Zoek.exe v5.0.0.0 Updated 19-10-2014 Tool run by Donckers on do 23-10-2014 at 12:29:27,09. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Donckers\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23-10-2014 12:30:34 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\AGEIA Technologies deleted successfully C:\Program Files\BSR Screen Recorder 6 deleted successfully C:\Program Files\MSXML 4.0 deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Donckers\Downloads\zoek.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Package Cache deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3327 MB CPU Info: AMD Phenom(tm) 9950 Quad-Core Processor CPU Speed: 2639,4 MHz Sound Card: Luidsprekers (VIA High Definiti | SPDIF-interface (VIA High Defin | Display Adapters: AMD Radeon HD 6570 | AMD Radeon HD 6570 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: TP-LINK 150Mbps Wireless Lite N Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD-RAM GH22NP20 Ports: COM3 | COM4 | COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 439,5GB | D: 492,1GB Hard Disks - Free: C: 316,8GB | D: 42,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/22/08 | 092208 - 20080922 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer INC. M3A78-VM Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 32.0.3 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 32.0.3 (x86 nl) Adobe Reader version: 10.1.12.15 Flash Player version: 15.0.0.189 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Donckers\AppData\Local\Temp ==== 2014-10-19 20:58:16 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Donckers\AppData\Local\Temp\sqlite3.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-10-18 15:08:24 BD66DA54FFF371C491CE1C342BB23763 701104 ----a-w- C:\Windows\System32\FlashPlayerApp.exe 2014-10-18 15:08:23 A4A64E86CE5D3090C82D0A7D4C90AA32 71344 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-10-15 08:09:31 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\System32\dfshim.dll 2014-10-15 08:09:31 842DE20A6487D830A458DDB5E0363F13 156824 ----a-w- C:\Windows\System32\mscorier.dll 2014-10-15 08:09:31 653DFC2662680AB61232E1531147558A 81560 ----a-w- C:\Windows\System32\mscories.dll 2014-10-15 08:07:53 69EEF0917300F377BC056FFF9C861649 2054656 ----a-w- C:\Windows\System32\win32k.sys 2014-10-15 07:58:37 1EB8CA23B805D3F8DBDAC8CAE7979B8B 66560 ----a-w- C:\Windows\System32\packager.dll 2014-10-15 07:12:16 90634CE0C5601BF19E93076052D2A3D6 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-10-15 07:12:15 E8B3EE6038623D549264AE37BD3E0209 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll 2014-10-15 07:12:15 E5C50FC8B9EDF1530EF230A687A5EB0B 421376 ----a-w- C:\Windows\System32\vbscript.dll 2014-10-15 07:12:15 89FACA9614F1C949106106BEB23D1EC0 353792 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-10-15 07:12:15 29B990A63A3448A2AAC5FB9A441C8AF0 65536 ----a-w- C:\Windows\System32\jsproxy.dll 2014-10-15 07:12:15 1524E24AC57E375F3C42481A9ACEE038 1138688 ----a-w- C:\Windows\System32\urlmon.dll 2014-10-15 07:12:15 09192845BF15D30A86E8AD012F232AEC 11776 ----a-w- C:\Windows\System32\mshta.exe 2014-10-15 07:12:14 D93F3F1134C9CBC81D6F7D470A29E557 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-10-15 07:12:14 10B238C056068548211288D5DCC109DD 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-10-15 07:12:13 4037D4729F978F9677B4BD8E2D855BD7 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-10-15 07:12:12 A6F7BBEFFD204C45BD732A261A52EED4 231936 ----a-w- C:\Windows\System32\url.dll 2014-10-15 07:12:12 77742DDD19DB7503EEBF0A4A5A0AD6B1 1802752 ----a-w- C:\Windows\System32\iertutil.dll 2014-10-15 07:12:12 3252D4791357FEE6C2BAF0619C041317 1129472 ----a-w- C:\Windows\System32\wininet.dll 2014-10-15 07:12:12 12486BDE40B31322A239D150C595BAF4 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-10-15 07:12:11 8163D88337C067C8B75BA80BEBC0B0CD 9739776 ----a-w- C:\Windows\System32\ieframe.dll 2014-10-15 07:12:10 EE05498252DED63A6998C2629FFEFB89 223232 ----a-w- C:\Windows\System32\dxtrans.dll 2014-10-15 07:12:10 9B2FD5A84AA985B0393E0BF33391F4EF 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2014-10-15 07:12:10 7F2188097B1D46554A7D1A31C787C978 717824 ----a-w- C:\Windows\System32\jscript.dll 2014-10-15 07:12:10 5B170AD076338C48CDC77ABA487DD6FC 176640 ----a-w- C:\Windows\System32\ieui.dll 2014-10-15 07:12:07 3E7834CD2A543D58443BBE38FD74E8EB 12364288 ----a-w- C:\Windows\System32\mshtml.dll 2014-10-15 07:12:06 1DDFA163F4FA305DE1F81CD80DE53F87 1810432 ----a-w- C:\Windows\System32\jscript9.dll ====== C:\Windows\system32\drivers ===== 2014-10-15 08:00:19 4E404505B3F62ECFBDBCBBCF0A72DBC5 143360 ----a-w- C:\Windows\System32\drivers\fastfat.sys ====== C:\Windows\Tasks ====== 2014-10-18 15:08:25 18C6DF098930654615E9E89C078A8B08 3792 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater 2014-10-18 15:08:24 20A04ED6807D4E22A8BD458E99AD76D5 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-22 19:35:29 -------- d-----w- C:\Program Files\trend micro 2014-10-22 16:40:09 -------- d-----w- C:\Program Files\HD Tune 2014-10-22 14:05:21 -------- d-----w- C:\Program Files\WhoCrashed 2014-10-18 13:32:27 -------- d-----w- C:\Program Files\Battle.net ======= C: ===== ====== C:\Users\Donckers\AppData\Roaming ====== ====== C:\Users\Donckers ====== 2014-10-22 19:48:44 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Donckers\Downloads\RSIT(1).exe 2014-10-22 19:34:44 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Donckers\Downloads\RSIT.exe 2014-10-22 16:40:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2014-10-22 14:37:46 EB40DC01EF0D0D91F13AABA0FE1FC0CA 1962496 ----a-w- C:\Users\Donckers\Downloads\adwcleaner_4.001.exe 2014-10-22 14:33:29 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Donckers\Downloads\spsetup126(1).exe 2014-10-22 14:28:53 D5AFB3268EDA4EEB33890E65EC6F15AA 891224 ----a-w- C:\Users\Donckers\Downloads\amddriverdownloader.exe 2014-10-22 14:05:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed 2014-10-22 14:03:21 6E60B117789EFD4C9F7CB1C90CAD30FE 2707808 ----a-w- C:\Users\Donckers\Downloads\whocrashedSetup.exe 2014-10-18 13:38:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2014-10-18 13:32:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-10-18 13:30:39 777A8470CC32E7479BBA6990053F9803 2942368 ----a-w- C:\Users\Donckers\Downloads\World-of-Warcraft-Setup-enGB(1).exe ====== C: exe-files == 2014-10-22 19:48:44 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Donckers\Downloads\RSIT(1).exe 2014-10-22 19:35:29 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Donckers.exe 2014-10-22 19:34:44 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Donckers\Downloads\RSIT.exe 2014-10-22 16:40:09 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files\HD Tune\HDTune.exe 2014-10-22 16:40:09 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files\HD Tune\unins000.exe 2014-10-22 14:37:46 EB40DC01EF0D0D91F13AABA0FE1FC0CA 1962496 ----a-w- C:\Users\Donckers\Downloads\adwcleaner_4.001.exe 2014-10-22 14:33:29 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Donckers\Downloads\spsetup126(1).exe 2014-10-22 14:28:53 D5AFB3268EDA4EEB33890E65EC6F15AA 891224 ----a-w- C:\Users\Donckers\Downloads\amddriverdownloader.exe 2014-10-22 14:05:22 4AECB3FF899C8475684484F5E30C77EC 4351744 ----a-w- C:\Program Files\WhoCrashed\WhoCrashedEx.exe 2014-10-22 14:05:21 581A1D3FCF2AFBF45A8C9D0DCD63B3D1 1001633 ----a-w- C:\Program Files\WhoCrashed\unins000.exe 2014-10-22 14:05:21 29B9FD01FAAB348D85CA1F422DE00705 3461376 ----a-w- C:\Program Files\WhoCrashed\WhoCrashed.exe 2014-10-22 14:03:21 6E60B117789EFD4C9F7CB1C90CAD30FE 2707808 ----a-w- C:\Users\Donckers\Downloads\whocrashedSetup.exe 2014-10-18 15:08:24 BD66DA54FFF371C491CE1C342BB23763 701104 ----a-w- C:\Windows\System32\FlashPlayerApp.exe 2014-10-18 13:38:14 0791ED92A39CEA9F9AF0262E2271D82B 21252144 ----a-w- C:\Games\World of Warcraft\Wow-64.exe 2014-10-18 13:37:52 600E5D5442496128B9A48146E7E9E5DA 2905136 ----a-w- C:\Games\World of Warcraft\World of Warcraft Launcher.exe 2014-10-18 13:37:51 D4560C476DA623D802155BD24EDF78DC 799792 ----a-w- C:\Games\World of Warcraft\Utils\WowBrowserProxy.exe 2014-10-18 13:37:51 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Games\World of Warcraft\SystemSurvey.exe 2014-10-18 13:37:51 3FE4C4324A89E48608C460BCC3F1211B 13698608 ----a-w- C:\Games\World of Warcraft\Wow.exe 2014-10-18 13:37:50 98CB5B27549A3C9DD5CBC4F58F5A5BDB 334384 ----a-w- C:\Games\World of Warcraft\BlizzardError.exe 2014-10-18 13:32:27 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files\Battle.net\SystemSurvey.exe 2014-10-18 13:32:27 C4C3146993711471050CAD5B8E720D5A 9986096 ----a-w- C:\Program Files\Battle.net\Battle.net.5134\Battle.net.exe 2014-10-18 13:32:27 C2703038EDF286117EC4ABE77897038D 399408 ----a-w- C:\Program Files\Battle.net\Battle.net.exe 2014-10-18 13:32:27 A829DDDC417B4BB4D8175DF1846B8BAA 1337424 ----a-w- C:\Program Files\Common Files\Blizzard Entertainment\Battle.net\Uninstall.exe 2014-10-18 13:32:27 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files\Battle.net\BlizzardError.exe 2014-10-18 13:32:27 0FB5EB5C3639C88A02DADA0BBC079A58 2864688 ----a-w- C:\Program Files\Battle.net\Battle.net Launcher.exe 2014-10-18 13:31:33 477FDC75459FFD1E91AA709FEDFEB4F0 2909240 ----a-w- C:\ProgramData\Battle.net\Setup\wow_engb\World of Warcraft Setup.exe 2014-10-18 13:30:39 777A8470CC32E7479BBA6990053F9803 2942368 ----a-w- C:\Users\Donckers\Downloads\World-of-Warcraft-Setup-enGB(1).exe 2014-10-18 13:15:22 D747A0F1076B72EB2B022AE48A1B27B2 4772408 ----a-w- C:\ProgramData\Battle.net\Client\Blizzard Launcher.2351\Blizzard Launcher.exe 2014-10-16 14:16:13 CBEEE58F3D0C6272E57DBDD8A162722B 10597424 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe === C: other files == 2014-10-22 14:05:23 71091CC2ED537253CFD1D53DCFB26111 13568 ----a-w- C:\Program Files\WhoCrashed\rspCrash64.sys 2014-10-22 14:05:23 49CCEE12052956B4B6C5C2AF0C096B02 14080 ----a-w- C:\Program Files\WhoCrashed\rspCrash32.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-4244574384-3522590807-510949372-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Xvid"="C:\Program Files\Xvid\CheckUpdate.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "WinampAgent"="C:\Program Files\Winamp\winampa.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot" "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" "RIMBBLaunchAgent.exe"="C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe MSRun" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Xvid"="C:\Program Files\Xvid\CheckUpdate.exe" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Task Scheduler Jobs ====================== ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [21-05-2014 20:48] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\fbg7q48v.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\fbg7q48v.default 63F8C13F269B10BC9363B007DAAACAE6 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll - Shockwave Flash 5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 24F0772AD0C76B7CF25B36224D64230B - C:\Program Files\Research In Motion Limited\BlackBerry World Browser Plugin\npappworld.dll - BlackBerry AppWorld 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 25FA8C3B9789A26CA7D61C8E9B4EA799 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll - RIM Handheld Application Loader AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe ==== Empty IE Cache ====================== C:\Users\Donckers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Donckers\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Donckers\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Donckers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7 folders=8 6733250 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Donckers\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Donckers\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Donckers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on do 23-10-2014 at 12:47:42,48 ======================