System32\iertutil.dll 2014-09-12 09:19:28 D58988722C72D265B51A54103DFC2C6F 1812992 ----a-w- C:\Windows\System32\wininet.dll 2014-09-12 09:19:27 77B7DDF91F3ED2CDB6CF60224EE13433 4232704 ----a-w- C:\Windows\System32\jscript9.dll 2014-09-12 09:19:26 6A3A809CA7A8F40C89E6F1D301898A66 2014208 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-09-12 09:19:26 41010A88B70A2168F801DC19EBD4CB4F 1190400 ----a-w- C:\Windows\System32\urlmon.dll 2014-09-12 09:19:24 7BF1CE9240CB9DD27C3E30733176EB8E 17455104 ----a-w- C:\Windows\System32\mshtml.dll 2014-09-12 09:19:23 A3560FAFC1686D5EE9830B33B5C74B66 11769856 ----a-w- C:\Windows\System32\ieframe.dll 2014-09-12 09:17:52 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2014-09-12 07:32:14 1B85FA0D0A93C011B76678733F39DB6C 550912 ----a-w- C:\Windows\System32\kerberos.dll 2014-09-12 07:32:12 DCA0AC63EF309E17BEEDE8D90622285F 1059840 ----a-w- C:\Windows\System32\lsasrv.dll 2014-09-12 07:31:27 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-09-12 07:31:18 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\System32\TSWorkspace.dll 2014-09-12 07:31:03 7D11D2B186C369E39D3B3759AE2775CE 445952 ----a-w- C:\Windows\System32\aepdu.dll 2014-09-12 07:30:59 11423EFD825011A0F5EC76D89D0C89A1 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-09-06 13:17:56 DBF9369D554A229DB0D554BB95A4B0AA 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-09-06 13:17:56 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-09-06 13:11:41 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll 2014-09-06 13:11:41 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll 2014-09-06 13:11:41 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll 2014-09-06 13:11:41 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-09-06 13:11:18 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\System32\wuapi.dll 2014-09-06 13:11:18 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\System32\wudriver.dll 2014-09-06 13:11:18 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\System32\wups.dll 2014-09-06 13:10:27 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe 2014-09-06 13:10:27 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-16 16:17:41 -------- d-----w- C:\Program Files\trend micro ======= C: ===== 2014-09-16 07:55:28 2F8360DECB8043C7C6CAA75E4C13CA07 3656 ------w- C:\bootsqm.dat ====== C:\Users\Duquenne\AppData\Roaming ====== 2014-08-23 12:34:31 EE5B91CA3889BE7D18BE1400E35FC81C 109280 ----a-w- C:\Users\Duquenne\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\Duquenne ====== 2014-09-16 16:16:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Duquenne\Downloads\RSIT.exe 2014-09-16 08:20:02 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Duquenne\Downloads\adwcleaner_3.310.exe 2014-09-09 11:16:14 13EC9896CB74B8BD8F6C92135DFACD20 1370467 ----a-w- C:\Users\Duquenne\Downloads\adwcleaner_3.309.exe ====== C: exe-files == 2014-09-16 16:17:41 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Duquenne.exe 2014-09-16 16:16:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Duquenne\Downloads\RSIT.exe 2014-09-16 08:20:02 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Duquenne\Downloads\adwcleaner_3.310.exe 2014-09-12 09:19:35 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-09-12 09:19:33 95D7609E05218407071E353800581BF2 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-09-12 09:19:32 24225D0B94B800F4A78A0AC08E7FA4AE 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-12 09:19:31 E16EA38E5E98E485BE566738367AF16F 673792 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-09-12 09:19:28 665256B575BF83E4B188BE73450C5C29 470016 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-09-12 09:19:28 4DABFE3A9D3C67E9D9AD83C7F8FAD855 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-09-12 09:19:26 EEA63B8CF19E59C4A51AD2D9A59DDA25 812216 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-09-12 07:31:01 13D383D25CB713F645937C8B183EEEE2 148136 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2008494405-2025870050-566855100-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUS EPM tray" "hkey"="HKLM" "command"="C:\\Program Files\\EaseUS\\EaseUS Partition Master 10.0\\bin\\EpmNews.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM Tray Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUS EPM Tray Agent" "hkey"="HKLM" "command"="\"C:\\Program Files\\EaseUS\\EaseUS Partition Master 10.0\\bin\\TrayPopupE\\TrayTipAgentE.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-09-2014 10:45] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000Core.job --a------ C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe [08-08-2014 12:07] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000UA.job --a------ C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe [08-08-2014 12:07] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000Core" [C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2008494405-2025870050-566855100-1000UA" [C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\{74350473-4CED-4466-A364-4442B7B5294C}" ["c:\program files\mozilla firefox\firefox.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Duquenne\AppData\Roaming\Mozilla\Firefox\Profiles\azja0ukd.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Duquenne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 5FDB2FD0DA5D57A4BFB7CDF8604A2783 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.bing.com/search?q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.bing.com/search?q={searchTerms}" @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/ie" "SearchAssistant"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.be/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {AE115A3D-5F9F-49B8-8B07-76CDEB0E6176} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Duquenne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Duquenne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Duquenne\AppData\Local\Mozilla\Firefox\Profiles\azja0ukd.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3 folders=1 787 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Duquenne\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Duquenne\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 17-09-2014 at 16:45:32,31 ======================