Zoek.exe v5.0.0.0 Updated 13-November-2014 Tool run by Gebruiker on vr 14-11-2014 at 12:03:01.48. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Users\Gebruiker\Downloads\zoek (3).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-11-13-205458.log 37313 bytes ==== Empty Folders Check ====================== C:\Users\Administrator\AppData\Local\Google deleted successfully C:\Users\Gast\AppData\Local\Google deleted successfully C:\Users\Gebruiker\AppData\Local\CutePDF Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe D:\Users\Gebruiker\Downloads\zoek (3).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Search Protection not found C:\Program Files (x86)\Toolbar Cleaner not found "C:\Windows\zoek-delete.exe" not found C:\ProgramData\BitDefender deleted C:\Users\Gebruiker\AppData\Roaming\SecureSearch deleted C:\Users\Gebruiker\AppData\Local\adawarebp deleted "C:\DelFix.txt" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4096 MB CPU Info: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz CPU Speed: 2951.3 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 8400 GS | NVIDIA GeForce 8400 GS | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (E: | F: | ) E: Optiarc DVD RW AD-5240S | F: Optiarc DVD RW AD-5240S Ports: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 224.5GB | D: 241.1GB Hard Disks - Free: C: 179.0GB | D: 202.9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/18/09 | 7519MS - 20090818 Time Zone: Romance (standaardtijd) Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD P45-C51 (MS-7519) Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Ad-Aware Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Ad-Aware Antivirus disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Ad-Aware Firewall disabled Default Browser: Google Chrome 36.0.1985.143 Internet Explorer Version: 10.0.9200.17148 Google Chrome version: 36.0.1985.143 Adobe Reader version: 11.0.9.29 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-11-12 08:29:04 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2014-11-12 08:29:04 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2014-11-12 08:29:04 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-11-12 08:29:04 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-11-12 08:29:00 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-11-12 08:29:00 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 08:28:59 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 08:28:58 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 08:28:58 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 08:28:58 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 08:28:57 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 08:28:57 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 08:28:57 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-11-12 08:28:57 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-11-12 08:28:56 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 08:28:56 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-11-12 08:28:56 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-11-12 08:28:51 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-11-12 08:28:47 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 08:28:47 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll 2014-11-12 08:28:43 9E693725F153CD9EF08E90D58EBEBC54 14368768 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-11-12 08:28:42 25675CBC95EFE46BADB77517E6BC4DAA 13758464 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-11-12 08:28:41 D7B42130AAE3AED8E487619A9E1BF351 1762816 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-11-12 08:28:41 8D4A22F77C915F95BD43D0B87EF9DD16 2055168 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-11-12 08:28:40 FA76509E854E2B56D86B519515DEB941 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 08:28:40 DA243158233832634ED12CB4DC10A1B1 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 08:28:40 D790BF4857C770303BAD1EFAB9B019C2 2861568 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-11-12 08:28:40 8B9B8B299EA8F3459258651F2715800A 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 08:28:40 1D3967BB5CF911B10C59BD9B8A9B2C30 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 08:28:40 005C724A03D515C021B5C99DF233D626 1181696 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-11-12 08:28:39 F20D4C62654EA7AE56D001F33523529B 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 08:28:39 D7B77882917701A566275A77FD096F01 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-11-12 08:28:39 A1D78619335089E7CC8C492B7A8E4133 523776 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-11-12 08:28:39 8D3B447D5C77D51878B765D1E8412999 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-11-12 08:28:39 6C9C9A3DB148AFC5F77BD0D84BC9248C 80384 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 08:28:39 46A456C8E7D2D9A08F56390FF328C27E 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-11-12 08:28:38 CE3C1060585125EA8471969106BFC2DB 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 08:28:38 989FF71C719526B95264AAA15DA4058C 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-11-12 08:28:38 8D471DA9EF322368D93FC4DC0D3A4F85 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-11-12 08:28:38 5934C1A21DB8CB58A1FADD9CBA142D9D 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-11-12 08:28:38 19B1DC0ED949D5BA2F96EC68CE792F3E 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 08:28:38 048E882BD570E31639757F079FD80E14 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-11-12 08:29:06 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-11-12 08:29:06 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-11-12 08:29:05 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-11-12 08:29:04 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-11-12 08:29:04 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2014-11-12 08:29:04 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll 2014-11-12 08:29:04 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-11-12 08:29:00 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-11-12 08:29:00 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-11-12 08:28:59 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL 2014-11-12 08:28:58 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2014-11-12 08:28:58 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-11-12 08:28:58 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-11-12 08:28:58 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-11-12 08:28:58 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-11-12 08:28:57 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-11-12 08:28:57 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-11-12 08:28:57 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-11-12 08:28:57 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-11-12 08:28:57 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-11-12 08:28:56 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-11-12 08:28:56 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-11-12 08:28:51 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll 2014-11-12 08:28:49 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-11-12 08:28:47 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2014-11-12 08:28:47 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll 2014-11-12 08:28:45 BB9EDB136C117014C9ECC281E15568F3 19284480 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-11-12 08:28:42 71882DBD92A58EC265508E5F4F5894B3 15399424 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-11-12 08:28:41 CAFB7296295D473364DE6B57C970A445 1409536 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-11-12 08:28:41 4E0BA41211B870111B8DE9B03B49C18E 2237952 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-11-12 08:28:41 237DD0E5230B0E78C09836D888798380 2655232 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-11-12 08:28:40 71B20011967F1E4F550A8DDD095C8251 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-11-12 08:28:40 624EA391F837DD143B649C62D0A661F9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2014-11-12 08:28:40 469B033F7E48F7B9943523055FA1EAF9 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-11-12 08:28:39 D39E6B207EEA4867BD62FBC511C320E0 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-11-12 08:28:39 D0FE275A6C25CD1BD6B40C726E87564A 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-11-12 08:28:39 CCA72EBB1E4B0849EA251211F7C1B4AE 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-11-12 08:28:39 A1D32506F067DF92455C9306669D933F 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-11-12 08:28:39 9D2148EA842DF710FBA83042A1B656CA 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-11-12 08:28:39 832F007C4D313213B5B633357647324C 600064 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-11-12 08:28:39 305A20D511396D77C9A81EC1A6D4F243 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-11-12 08:28:39 2094F0FBF3E4FF5B53DD46C2C4BFBD6D 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-11-12 08:28:39 02D8C74F640D2116E07A46AD7D4064E4 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-11-12 08:28:38 FBCCEDE1720306CBC2D448248CDA0772 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-11-12 08:28:38 C987F9E6981F1EDF7AAC65A8734D4267 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-11-12 08:28:38 7D996CEA7CDA7342FE091ADFF14DFAB0 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-11-12 08:28:38 345BEAB65EB2DD9A9813C97C559972AE 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-11-12 08:28:38 124F008B1CEC1FA16A4B4665C34BC76B 451584 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-11-12 08:28:38 005438B4BC9A23620E29E860FDB43909 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe ====== C:\Windows\Sysnative\drivers ===== 2014-11-12 08:29:04 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-11-11 08:13:31 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\47044AE1.sys 2014-11-10 08:18:48 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\016900CA.sys 2014-10-28 23:54:51 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_avchv_01009.Wdf 2014-10-28 17:16:11 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-10-28 17:15:44 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-10-28 17:15:44 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-10-28 17:15:44 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-28 23:54:14 -------- d-----w- C:\Program Files\Lavasoft 2014-10-28 23:51:27 -------- d-----w- C:\Program Files\Common Files\Lavasoft 2014-10-28 16:27:43 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-10-28 23:53:37 -------- d-----w- C:\PROGRA~2\Lavasoft ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-11-13 20:52:44 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-11-13 20:52:44 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-11-13 20:52:44 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2014-11-13 20:52:44 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-11-13 20:52:44 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-11-13 20:52:43 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Temp 2014-10-28 23:55:25 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\LavasoftStatistics 2014-10-28 23:51:43 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Lavasoft 2014-10-27 17:20:06 1036E3DDDC89A4E68D8A33F3823A180E 4 ----a-w- C:\Users\Gebruiker\AppData\Roaming\appdataFr2.bin ====== C:\Users\Gebruiker ====== 2014-10-28 23:55:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-10-28 23:53:57 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2014-10-28 23:51:06 -------- d-----w- C:\ProgramData\Lavasoft ====== C: exe-files == 2014-11-12 08:29:06 C265E023A65D7DA049E1B1D957F714EE 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-11-12 08:29:06 037DF5FF4E17AD355309F0E4B15B48BE 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-11-12 08:28:59 7EEB4D2A17421D337F970FB5C3B24410 106496 ----a-w- C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe 2014-11-12 08:28:59 73E0DAD52482E65C478EA46081C8785A 141312 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe 2014-11-12 08:28:40 95F20403548F47822B6F96F2D6B2AA20 775312 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-11-12 08:28:40 0E144293FBAECD79A045B336FA6C0F0D 770704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-11-12 08:28:39 EDBEE1FFEE2F0A804B32BBD5317C3B84 485376 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-11-12 08:28:39 CCA72EBB1E4B0849EA251211F7C1B4AE 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-11-12 08:28:39 B62CEFF31A4CB18804727FA28381165A 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-11-12 08:28:38 5934C1A21DB8CB58A1FADD9CBA142D9D 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-11-12 08:28:38 005438B4BC9A23620E29E860FDB43909 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe === C: other files == 2014-11-12 08:29:04 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-11-12 08:28:49 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\System32\win32k.sys 2014-11-11 08:13:31 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\47044AE1.sys 2014-11-10 08:18:48 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\016900CA.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1243184377-1695436347-1374857548-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "FLMTRUSTMOUSE"="C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" "AdAwareTray"="C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe" ==== Startup Folders ====================== 2014-03-10 12:15:54 1966 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-11-2014 12:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-03-2014 13:32] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-03-2014 13:32] C:\Windows\tasks\HP Photo Creations Messager.job --a------ C:\ProgramData\HP Photo Creations\MessageCheck.exe [15-02-2011 11:11] C:\Windows\tasks\WpsNotifyTask_Gebruiker.job --a------ [Undetermined Task] C:\Windows\tasks\WpsUpdateTask_Gebruiker.job --a------ C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [06-08-2014 09:57] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Gebruiker-PC-Gebruiker" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Messager" [C:\ProgramData\HP Photo Creations\MessageCheck.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3050A J611 series" ["C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A1FB8921-779B-4911-B1A1-D6976E0949A5}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\WpsNotifyTask_Gebruiker" [C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe] "C:\Windows\SysNative\tasks\WpsUpdateTask_Gebruiker" [C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chromium Look ====================== Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-10-29&gen=cnet&ent=hp&u=9D788089E2C62363F09D4854502C8634", "startup_urls": [ "https://www.google.be/" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [FLMTRUSTMOUSE] C:\Program Files (x86)\Trust mouse utility\1.0\mouse32a.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1243184377-1695436347-1374857548-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1243184377-1695436347-1374857548-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQA3MIK0 will be deleted at reboot C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZROILP6I will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=23 folders=9 18655534 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQA3MIK0" not found "C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZROILP6I" not found ==== EOF on vr 14-11-2014 at 12:38:26.58 ======================