Zoek.exe v5.0.0.0 Updated 07-March-2015 Tool run by ikke on ma 09/03/2015 at 11:48:49,24. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\ikke\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-03-08-172138.log 48054 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Service.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\VyprVPN\VyprVPNService.exe C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe C:\Windows\SysWOW64\notepad.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\VyprVPN\VyprVPN.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe C:\Users\ikke\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Ijtwsoft"=- "Ahcbworks"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Ijtwsoft"=- "Ahcbworks"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Ijtwsoft"=- "Ahcbworks"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Ijtwsoft"=- "Ahcbworks"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Yahoo! deleted C:\Users\ikke\AppData\Roaming\Yahoo! deleted C:\PROGRA~3\Yahoo! deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4062 MB CPU Info: Intel(R) Celeron(R) CPU E3300 @ 2.50GHz CPU Speed: 2497,2 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) G41 Express Chipset | Intel(R) G41 Express Chipset | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: TAP-VyprVPN Adapter V9 | Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: hp CDDVDW TS-H653R Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 931,4GB Hard Disks - Free: C: 477,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 11/27/09 | HPQOEM - 20091127 Time Zone: Romance Standard Time Motherboard *: FOXCONN ETON Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: ZoneAlarm Free Firewall Firewall disabled Default Browser: Firefox 36.0.1 Internet Explorer Version: 10.0.9200.17229 Mozilla Firefox version: 36.0.1 (x86 nl) Google Chrome version: 41.0.2272.76 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-02-11 16:44:23 3F535687772ABD0F4A953F75E0711CDD 525508562 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\ikke\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-03-06 17:14:32 EA102A915B12F4F471237C046DAD456E 765312 ----a-w- C:\Windows\SysWOW64\PerfStringBackup.INI 2015-02-25 19:21:53 E51B539FEC6A6485289F650E5E7D5156 701616 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-25 19:21:53 4713ED2510365E9102172816D2CFB832 71344 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-25 19:08:08 13D186FA6F19823C598335443CE233BC 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-25 18:38:24 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls 2015-02-25 18:14:57 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-25 18:38:24 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls 2015-02-25 18:14:59 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll 2015-02-25 18:14:58 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll 2015-02-25 18:14:57 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll ====== C:\Windows\Sysnative\drivers ===== 2015-02-27 12:00:22 E12DB53A9457CA44FC4C93AAE0C3BCCE 431395 ----a-w- C:\Windows\Sysnative\drivers\vsconfig.xml 2015-02-24 19:12:58 DF56B9F206B99020D79AC560622F8F91 44896 ----a-w- C:\Windows\Sysnative\drivers\tapvyprvpn.sys 2015-02-11 15:44:27 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 15:44:26 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 15:44:26 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-02-11 10:56:39 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-02-11 10:56:06 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-02-11 10:56:06 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-02-11 10:56:06 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2015-02-26 12:33:38 7F28B1169AB0A29D212A144A2782DA58 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-26 12:33:38 7262B151C5C2B140FFF0666AC0405A6D 4048 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2015-02-26 12:33:37 92D547CEEF9F0066D9CC79A8C47DBF5E 3796 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2015-02-26 12:33:36 154DDFD8C97165483607AD65F0EE4023 1048 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-25 19:21:55 BC9D596F5BB0C9457FAC42BB20A87D41 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-25 19:21:55 1D92BFD850526ABDC2D0B5252F332538 3768 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-06 11:44:08 -------- d-----w- C:\Program Files\trend micro 2015-03-04 11:38:44 -------- d-----w- C:\Program Files\Realtek 2015-03-01 16:22:32 -------- d-----w- C:\Program Files\Adobe 2015-03-01 16:15:45 -------- d-----w- C:\Program Files\Common Files\Adobe 2015-02-27 13:19:34 -------- d-----w- C:\Program Files\CamStudio 2.7 2015-02-25 19:36:27 -------- d-----w- C:\Program Files\Visicom Media 2015-02-20 21:46:35 -------- d-----w- C:\Program Files\Sonic Charge 2015-02-20 12:28:36 -------- d-----w- C:\Program Files\iPod 2015-02-20 12:28:35 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2015-03-06 17:07:52 -------- d-----w- C:\PROGRA~2\VyprVPN 2015-03-01 16:20:46 -------- d-----w- C:\PROGRA~2\Adobe 2015-03-01 16:10:58 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe 2015-02-28 16:56:22 -------- d-----w- C:\PROGRA~2\XviD 2015-02-28 16:56:02 -------- d-----w- C:\PROGRA~2\Screen Recorder 2015-02-28 10:01:31 -------- d--h--w- C:\PROGRA~2\Temp 2015-02-27 11:58:35 -------- d-----w- C:\PROGRA~2\CheckPoint 2015-02-26 12:33:30 -------- d-----w- C:\PROGRA~2\Google 2015-02-25 19:36:57 -------- d-----w- C:\PROGRA~2\ManyCam 2015-02-25 19:08:11 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-02-25 19:07:36 -------- d-----w- C:\PROGRA~2\Java 2015-02-25 19:03:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-02-25 19:03:36 -------- d-----r- C:\PROGRA~2\Skype 2015-02-20 12:28:37 -------- d-----w- C:\PROGRA~2\iTunes 2015-02-20 10:26:39 -------- d-----w- C:\PROGRA~2\Origin 2015-02-16 19:36:33 -------- d-----w- C:\PROGRA~2\GMT-MAX.ORG 2015-02-13 11:23:39 -------- d-----w- C:\PROGRA~2\Audacity 2015-02-10 12:27:27 -------- d-----w- C:\PROGRA~2\Reveal Sound 2015-02-08 22:43:50 -------- d-----w- C:\PROGRA~2\Rob Papen ======= C: ===== ====== C:\Users\ikke\AppData\Roaming ====== 2015-03-08 17:18:12 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-03-08 17:18:12 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-03-08 17:18:12 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-03-08 17:18:12 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-03-08 17:18:11 -------- d-----w- C:\Users\ikke\AppData\Local\Temp 2015-03-06 17:41:10 -------- d-----w- C:\Users\ikke\AppData\Local\Golden_Frog,_GmbH 2015-03-06 17:40:37 -------- d-----w- C:\Users\ikke\AppData\Local\Golden Frog, GmbH 2015-03-06 17:30:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Golden_Frog,_GmbH 2015-03-02 13:57:56 -------- d-----w- C:\Users\ikke\AppData\Locallow\Adobe 2015-02-28 18:04:51 -------- d-----w- C:\Users\ikke\AppData\Roaming\Rylstim Screen Recorder 2015-02-28 16:56:23 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD 2015-02-27 18:29:08 9B1D1C1C1FDD98F1369A67A4E1B1DF6E 408 ----a-w- C:\Users\ikke\AppData\Roaming\CamShapes.ini 2015-02-27 18:29:08 53EBD09A73D82DD916A0E78EFB87F308 408 ----a-w- C:\Users\ikke\AppData\Roaming\CamLayout.ini 2015-02-27 18:29:08 17C59CBE8CE682CEC5F22A6A7C979A2E 65616 ----a-w- C:\Users\ikke\AppData\Roaming\Camdata.ini 2015-02-27 16:10:44 C5FBB0674FB6259D98B84F4C19A8575C 4538 ----a-w- C:\Users\ikke\AppData\Roaming\CamStudio.cfg 2015-02-27 13:28:16 9E3D46FEA2CB93CF7CBA1E216DC5E68A 96 ----a-w- C:\Users\ikke\AppData\Roaming\version2.xml 2015-02-27 11:58:40 -------- d-----w- C:\Users\ikke\AppData\Roaming\Check Point Software Technologies LTD 2015-02-26 12:53:13 -------- d-----w- C:\Users\ikke\AppData\Local\Mikogo 2015-02-26 12:46:10 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mikogo 2015-02-26 12:45:43 -------- d-----w- C:\Users\ikke\AppData\Roaming\Mikogo 2015-02-26 12:38:45 -------- d-----w- C:\Users\ikke\AppData\Local\Screenleap 2015-02-26 12:33:20 -------- d-----w- C:\Users\ikke\AppData\Local\Google 2015-02-25 20:02:41 -------- d-----w- C:\Users\ikke\AppData\Local\QuickScreenShare 2015-02-25 19:38:59 -------- d-----w- C:\Users\ikke\AppData\Local\ManyCam 2015-02-25 19:37:20 -------- d-----w- C:\Users\ikke\AppData\Roaming\ManyCam 2015-02-25 19:21:19 -------- d-----w- C:\Users\ikke\AppData\Local\Adobe 2015-02-25 19:06:57 -------- d-----w- C:\Users\ikke\AppData\Locallow\Sun 2015-02-25 19:03:56 -------- d-----w- C:\Users\ikke\AppData\Local\Skype 2015-02-25 19:03:51 -------- d-----w- C:\Users\ikke\AppData\Roaming\Skype 2015-02-24 16:20:52 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samples Share 2015-02-24 12:36:43 -------- d-----w- C:\Users\ikke\AppData\Roaming\Teragon Audio 2015-02-20 21:57:20 -------- d-----w- C:\Users\ikke\AppData\Local\Sonic Charge 2015-02-20 10:30:06 -------- d-----w- C:\Users\ikke\AppData\Roaming\Origin 2015-02-20 10:30:04 -------- d-----w- C:\Users\ikke\AppData\Local\Origin 2015-02-16 13:11:47 -------- d-----w- C:\Users\ikke\AppData\Local\Quickscope_Simulator 2015-02-13 11:25:40 -------- d-----w- C:\Users\ikke\AppData\Roaming\Audacity 2015-02-10 12:27:09 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reveal Sound 2015-02-08 22:43:47 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rob Papen ====== C:\Users\ikke ====== 2015-03-06 17:30:46 -------- d-----w- C:\ProgramData\Golden Frog, GmbH 2015-03-06 17:07:04 4C874DCC40A4BCE7432017A121221624 4264256 ----a-w- C:\Users\ikke\Downloads\VyprVPN-2.7.0.4852-installer.exe 2015-03-06 11:42:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\ikke\Desktop\RSITx64.exe 2015-03-06 11:34:00 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\ikke\Desktop\WIGI.exe 2015-03-06 11:33:30 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\ikke\Desktop\WhyIGotInfected.exe 2015-03-04 11:33:33 6868295CA1A0950B9D6B8531738D23EE 159144 ----a-w- C:\Users\ikke\Downloads\WindowsActivationUpdate.exe 2015-03-01 16:23:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2015-03-01 16:10:56 -------- d-----w- C:\ProgramData\Adobe 2015-02-28 16:56:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD 2015-02-28 16:56:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Recorder 2015-02-28 16:54:58 F523A2C27DB893620054A8F05AB0E237 1482743 ----a-w- C:\Users\ikke\Downloads\Rylstim-Screen-Recorder.exe 2015-02-28 09:58:01 B6FD7C933D4D24CD0C51E1EC00DF3BC8 111172669 ----a-w- C:\Users\ikke\Downloads\0001-32bit_Win7_Win8_Win81_R275.exe 2015-02-27 13:19:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 2015-02-27 13:17:46 8DD5374D5991AC01706F1BE41343BE2A 767872 ----a-w- C:\Users\ikke\Downloads\CamStudioSetup_v2.7.2.exe 2015-02-27 12:00:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2015-02-27 11:50:30 57C00B223B639EFE253AF598F1841023 44 ----a-w- C:\Users\ikke\.screenleap 2015-02-26 12:53:07 C4FB3BCE9A507077AFFB3EE2594796D4 6648656 ----a-w- C:\Users\ikke\Downloads\Mikogo20150226135255_988994824_-00696b6b65__.exe 2015-02-26 12:45:34 84DCFCCB5882BC74DB6B0C690DFB43DF 11087144 ----a-w- C:\Users\ikke\Downloads\mikogo-starter.exe 2015-02-26 12:34:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-26 12:33:09 1A6A345D0CF74C4E17DA141F7E54221F 880208 ----a-w- C:\Users\ikke\Downloads\ChromeSetup.exe 2015-02-25 19:49:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2015-02-25 19:47:46 14146C17D988AABD7553E1C48D7FD976 691576 ----a-w- C:\Users\ikke\Downloads\msgr11us.exe 2015-02-25 19:38:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2015-02-25 19:36:58 -------- d-----w- C:\ProgramData\ManyCam 2015-02-25 19:36:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visicom Media 2015-02-25 19:36:30 -------- d-----w- C:\ProgramData\Visicom Media 2015-02-25 19:35:25 F5F46BBD587843F3F3142606F4F4B616 295960 ----a-w- C:\Users\ikke\Downloads\ManyCamWebInstaller.exe 2015-02-25 19:24:28 -------- d-----w- C:\Users\ikke\Tracing 2015-02-25 19:08:13 -------- d-----w- C:\ProgramData\Sun 2015-02-25 19:07:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-25 19:07:41 -------- d-----w- C:\ProgramData\Oracle 2015-02-25 19:06:52 6713E17AFCB3A28191A747DC8C475721 639912 ----a-w- C:\Users\ikke\Downloads\jxpiinstall.exe 2015-02-25 19:03:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-25 19:03:24 -------- d-----w- C:\ProgramData\Skype 2015-02-25 19:02:29 563B164F49F6A3FD88178B0266648A3D 1548384 ----a-w- C:\Users\ikke\Downloads\SkypeSetup.exe 2015-02-24 14:50:01 -------- dc-h--w- C:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE} 2015-02-24 14:37:50 -------- dc-h--w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} 2015-02-20 21:46:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge 2015-02-20 12:29:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-20 12:28:35 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-20 10:27:15 -------- d-----w- C:\ProgramData\Origin 2015-02-20 10:27:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-02-20 10:27:13 -------- d-----w- C:\ProgramData\Electronic Arts 2015-02-16 20:09:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG 2015-02-11 22:59:29 -------- d-----w- C:\ProgramData\CheckPoint ====== C: exe-files == 2015-03-08 23:58:32 E68F4DA796550658A46D98995A1765EC 16278832 ----a-w- C:\Users\ikke\Desktop\Vipre\VIPRE.AV.AS.4.0.3904.exe 2015-03-08 23:58:29 B88228D5FEF4B6DC019D69D4471F23EC 5073240 ----a-w- C:\Users\ikke\Desktop\Vipre\Microsoft Visual C++ 2010\vcredist_x86.exe 2015-03-08 23:58:29 6CF3186987C267D288FAB019448C1F9E 338944 ----a-w- C:\Users\ikke\Desktop\Vipre\Vipre Activator.exe 2015-03-08 02:49:02 A26A9B69B042395C6BC034D32137D3BF 1676600 ----a-w- C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe 2015-03-06 17:07:04 4C874DCC40A4BCE7432017A121221624 4264256 ----a-w- C:\Users\ikke\Downloads\VyprVPN-2.7.0.4852-installer.exe 2015-03-06 11:44:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\ikke.exe 2015-03-06 11:42:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\ikke\Desktop\RSITx64.exe 2015-03-06 11:34:00 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\ikke\Desktop\WIGI.exe 2015-03-06 11:33:30 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\ikke\Desktop\WhyIGotInfected.exe 2015-03-04 11:33:33 6868295CA1A0950B9D6B8531738D23EE 159144 ----a-w- C:\Users\ikke\Downloads\WindowsActivationUpdate.exe 2015-03-04 11:10:28 7EA5D6C2CE669BBCCEF968DEDC37E2AF 9092688 ----a-w- C:\Program Files (x86)\Google\Update\Install\{D0A5EAAC-7F47-41C6-9C91-D61827DF088F}\41.0.2272.76_40.0.2214.115_chrome_updater.exe 2015-03-04 11:10:25 7EA5D6C2CE669BBCCEF968DEDC37E2AF 9092688 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.76\41.0.2272.76_40.0.2214.115_chrome_updater.exe === C: other files == 2015-03-08 23:49:41 595B2147D21A93BE8BBA245B0D888140 21560528 ----a-w- C:\Users\ikke\Downloads\Vipre.zip 2015-03-06 17:31:01 A666A709F546719AB2BE55A2A5CA447F 229 ----a-w- C:\Program Files (x86)\VyprVPN\InstallCertificates.bat 2015-03-06 17:30:36 37241B5327FC15721E9A75DE37E5ED9D 193 ----a-w- C:\Program Files (x86)\VyprVPN\OpenVPN\util\addtap.bat 2015-03-06 17:30:36 362ACDA9A9E8FFDA0F1A6C6305DA9036 258 ----a-w- C:\Program Files (x86)\VyprVPN\OpenVPN\util\deltapall.bat 2015-03-06 11:25:03 FE7F83689172CC17185D6FB1AEFDFC6E 1188194 ----a-w- C:\Users\ikke\Downloads\ProcessExplorer.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet" "Mikogo"="C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-host.exe -asp" "VyprVPN"="C:\Program Files (x86)\VyprVPN\VyprVPN.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet" "Mikogo"="C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-host.exe -asp" "VyprVPN"="C:\Program Files (x86)\VyprVPN\VyprVPN.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25/02/2015 21:48] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/02/2015 13:33] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/02/2015 13:33] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default user_pref("browser.startup.homepage", "google.com"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash ==== Chromium Look ====================== Google Slides - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Hangouts - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl Google Wallet - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Mikogo] "C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-host.exe" -asp O4 - HKCU\..\Run: [VyprVPN] C:\Program Files (x86)\VyprVPN\VyprVPN.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mikogo-Service - BeamYourScreen GmbH - C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Service.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VyprVPN - Golden Frog, GmbH. - C:\Program Files (x86)\VyprVPN\VyprVPNService.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\ikke\AppData\Local\Mozilla\Firefox\Profiles\azl0lchs.default\Cache emptied successfully C:\Users\ikke\AppData\Local\Mozilla\Firefox\Profiles\azl0lchs.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\ikke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=394 folders=110 58254299 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\ikke\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ikke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 09/03/2015 at 12:42:12,83 ======================