Zoek.exe v5.0.0.0 Updated 16-10-2014 Tool run by mama-nanda on do 16-10-2014 at 16:25:31,56. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mama-nanda\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 16-10-2014 16:28:58 Zoek.exe System Restore Point Created Succesfully. ==== VirusTotal Scan ====================== C:\Windows\system32\qdvd.dll https://www.virustotal.com/file/6529D8BF12AC9CB68F126DF6C09148ABC38060171A2C5AB5A2D8A1EE6F856E91/analysis/ ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Installed Programs ====================== Aangifte inkomstenbelasting 2013 Adobe Flash Player 15 Plugin Adobe Reader XI (11.0.09) - Nederlands AVG 2014 AVG SafeGuard toolbar Brother MFL-Pro Suite DCP-195C CCleaner Google Chrome Google Update Helper KPN Assistent Malwarebytes Anti-Malware versie 2.0.2.1012 McAfee Security Scan Plus Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Office Professional Editie 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MyFreeCodec NVIDIA-configuratiescherm 307.83 NVIDIA Grafisch stuurprogramma 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components OpenOffice 4.0.1 Rapport Samsung Kies Samsung Story Album Viewer SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) SkypeT 6.20 SUPERAntiSpyware Trusteer Eindpuntbeveiliging Visual Studio 2012 x86 Redistributables ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\AVG SafeGuard toolbar\vprot.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\AVG\AVG2014\avgcsrvx.exe C:\Users\mama-nanda\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\MAMA-N~1\AppData\Local\Temp\virustotal.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_1213b"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_1213b"=- ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 1918 MB CPU Info: Intel(R) Celeron(R) CPU E1400 @ 2.00GHz CPU Speed: 2048,1 MHz Sound Card: Luidsprekers (2- High Definitio | Digitale audio (S/PDIF) (2- Hig | Digitale audio (HDMI) (High Def | Display Adapters: NVIDIA GeForce 7100 / NVIDIA nForce 630i | NVIDIA GeForce 7100 / NVIDIA nForce 630i | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce-netwerkcontroller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-S223B Ports: COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 148,7GB | D: 84,1GB | J: 698,6GB Hard Disks - Free: C: 113,6GB | D: 30,0GB | J: 98,2GB Manufacturer *: Award Software International, Inc. BIOS Info: AT/AT COMPATIBLE | 01/20/09 | GBT - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: Gigabyte Technology Co., Ltd. GA-73PVM-S2H Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Internet Explorer Version: 11.0.9600.17280 Google Chrome version: 38.0.2125.104 Adobe Reader version: 11.0.9.29 Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\MAMA-N~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2014-10-01 10:42:50 46278518D370416D6339FCC5FA6A61EC 208888 ----a-w- C:\Windows\System32\drivers\RapportKELL.sys ====== C:\Windows\Tasks ====== 2014-10-15 15:25:35 C5CB9F11C9F42073DEA87C1265BFEE73 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-15 15:25:35 A4B05D787088F873FD8B11B5582671E0 4048 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2014-10-15 15:25:34 6F0AD817B492B06E5D9695AFB4D46171 1048 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-15 15:25:34 4B7240EB7E6D116AE0CFE7971DD2D27D 3796 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-15 17:26:12 -------- d-----w- C:\Program Files\trend micro 2014-10-08 12:55:06 -------- d-----w- C:\Program Files\Common Files\Skype ======= C: ===== ====== C:\Users\mama-nanda\AppData\Roaming ====== 2014-10-15 15:24:38 -------- d-----w- C:\Users\mama-nanda\AppData\Local\Apps 2014-10-15 15:24:37 -------- d-----w- C:\Users\mama-nanda\AppData\Local\Deployment ====== C:\Users\mama-nanda ====== 2014-10-15 17:25:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\mama-nanda\Downloads\RSIT.exe 2014-10-15 15:26:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-13 16:36:22 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (3).exe 2014-10-13 16:19:46 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (2).exe 2014-10-08 12:55:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2014-10-15 17:26:13 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\mama-nanda.exe 2014-10-15 17:25:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\mama-nanda\Downloads\RSIT.exe 2014-10-15 15:26:02 EC87C870FC286178E461C1D917567DCE 41081424 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe 2014-10-15 15:25:32 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateBroker.exe 2014-10-15 15:25:32 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe 2014-10-15 15:25:31 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe 2014-10-15 15:25:31 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateSetup.exe 2014-10-15 15:25:23 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe 2014-10-15 15:25:23 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdate.exe 2014-10-15 15:25:23 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe 2014-10-15 15:25:23 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler64.exe 2014-10-15 15:25:02 A2FC3671E02728D4DF4C86A741D39D80 10120 ------w- C:\Users\mama-nanda\AppData\Local\Apps\2.0\CER7RTM0.BXZ\5D2PRGOK.NHG\inst...app_4fe91ede9f9bdca3_0001.0003_9ec75c72e82206a0\clickonce_bootstrap.exe 2014-10-15 15:25:02 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\mama-nanda\AppData\Local\Apps\2.0\CER7RTM0.BXZ\5D2PRGOK.NHG\inst...app_4fe91ede9f9bdca3_0001.0003_9ec75c72e82206a0\GoogleUpdateSetup.exe 2014-10-15 15:25:02 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\mama-nanda\AppData\Local\Apps\2.0\CER7RTM0.BXZ\5D2PRGOK.NHG\clic...exe_4fe91ede9f9bdca3_0001.0003_none_e0b66a25f1dbb47c\GoogleUpdateSetup.exe 2014-10-13 16:36:22 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (3).exe 2014-10-13 16:19:46 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (2).exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrMfcWnd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrMfcWnd" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter3] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter3" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesAirMessage" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\KiesAirMessage.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KPN Assistent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KPN Assistent" "hkey"="HKLM" "command"="C:\\Program Files\\KPN\\KPN Assistent\\KPN_Assistent.exe /auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" ==== Startup Folders ====================== 2014-06-26 17:36:59 2012 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10-09-2014 19:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15-10-2014 17:25] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15-10-2014 17:25] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\{2A863AB5-10DE-4885-9A76-2021243FD7CA}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\{8A347C4F-BC49-4DAB-A8AA-CB9342258816}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\{B156F9F5-5669-432D-87DB-94F1037FA3FF}" ["c:\program files\google\chrome\application\chrome.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204" [05-02-2014 17:04] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] Docs - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf {scripts [scripts/common.jsscripts/background.js]}content_scripts:[{all_frames:falsejs:[scripts/content.jsscripts/contentInit.js]matches:[]run_at:document_end}]description:Search the web safely using the AVG SafeGuard toolbar.icons:{128:icons/avg_icon_128.png}key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQABmanifest_version:2name:AVG SafeGuardpermissions:[tabsnativeMessaginghistory]update_url:https://clients2.google.com/service/update2/crxversion:18.1.5.512} - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 16:04:14&v=18.1.5.512&pid=safeguard&sg=&sap=hp", "homepage": "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=17.2.0.38&pid=safeguard&sg=&sap=hp", "startup_urls": [ "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=17.2.0.38&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 16:04:14&v=17.3.1.204&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=18.0.5.292&pid=safeguard&sg=&sap=hp|http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 16:04:14&v=17.3.1.204&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 16:04:14&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=18.1.5.512&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=18.1.7.598&pid=safeguard&sg=&sap=hp", "http://mysearch.avg.com?cid={506386E1-6045-41D7-A468-46F4DE9DBBF6}&mid=835b18b0706747d3b0c3d16d5bc016ae-0b942e671f73857f481eee87ae1cd11c1f884ac0&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-23 09:51:42&v=18.1.9.786&pid=safeguard&sg=&sap=hp" ], ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully ==== HijackThis Entries ====================== O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-602132388-3691444049-2182991524-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-602132388-3691444049-2182991524-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on do 16-10-2014 at 16:45:02,93 ======================