Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by Dosje on vr 02/01/2015 at 13:05:06,39. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dosje\Downloads\zoek\zoek.exe.scr [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 2/01/2015 13:06:17 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\Dosje\AppData\Roaming\QuickScan deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Dosje\AppData\Local\Adobe deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1475824631-3608167871-2514947924-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA} deleted successfully HKEY_USERS\S-1-5-21-1475824631-3608167871-2514947924-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ćTorrent Aiseesoft Total Video Converter Platinum 7.1.26 Bitdefender Total Security CCleaner Greenshot 1.1.9.13 Malwarebytes Anti-Malware versie 2.0.4.1028 MediaInfo 0.7.71 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (NLD) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 34.0.5 (x86 nl) Mozilla Maintenance Service MPC-HC 1.7.7 NVIDIA-configuratiescherm 347.09 NVIDIA GeForce Experience 2.1.5 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 347.09 NVIDIA HD Audio-stuurprogramma 1.3.33.0 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.14.0702 NVIDIA ShadowPlay 16.18.9 NVIDIA Update 16.18.9 NVIDIA Update Core NVIDIA Virtual Audio 1.2.27 Realtek High Definition Audio Driver SHIELD Streaming SHIELD Wireless Controller Driver Speccy swMSM Ultra Video Converter 5.1.0108 Ultra Video Joiner 6.1.0108 Ultra Video Splitter 6.0.1201 VLC media player WinRAR 5.20 bŠta 4 (32-bit) WinX DVD Ripper Platinum 7.3.4 ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Program Files\Bitdefender\Bitdefender\vsserv.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Bitdefender\Bitdefender\bdagent.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Common Files\AVG Secure Search not found C:\Program Files (x86)\AVG Secure Search not found C:\PROGRA~2\ProductData deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\System32\SETB8.tmp deleted C:\Windows\System32\SETF23A.tmp deleted C:\Windows\System32\SETF8C4.tmp deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 3540 MB CPU Info: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz CPU Speed: 3238,3 MHz Sound Card: Not detected Display Adapters: NVIDIA GeForce GTX 745 | NVIDIA GeForce GTX 745 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Realtek PCIe GBE Family Controller | Bluetooth-apparaat (Personal Area Network) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GHB0N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 286,9GB | E: 644,5GB Hard Disks - Free: C: 266,0GB | E: 413,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 03/21/14 | ACRSYS - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire TC-605 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Bitdefender Antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Bitdefender Firewall disabled Default Browser: Firefox 34.0.5 Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 34.0.5 (x86 nl) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Dosje\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-12-31 12:21:39 13A771A64416C7AB623A3998194A947B 267248 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2014-12-25 04:43:22 F9E00CA1B476454E3AA3A5CDC83F80FC 927888 ----a-w- C:\Windows\System32\NvIFR.dll 2014-12-25 04:43:22 F534BE4E62773EB507E98CF9AEE9B10A 346944 ----a-w- C:\Windows\System32\NvIFROpenGL.dll 2014-12-25 04:43:22 E5337800C05E37D2FEE80A8F74EAD490 305136 ----a-w- C:\Windows\System32\nvoglshim32.dll 2014-12-25 04:43:22 CACE10C9EF1886D026AD39E0086516DC 27280 ----a-w- C:\Windows\System32\nvhdap32.dll 2014-12-25 04:43:22 B1CF3C19445A42E8FB953E3A9B8A064B 911504 ----a-w- C:\Windows\System32\nvdispgenco3234709.dll 2014-12-25 04:43:22 96CEFCFD0F0298A10FC3D40B24E62173 908608 ----a-w- C:\Windows\System32\nvhdagenco32.dll 2014-12-25 04:43:22 7588928440BAC045AD137F914EA8B4A6 24764048 ----a-w- C:\Windows\System32\nvoglv32.dll 2014-12-25 04:43:22 5670A986A74868F7C250B148542BC0CA 1047696 ----a-w- C:\Windows\System32\nvdispco3234709.dll 2014-12-25 04:43:22 472600A088F71C0DFC930BB7FB776B5E 10771128 ----a-w- C:\Windows\System32\nvopencl.dll 2014-12-25 04:43:22 3F8BDDD72FC07BFC359228CC925AA462 164752 ----a-w- C:\Windows\System32\nvinit.dll 2014-12-25 04:43:22 3CA4990A4E8DDC69566904512097C841 3249984 ----a-w- C:\Windows\System32\nvcuvid.dll 2014-12-25 04:43:22 19D5DEA79A9E0FAAFEC8D089FD23A611 10710344 ----a-w- C:\Windows\System32\nvcuda.dll 2014-12-25 04:43:22 18720D750E30C794AAF7F2EF06669764 399688 ----a-w- C:\Windows\System32\nvEncodeAPI.dll 2014-12-25 04:43:22 081291E1234FF024ACE90F5D3D8338AF 877984 ----a-w- C:\Windows\System32\nvumdshim.dll 2014-12-25 04:43:22 06AC9683421632CAD7B895BAB0B2B22F 905360 ----a-w- C:\Windows\System32\NvFBC.dll 2014-12-25 04:43:21 5118398C8FE14661C4C07968A288062D 20465808 ----a-w- C:\Windows\System32\nvcompiler.dll ====== C:\Windows\system32\drivers ===== 2014-12-25 04:43:22 F69FD161BD904778E1D6EBE9EEBBC2B5 161424 ----a-w- C:\Windows\System32\drivers\nvhda32v.sys 2014-12-25 04:43:22 F5A2898D11338CA057C6B30CD59C2FCD 8536208 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2014-12-17 00:20:01 3EEDE5E218F0978D802CE3196E8B9028 32912 ----a-w- C:\Windows\System32\drivers\nvvad32v.sys 2014-12-09 21:10:29 7FE680A3DFA421C4A8E4879AE4C5AAB0 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-01 13:06:06 -------- d-----w- C:\Program Files\trend micro 2014-12-31 18:36:05 -------- d-----w- C:\Program Files\Mozilla Maintenance Service 2014-12-25 04:46:32 -------- d-----w- C:\Program Files\Speccy 2014-12-18 01:51:21 -------- d-----w- C:\Program Files\MPC-HC 2014-12-17 12:34:11 -------- d-----w- C:\Program Files\Digiarty 2014-12-16 10:12:15 -------- d-----w- C:\Program Files\MediaInfo 2014-12-15 21:50:30 -------- d-----w- C:\Program Files\Ultra Video Joiner 2014-12-15 21:49:23 -------- d-----w- C:\Program Files\Ultra Video Splitter 2014-12-15 21:48:13 -------- d-----w- C:\Program Files\Ultra Video Converter 2014-12-04 22:26:48 -------- d-----w- C:\Program Files\Greenshot ======= C: ===== ====== C:\Users\Dosje\AppData\Roaming ====== 2014-12-31 18:48:21 -------- d-----w- C:\Users\Dosje\AppData\Roaming\vlc 2014-12-31 12:28:57 5DC22707EBC236B33A3342508ACEE4B6 58016 ----a-w- C:\Users\Dosje\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-25 10:54:52 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2014-12-18 04:02:56 -------- d-----w- C:\Users\Dosje\AppData\Roaming\MPC-HC 2014-12-18 01:05:54 -------- d-----w- C:\Users\Dosje\AppData\Locallow\Google 2014-12-18 01:04:07 -------- d-----w- C:\Users\Dosje\AppData\Local\Google 2014-12-17 12:34:11 -------- d-----w- C:\Users\Dosje\AppData\Roaming\Digiarty 2014-12-17 12:11:44 -------- d-----w- C:\Users\Dosje\AppData\Local\labDV.com 2014-12-17 00:27:11 -------- d-----w- C:\Users\Dosje\AppData\Local\Diagnostics 2014-12-16 10:23:14 -------- d-----w- C:\Users\Dosje\AppData\Roaming\NVIDIA 2014-12-16 10:12:39 -------- d-----w- C:\Users\Dosje\AppData\Roaming\MediaInfo 2014-12-07 02:39:09 -------- d-----w- C:\Users\Dosje\AppData\Roaming\Greenshot 2014-12-07 02:39:09 -------- d-----w- C:\Users\Dosje\AppData\Local\Greenshot ====== C:\Users\Dosje ====== 2015-01-01 13:05:50 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Dosje\Downloads\RSIT.exe 2015-01-01 09:13:00 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\Dosje\Downloads\adwcleaner_4.106.exe 2014-12-31 18:48:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-12-31 04:19:48 D6B3DB0646ADF3A305C06C976440AEC4 13644424 ----a-w- C:\Users\Dosje\Downloads\PrivaZer.exe 2014-12-26 05:01:12 E4DD18766FEACC72FA0C3588664622DC 3503616 ----a-w- C:\Users\Dosje\Documents\Fotowall 0.9 WinXP Vista 7.exe 2014-12-25 04:46:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-12-18 01:51:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2014-12-17 12:34:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty 2014-12-16 02:23:42 -------- d---a-w- C:\ProgramData\TEMP 2014-12-15 21:50:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Joiner 2014-12-15 21:49:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Splitter 2014-12-15 21:48:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Converter 2014-12-04 22:48:09 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2014-12-04 22:26:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot ====== C: exe-files == 2015-01-01 13:06:07 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Dosje.exe 2015-01-01 13:05:50 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Dosje\Downloads\RSIT.exe 2015-01-01 09:13:00 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\Dosje\Downloads\adwcleaner_4.106.exe 2014-12-31 18:48:16 52437302E4A48A6915AFE987423A1587 275217 ----a-w- C:\Program Files\VideoLAN\VLC\uninstall.exe 2014-12-31 18:36:07 B015BE6E7E2E47EDF38186C3CCCD41CF 103588 ----a-w- C:\Program Files\Mozilla Maintenance Service\Uninstall.exe 2014-12-31 18:36:05 B4E9C7383A705628AD491CF0F87D901F 114800 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 2014-12-31 17:40:35 C87A6B74862CCF7AFFC153C34525AAD1 4699592 ----a-w- C:\Users\Dosje\AppData\Local\NVIDIA\NvBackend\Packages\00006af6\DAO.19186954.exe 2014-12-31 04:19:48 D6B3DB0646ADF3A305C06C976440AEC4 13644424 ----a-w- C:\Users\Dosje\Downloads\PrivaZer.exe 2014-12-30 17:35:29 CB404197AEC10A525509E0BF523B8158 433072 ----a-w- C:\Users\Dosje\AppData\Local\NVIDIA\NvBackend\Packages\00006aea\CoProc update.19181379.exe === C: other files == 2014-12-31 18:37:13 A1B1BC6A14B437C82AC830116979E9F6 979699 ----a-w- C:\Users\Dosje\AppData\Roaming\Mozilla\Firefox\Profiles\y89nynxo.default-1419962407733\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1475824631-3608167871-2514947924-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\ffpwdman" [11/04/2014 11:33] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Dosje\AppData\Roaming\Mozilla\Firefox\Profiles\y89nynxo.default-1419962407733 - Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Dosje\AppData\Roaming\Mozilla\Firefox\Profiles\y89nynxo.default-1419962407733 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx[03/03/2014 14:59] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== HijackThis Entries ====================== O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" O4 - HKCU\..\Run: [Bitdefender Agent Wallet-toepassing] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Bitdefender Wallet Agent = "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" [Bitdefender] Bitdefender Agent Wallet-toepassing = "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" [Bitdefender] Bitdefender Wallet = "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard [Bitdefender] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s [Realtek Semiconductor] Bdagent = "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" [Bitdefender] NvBackend = "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation] ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {1DAC0C53-7D23-4AB3-856A-B04D98CD982A}\(Default) = Bitdefender Wallet -> {HKLM...CLSID} = Bitdefender Wallet \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [Bitdefender] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ __SafeBox1\(Default) = {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} -> {HKLM...CLSID} = ExtGreen Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] __SafeBox2\(Default) = {342DAA0B-D796-460D-8566-901E08A1CCAD} -> {HKLM...CLSID} = ExtRed Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] __SafeBox3\(Default) = {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} -> {HKLM...CLSID} = ExtYellow \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] __SafeBox4\(Default) = {33816773-98AE-4723-ADE0-EBE54C8B5A67} -> {HKLM...CLSID} = ExtRootFolder Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} = Bitdefender SafeBox -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} = (no title provided) -> {HKLM...CLSID} = ExtYellow \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {342DAA0B-D796-460D-8566-901E08A1CCAD} = (no title provided) -> {HKLM...CLSID} = ExtRed Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {2F46275A-B9C5-4C8F-94C0-71BD2B28220C} = (no title provided) -> {HKLM...CLSID} = ExtPropertySheet Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {33816773-98AE-4723-ADE0-EBE54C8B5A67} = (no title provided) -> {HKLM...CLSID} = ExtRootFolder Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} = (no title provided) -> {HKLM...CLSID} = ExtGreen Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {9E96C1F5-0EFA-4348-9460-15D6802C70AA} = BDFVCtxMenuExt -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender] SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided) -> {HKLM...CLSID} = FileShredderCtxMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\fshredctx.dll [Bitdefender] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM...CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdshellext.dll [Bitdefender] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ SafeBoxSheet\(Default) = {2F46275A-B9C5-4C8F-94C0-71BD2B28220C} -> {HKLM...CLSID} = ExtPropertySheet Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender] {4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided) -> {HKLM...CLSID} = FileShredderCtxMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\fshredctx.dll [Bitdefender] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM...CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdshellext.dll [Bitdefender] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender] NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdfvsctx.dll [Bitdefender] SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided) -> {HKLM...CLSID} = FileShredderCtxMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\fshredctx.dll [Bitdefender] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM...CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender\bdshellext.dll [Bitdefender] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoLowDiskSpaceChecks = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Dosje\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Users\Dosje\DOWNLO~1\zoek\ZOEKEX~1.SCR (zoek.exe.scr) [null data] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] {471ADA1D-2D03-464A-BAD2-68120289EE4F} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Dosje\Desktop\tools\devcon.exe -d C:\Users\Dosje\Desktop -c status * [MS] {F734DD09-DEAC-4116-8C03-9F13064A8081} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Dosje\AppData\Local\Temp\Temp1_Lan_Realtek_7080_W7x64_A.zip\Lan_Realtek_7080_W7x64\setup.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem Calibration Loader -> launches: {B210D694-C8DF-490d-9576-9E20CDBC20BD} -> {HKLM...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-1475824631-3608167871-2514947924-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 39 Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Bitdefender Desktop Update Service, UPDATESRV, "C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe" /service [Bitdefender] Bitdefender Virus Shield, VSSERV, "C:\Program Files\Bitdefender\Bitdefender\vsserv.exe" /service [Bitdefender] MBAMScheduler, MBAMScheduler, "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation] NVIDIA Network Service, NvNetworkService, "C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation] NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [NVIDIA Corporation] SafeBox, SafeBox, C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [Bitdefender] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Accessibility Tools: -------------------- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ Configuration = oracle_javaaccessbridge HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session1\ Configuration = oracle_javaaccessbridge <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Dosje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dosje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Dosje\AppData\Local\Mozilla\Firefox\Profiles\y89nynxo.default-1419962407733\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=10 folders=4 38275958 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Dosje\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Dosje\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 02/01/2015 at 13:27:01,91 ======================