Zoek.exe v5.0.0.0 Updated 05-October-2014 Tool run by Ramon on ma 06-10-2014 at 13:40:51,63. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: B:\zoek.exe [Scan all users] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe C:\Program Files\Twonky\TwonkyServer\TwonkyServer.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe B:\Progjes\Mindful\Mindful.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Twonky\TwonkyServer\twonkytray.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe B:\zoek.exe C:\Windows\system32\conhost.exe ==== System Restore Info ====================== 6-10-2014 13:43:19 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) æTorrent 32 Bit HP CIO Components Installer Acoustica Photos Forever Adobe Flash Player 15 ActiveX Adobe Reader XI (11.0.09) - Nederlands AIO_Scan Avira Avira APC 0.1.0.1 Avira Free Antivirus AVS Antispam AVS Audio Converter 7.2 AVS Audio Editor 7.2 AVS Audio Recorder 4.0 AVS Cover Editor 2.0.1.3 AVS Disc Creator 5.2 AVS Document Converter 2.3.1 AVS DVD Copy 4.1.2.283 AVS Image Converter 3.1.1.275 AVS Media Player 4.2.2.104 AVS Photo Editor 2.2.1.140 AVS Registry Cleaner 2.3.3.258 AVS Ringtone Maker version 1.6 AVS Screen Capture version 2.0.1 AVS Video Converter 8.5 AVS Video Editor 6.5 AVS Video Recorder 2.6 AVS Video ReMaker 4.3.1.161 Bit Che BufferChm C5200 C5200_Help CCleaner Copy D3DX10 Destinations DeviceDiscovery DVD Flick 1.3.0.7 Fax Folder Colorizer version 1.0.2 FormatFactory 2.80 FrostWire 5.7.3 Gadwin PrintScreen Google Drive Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Support Solutions Framework HP Update HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential HPProductAssistant HPSSupply IncrediMail Java 7 Update 67 Java Auto Updater Junk Mail filter update K-Lite Mega Codec Pack 8.6.0 LightScribe System Software 1.12.29.2 Logitech Vid HD Logitech Webcam Software Malwarebytes Anti-Malware versie 2.0.2.1012 MarketResearch Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mindful version 1.2 Movie Maker Movie Maker 6.0 for Windows 7 (32-bit) MSVCRT MSVCRT110 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network NVIDIA-configuratiescherm 340.52 NVIDIA 3D Vision controllerstuurprogramma 340.50 NVIDIA 3D Vision stuurprogramma 340.52 NVIDIA GeForce Experience 2.1.1 NVIDIA Grafisch stuurprogramma 340.52 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.13.1220 NVIDIA ShadowPlay 15.3.33 NVIDIA Stereoscopic 3D Driver NVIDIA Update 15.3.33 NVIDIA Update Core NVIDIA Virtual Audio 1.2.23 OpenOffice 4.1.0 Paint.NET v3.5.11 Paragon Backup & RecoveryT 10 Home Photo Common Photo Gallery Photocopier 3.05 Picasa 3 Pinnacle VideoSpin PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_Min Rapport Recuva Revo Uninstaller 1.95 Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio MyDVD Basic v9 Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition SHIELD Streaming Shop for HP Supplies Skype Click to Call Skype Web Plugin SkypeT 6.20 SmartWebPrinting SolutionCenter Sonic Activation Module Status Toolbox TrayApp Trusteer Eindpuntbeveiliging TuneUp Utilities Language Pack (nl-NL) Twonky 7 UnloadSupport Unlocker 1.9.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VLC media player 1.1.4 WebReg Widevine Media Optimizer IE 6.0.0 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources xplorerý Ultimate 32 bit Youtube Downloader HD v. 2.9.5 ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Package Cache deleted C:\Windows\system32\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 2816 MB CPU Info: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ CPU Speed: 2649,8 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Display Adapters: NVIDIA GeForce 9200 | NVIDIA GeForce 9200 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-5170A Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 97,6GB Hard Disks - Free: C: 38,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 03/27/08 | DELL - 20080327 Time Zone: West-Europa (standaardtijd) Motherboard *: Packard Bell BV Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Avira Desktop On-access scanning disabled (Outdated) Anti-Spyware: Avira Desktop disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17280 Adobe Reader version: 11.0.9.29 Sun Java version: 1.7.0_67 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Ramon\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-10-05 11:51:43 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\System32\qdvd.dll 2014-10-05 11:51:30 C263F3E7E0523556964D661BC7CB9565 2048 ----a-w- C:\Windows\System32\tzres.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-05 12:02:28 -------- d-----w- C:\Program Files\trend micro 2014-09-18 10:01:42 -------- d-----w- C:\Program Files\Common Files\Skype ======= C: ===== ====== C:\Users\Ramon\AppData\Roaming ====== ====== C:\Users\Ramon ====== 2014-09-18 10:01:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2014-10-05 12:02:28 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ramon.exe 2014-10-05 11:51:30 4D4DE14938C5BA12B70957F4AB1EEAF5 40448 ----a-w- C:\Windows\servicing\GC32\tzupd.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3033379807-551688170-3627618544-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" "Mindful"="B:\Progjes\Mindful\Mindful.exe" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Avira Systray"="C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleDriveSync" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\Drive\\googledrivesync.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightScribe Control Panel" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logitech Download Assistant" "hkey"="HKLM" "command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechQuickCamRibbon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogitechQuickCamRibbon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe\" /hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RoxioDragToDisc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UnlockerAssistant" "hkey"="HKLM" "command"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ramon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Ramon\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CscService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SbieSvc] ==== Startup Folders ====================== 2011-10-23 14:52:21 2069 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2014-05-02 10:44:16 1096 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26-08-2012 15:50] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26-08-2012 15:50] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033379807-551688170-3627618544-1000Core.job --a------ C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe [20-09-2012 16:01] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033379807-551688170-3627618544-1000UA.job --a------ C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe [20-09-2012 16:01] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3033379807-551688170-3627618544-1000Core" [C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3033379807-551688170-3627618544-1000UA" [C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files\TuneUp Utilities 2013\OneClick.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{323DE27E-D5C4-406E-870E-8DA97FFE2001}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{129D5908-1643-4F77-9D71-19F5401C4029}" [C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe] "C:\Windows\system32\tasks\{14699272-18BE-4230-8E09-3BC4435D940E}" [C:\Program Files\Movie Maker\MOVIEMK.exe] "C:\Windows\system32\tasks\{1DEDB66D-C280-4C35-B63A-0428E9FCFC13}" [C:\Users\Ramon\Desktop\Audio Video Map\FlashVideoDownloader.exe] "C:\Windows\system32\tasks\{21EA6CA6-8932-4481-9878-747D0A7F78D1}" [C:\Windows Photo Gallery\WindowsPhotoGallery.exe] "C:\Windows\system32\tasks\{2F12B721-38D8-49C9-9806-9FCE11E32E37}" [C:\Users\Ramon\Desktop\Audio Video Map\FlashVideoDownloader.exe] "C:\Windows\system32\tasks\{33B60969-C14D-4562-8EFB-4F1237A6F993}" [B:\Progjes\Photocopier\COPIER.EXE] "C:\Windows\system32\tasks\{34DE454B-D4A6-4E21-B722-3826FED5F873}" [C:\Windows Mail\WinMail.exe] "C:\Windows\system32\tasks\{3E45E455-8BCE-4FA2-859E-4D5B32206E12}" [C:\Users\Ramon\Desktop\Audio Video Map\FlashVideoDownloader_2.4.1.0.exe] "C:\Windows\system32\tasks\{4590F9AF-CD97-4158-A1AD-CC8983988514}" [B:\Progjes\Photocopier\COPIER.EXE] "C:\Windows\system32\tasks\{47954B1F-A264-44A4-AD42-0786DBD3AC1A}" [B:\AVSVideoEditor\AVSVideoEditor.exe] "C:\Windows\system32\tasks\{4AB4FBAE-9E23-4619-9AF3-356898A31FDF}" [C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe] "C:\Windows\system32\tasks\{502E3175-6888-4741-AB5A-9872BEF75994}" [B:\AVSVideoEditor\AVSVideoEditor.exe] "C:\Windows\system32\tasks\{5D3F737B-42C4-46E6-B089-E02FBA34F17E}" [C:\Documents and Settings\Ramon\Documents\ConvertXtoDVD\FlashVideoDownloader.exe] "C:\Windows\system32\tasks\{66273058-B2B3-494E-8B17-FE61A47B3E20}" [B:\Progjes\Photocopier\COPIER.EXE] "C:\Windows\system32\tasks\{744C6566-3C61-4A71-A30D-D627AA30F531}" [B:\Program Files\Nero\Nero 9\Nero Burning ROM\Nero.exe] "C:\Windows\system32\tasks\{85DBF70E-4080-4C9B-9D45-E3A2056D0BC2}" [C:\Users\Ramon\Desktop\Audio Video Map\FlashVideoDownloader_2.4.1.0.exe] "C:\Windows\system32\tasks\{89D8709F-59E4-4058-95D6-1876CBFA72E4}" [C:\Windows Photo Gallery\WindowsPhotoGallery.exe] "C:\Windows\system32\tasks\{8EBF1BDA-0675-4DBE-AE1F-EFC8631F47D2}" [B:\AVSVideoEditor\AVSVideoEditor.exe] "C:\Windows\system32\tasks\{98C2B010-E71B-4E45-806B-E9667E311DE9}" [B:\Progjes\Free YouTube Download\FreeYouTubeDownload.exe] "C:\Windows\system32\tasks\{9C19E3D5-612D-44B4-824F-89DB191D0247}" [B:\AVS4YOU\AVSDiscCreator\AVSDiscCreator.exe] "C:\Windows\system32\tasks\{A7C9421F-E038-4D2C-9347-6B081F65101E}" [B:\Progjes\Free YouTube Download\FreeYouTubeDownload.exe] "C:\Windows\system32\tasks\{B8049935-8242-44C0-92EB-32D2C5B2CBBF}" [C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe] "C:\Windows\system32\tasks\{B9E31F49-E7A6-4800-A82E-7461DF49EFC3}" [B:\Progjes\Photocopier\COPIER.EXE] "C:\Windows\system32\tasks\{CAD840A0-C086-447E-935A-265360D26179}" [C:\Windows Photo Gallery\WindowsPhotoGallery.exe] "C:\Windows\system32\tasks\{D3359452-7907-448C-92C6-21D2D6E5ED6F}" [C:\Users\Ramon\Desktop\Audio Video Map\FlashVideoDownloader_2.4.1.0.exe] "C:\Windows\system32\tasks\{D8C80B3D-73A4-420A-A8E2-C83ECD4407DF}" [B:\Progjes\Free YouTube Download\FreeYouTubeDownload.exe] "C:\Windows\system32\tasks\{DCE45527-132F-400B-BAD8-B411489E7FB8}" [B:\Progjes\Start.exe] "C:\Windows\system32\tasks\{FF28DE5E-866C-4662-820D-8AF550EA8E7B}" [B:\Mindful 2\Mindful.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23-10-2011 16:54] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23-10-2011 16:54] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Mindful] B:\Progjes\Mindful\Mindful.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Ramon\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: TwonkyServer.lnk = C:\Program Files\Twonky\TwonkyServer\twonkytray.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TwonkyProxy - Unknown owner - C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe O23 - Service: TwonkyServer - PacketVideo - C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe O23 - Service: TwonkyWebDav - Unknown owner - C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ==== Empty IE Cache ====================== C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBZUJLC0 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=15 folders=5 5205905 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Ramon\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ramon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ramon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBZUJLC0" deleted ==== EOF on ma 06-10-2014 at 14:37:52,72 ======================