Zoek.exe v5.0.0.0 Updated 18-10-2014 Tool run by mama-nanda on za 18-10-2014 at 20:34:18,07. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mama-nanda\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-10-16-144502.log 29523 bytes C:\zoek-results2014-10-18-171734.log 21716 bytes C:\zoek-results2014-10-18-182555.log 34423 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Aangifte inkomstenbelasting 2013 Adobe Flash Player 15 Plugin Adobe Reader XI (11.0.09) - Nederlands AVG 2014 Brother MFL-Pro Suite DCP-195C CCleaner Google Chrome Google Update Helper KPN Assistent Malwarebytes Anti-Malware versie 2.0.2.1012 McAfee Security Scan Plus Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Office Professional Editie 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MyFreeCodec NVIDIA-configuratiescherm 307.83 NVIDIA Grafisch stuurprogramma 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components OpenOffice 4.0.1 Rapport Samsung Kies Samsung Story Album Viewer SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) SkypeT 6.20 SUPERAntiSpyware Trusteer Eindpuntbeveiliging Visual Studio 2012 x86 Redistributables ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\mama-nanda\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"=- [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"=- [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\AVG SafeGuard toolbar not found C:\Program Files\McAfee Security Scan not found C:\Users\mama-nanda\AppData\Roaming\AVG 1213b Campaign not found C:\Program Files\Common Files\AVG Secure Search not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" not found "C:\Program Files\AVG SafeGuard toolbar\TBAPI.dllsearch" not deleted "C:\Program Files\AVG SafeGuard toolbar\TBAPI.dllsearch" not deleted "C:\Program Files\AVG SafeGuard toolbar" not deleted "C:\Program Files\AVG SafeGuard toolbar" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 1918 MB CPU Info: Intel(R) Celeron(R) CPU E1400 @ 2.00GHz CPU Speed: 2000,8 MHz Sound Card: Luidsprekers (2- High Definitio | Digitale audio (S/PDIF) (2- Hig | Digitale audio (HDMI) (High Def | Display Adapters: NVIDIA GeForce 7100 / NVIDIA nForce 630i | NVIDIA GeForce 7100 / NVIDIA nForce 630i | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce-netwerkcontroller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-S223B Ports: COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 148,7GB | D: 84,1GB | J: 698,6GB Hard Disks - Free: C: 113,3GB | D: 30,0GB | J: 91,6GB Manufacturer *: Award Software International, Inc. BIOS Info: AT/AT COMPATIBLE | 01/20/09 | GBT - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: Gigabyte Technology Co., Ltd. GA-73PVM-S2H Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Internet Explorer Version: 11.0.9600.17358 Google Chrome version: 38.0.2125.104 Adobe Reader version: 11.0.9.29 Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\MAMA-N~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-10-16 14:04:10 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\System32\rastls.dll 2014-10-16 14:04:02 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\System32\mscories.dll 2014-10-16 14:04:02 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\System32\mscorier.dll 2014-10-16 14:04:02 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\System32\dfshim.dll 2014-10-16 14:03:55 1333DD61BA97EE3F9DF23A0D65A70AA0 230912 ----a-w- C:\Windows\System32\generaltel.dll 2014-10-16 14:03:53 0F655F9B3EBB3E05698B8F905F48953C 396288 ----a-w- C:\Windows\System32\aepdu.dll 2014-10-16 14:03:52 975CB5016F5C5520607F6CA6768F161B 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-10-16 14:03:48 348289FDF17FB4A1F23091F9463642D6 2379264 ----a-w- C:\Windows\System32\win32k.sys 2014-10-16 14:03:04 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-10-16 14:03:04 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-10-16 14:03:04 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-10-16 14:03:04 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-10-16 14:03:04 8F390C7AA11DF00FC3EF86FA72A939D2 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-10-16 14:03:04 8C8B6144B47FE37724590CA832ED26CA 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-10-16 14:03:03 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\System32\vbscript.dll 2014-10-16 14:03:03 CEA291F4C62ECBE1565EC4B37D9AF088 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-10-16 14:03:03 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-10-16 14:03:03 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\System32\wininet.dll 2014-10-16 14:03:02 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\System32\dxtrans.dll 2014-10-16 14:03:01 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-10-16 14:03:01 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\System32\ieui.dll 2014-10-16 14:03:00 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-10-16 14:02:59 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-10-16 14:02:59 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\System32\iertutil.dll 2014-10-16 14:02:57 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\System32\jscript9.dll 2014-10-16 14:02:57 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-10-16 14:02:55 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\System32\mshtml.dll 2014-10-16 14:02:53 AF31CC5BAEB4916C0AF9AB062CFE8DA2 677888 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-10-16 14:02:53 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-10-16 14:02:53 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\System32\urlmon.dll 2014-10-16 14:02:52 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-10-16 14:02:52 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-10-16 14:02:52 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-10-16 14:02:51 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-10-16 14:02:50 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-10-16 14:02:49 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-10-16 14:02:49 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-10-16 14:02:48 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\System32\ieframe.dll 2014-10-16 14:02:30 6BEA81D3173FC13402033ADC86C88E29 1050112 ----a-w- C:\Windows\System32\mstsc.exe 2014-10-16 14:02:30 22FE6C9FB6C490F9D279F95E5996323D 37376 ----a-w- C:\Windows\System32\tsgqec.dll 2014-10-16 14:02:30 157E827DCEF60AB109537FD34885725A 269312 ----a-w- C:\Windows\System32\aaclient.dll 2014-10-16 14:02:29 471B09D4C3A4EFE36A18CC1F433FE299 4922368 ----a-w- C:\Windows\System32\mstscax.dll 2014-10-16 14:02:28 54540EFB081D4960B5AE3E9F6BFB59A5 2744320 ----a-w- C:\Windows\System32\rdpcorets.dll 2014-10-16 13:59:44 E05E31F7BF577228E27CFFCA5B54ABBD 523264 ----a-w- C:\Windows\System32\termsrv.dll 2014-10-16 13:59:43 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\System32\winsta.dll 2014-10-16 13:59:42 B4203FC65D4C0D7A0B7A02AFD13472BB 130048 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2014-10-16 13:59:41 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\System32\credssp.dll 2014-10-16 13:59:41 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2014-10-16 13:56:40 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\System32\msi.dll 2014-10-16 13:52:52 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\System32\packager.dll ====== C:\Windows\system32\drivers ===== 2014-10-16 13:59:42 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-16 13:59:40 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2014-10-01 10:42:50 46278518D370416D6339FCC5FA6A61EC 208888 ----a-w- C:\Windows\System32\drivers\RapportKELL.sys ====== C:\Windows\Tasks ====== 2014-10-15 15:25:35 A4B05D787088F873FD8B11B5582671E0 4048 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2014-10-15 15:25:35 1C4E941322FDABE06D419773FB85AB1D 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-15 15:25:34 4B7240EB7E6D116AE0CFE7971DD2D27D 3796 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2014-10-15 15:25:34 180C72F86FBF0AD3D95E3C9F4338F980 1048 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-15 17:26:12 -------- d-----w- C:\Program Files\trend micro 2014-10-08 12:55:06 -------- d-----w- C:\Program Files\Common Files\Skype ======= C: ===== ====== C:\Users\mama-nanda\AppData\Roaming ====== 2014-10-18 18:25:54 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-10-18 18:25:54 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-10-18 18:25:54 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2014-10-18 18:25:53 -------- d-----w- C:\Users\Gast\AppData\Local\Temp 2014-10-18 18:25:53 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-10-18 18:25:53 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-10-15 15:24:38 -------- d-----w- C:\Users\mama-nanda\AppData\Local\Apps 2014-10-15 15:24:37 -------- d-----w- C:\Users\mama-nanda\AppData\Local\Deployment ====== C:\Users\mama-nanda ====== 2014-10-15 17:25:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\mama-nanda\Downloads\RSIT.exe 2014-10-15 15:26:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-13 16:36:22 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (3).exe 2014-10-13 16:19:46 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (2).exe 2014-10-08 12:55:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2014-10-16 14:03:53 113D9258E5B69187A804AEF6B39647B8 138912 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-10-16 14:03:52 F11D36A08D5A3F23D0DFE90A1BE15FE2 42656 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-10-16 14:03:04 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-10-16 14:03:04 8F390C7AA11DF00FC3EF86FA72A939D2 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-10-16 14:03:04 8C8B6144B47FE37724590CA832ED26CA 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-10-16 14:02:53 AF31CC5BAEB4916C0AF9AB062CFE8DA2 677888 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-10-16 14:02:53 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-10-16 14:02:50 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-10-16 14:02:46 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-16 14:02:30 6BEA81D3173FC13402033ADC86C88E29 1050112 ----a-w- C:\Windows\System32\mstsc.exe 2014-10-15 17:26:13 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\mama-nanda.exe 2014-10-15 17:25:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\mama-nanda\Downloads\RSIT.exe 2014-10-15 15:26:02 EC87C870FC286178E461C1D917567DCE 41081424 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe 2014-10-15 15:25:32 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateBroker.exe 2014-10-15 15:25:32 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe 2014-10-15 15:25:31 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe 2014-10-15 15:25:31 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateSetup.exe 2014-10-15 15:25:23 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe 2014-10-15 15:25:23 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdate.exe 2014-10-15 15:25:23 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe 2014-10-15 15:25:23 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler64.exe 2014-10-15 15:25:02 A2FC3671E02728D4DF4C86A741D39D80 10120 ------w- C:\Users\mama-nanda\AppData\Local\Apps\2.0\CER7RTM0.BXZ\5D2PRGOK.NHG\inst...app_4fe91ede9f9bdca3_0001.0003_9ec75c72e82206a0\clickonce_bootstrap.exe 2014-10-15 15:25:02 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\mama-nanda\AppData\Local\Apps\2.0\CER7RTM0.BXZ\5D2PRGOK.NHG\inst...app_4fe91ede9f9bdca3_0001.0003_9ec75c72e82206a0\GoogleUpdateSetup.exe 2014-10-15 15:25:02 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\mama-nanda\AppData\Local\Apps\2.0\CER7RTM0.BXZ\5D2PRGOK.NHG\clic...exe_4fe91ede9f9bdca3_0001.0003_none_e0b66a25f1dbb47c\GoogleUpdateSetup.exe 2014-10-13 16:36:22 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (3).exe 2014-10-13 16:19:46 A0C3FA20BA68BEF85C968AEC62B5D9E2 2837000 ----a-w- C:\Users\mama-nanda\Downloads\ib2013_win_setup (2).exe === C: other files == 2014-10-16 14:03:48 348289FDF17FB4A1F23091F9463642D6 2379264 ----a-w- C:\Windows\System32\win32k.sys 2014-10-16 13:59:42 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-16 13:59:40 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-602132388-3691444049-2182991524-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrMfcWnd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrMfcWnd" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter3] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter3" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KPN Assistent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KPN Assistent" "hkey"="HKLM" "command"="C:\\Program Files\\KPN\\KPN Assistent\\KPN_Assistent.exe /auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10-09-2014 19:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15-10-2014 17:25] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15-10-2014 17:25] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\{2A863AB5-10DE-4885-9A76-2021243FD7CA}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\{8A347C4F-BC49-4DAB-A8AA-CB9342258816}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\{B156F9F5-5669-432D-87DB-94F1037FA3FF}" ["c:\program files\google\chrome\application\chrome.exe"] ==== Chromium Look ====================== Docs - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_nlNL559" ==== Reset Google Chrome ====================== C:\Users\mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== HijackThis Entries ====================== O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-602132388-3691444049-2182991524-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-602132388-3691444049-2182991524-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe ==== Empty IE Cache ====================== C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\mama-nanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mama-nanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\mama-nanda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1113 folders=413 135810379 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Users\mama-nanda\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MAMA-N~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\AVG SafeGuard toolbar\TBAPI.dllsearch" not found "C:\Program Files\AVG SafeGuard toolbar\TBAPI.dllsearch" not found "C:\Program Files\AVG SafeGuard toolbar" not found "C:\Program Files\AVG SafeGuard toolbar" not found "C:\Program Files\AVG SafeGuard toolbar" not found "C:\Program Files\AVG SafeGuard toolbar" not found ==== EOF on za 18-10-2014 at 21:40:21,04 ======================