Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Michelle on zo 31-05-2015 at 9:57:53,97. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Michelle\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-05-30-080212.log 70206 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Michelle\Desktop\zoek.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Michelle\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx not found ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2940 MB CPU Info: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz CPU Speed: 2176,7 MHz Sound Card: Not detected Display Adapters: | RDP Encoder Mirror Driver Monitors: 1x; Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Atheros AR5007EG Wireless Network Adapter | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (F: | ) F: HL-DT-STDVDRAM GSA-T50N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 116,3GB | E: 115,1GB Hard Disks - Free: C: 31,2GB | E: 95,0GB Manufacturer *: INSYDE BIOS Info: AT/AT COMPATIBLE | 12/09/08 | TOSINV - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: TOSHIBA Portable PC Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Internetbeveiliging On-access scanning disabled (Outdated) Anti-Spyware: Internetbeveiliging disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 43.0.2357.65 Internet Explorer Version: 9.0.8112.16421 Google Chrome version: 43.0.2357.65 Adobe Reader version: 11.0.8.4 Sun Java version: 1.8.0_45 (32-bit) Flash Player version: 17.0.0.169 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-05-27 05:17:47 E6D96A03EC87C593B8C652D72EE488A7 243988739 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Michelle\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-05-28 19:30:54 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Michelle\AppData\Roaming ====== 2015-05-30 07:56:51 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-05-30 07:56:50 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-05-30 07:56:50 -------- d-----w- C:\Users\Michelle\AppData\Local\Temp 2015-05-30 07:56:50 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-05-30 07:56:50 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-05-26 18:46:56 D3CEA539819626CB721DFBA77C297606 680 ----a-w- C:\Users\Michelle\AppData\Local\d3d9caps.dat ====== C:\Users\Michelle ====== 2015-05-28 19:29:49 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Michelle\Downloads\RSIT.exe ====== C: exe-files == 2015-05-28 19:30:54 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Michelle.exe 2015-05-28 19:29:49 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Michelle\Downloads\RSIT.exe 2015-05-27 14:51:31 277A41EB7D2DAA7105DF85BFC2F1C9AD 60456 ----a-w- C:\ProgramData\f-secure\GUTS2\orsp-win-v2\1432729310\fsorsp.exe 2015-05-27 14:51:30 AAD44E235E567401AB51571D06891C69 199720 ----a-w- C:\ProgramData\f-secure\GUTS2\orsp-win-v2\1432729310\orspupd.exe 2015-05-27 14:51:30 652F932B64BE6B9320E501DDBFAACA95 80936 ----a-w- C:\ProgramData\f-secure\GUTS2\orsp-win-v2\1432729310\orspdiag.exe 2015-05-27 14:51:29 FE0B93CE6EFAD628152BA700C44266A2 207912 ----a-w- C:\ProgramData\f-secure\GUTS2\hydrawin\1432650247\install.exe === C: other files == 2015-05-26 08:59:41 DDA886136E50D00BFFD202AAE37A55E5 55336 ----a-w- C:\ProgramData\f-secure\GUTS2\mlcwin\1432625178\fsbts_x64.sys 2015-05-26 08:59:41 C46C9E277A193CFDD2BAF0874A2F7450 43560 ----a-w- C:\ProgramData\f-secure\GUTS2\mlcwin\1432625178\fsbts.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-1992519123-4132911643-3822553869-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "TOSCDSPD"="TOSCDSPD.EXE" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe /c" "EPSON2265D9 (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_S4FE8.tmp /EF HKCU" "Epson Stylus SX420W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_SB649.tmp /EF HKCU" "MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" [HKEY_USERS\S-1-5-21-1992519123-4132911643-3822553869-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #6"="C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://www.icscards.nl/nlic/portal/anwb/?ns_campaign=notification.anwb&ns_mchannel=e-mail.notification&ns_source=internal.20150505&ns_linkname=tekstlink&ns_fee=0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "NDSTray.exe"="NDSTray.exe" "cfFncEnabler.exe"="cfFncEnabler.exe" "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup" "Google EULA Launcher"="c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA" "Toshiba TEMPO"="C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe /start" "jswtrayutil"="C:\Program Files\Jumpstart\jswtrayutil.exe" "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "Corel File Shell Monitor"="c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe" "EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Huishoudboekje"="C:\Program Files\DATA BECKER\Huishoudboekje\quick.exe" "F-Secure Hoster (45123)"="C:\Program Files\Internetbeveiliging\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "TOSCDSPD"="TOSCDSPD.EXE" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe /c" "EPSON2265D9 (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_S4FE8.tmp /EF HKCU" "Epson Stylus SX420W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_SB649.tmp /EF HKCU" "MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #6"="C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://www.icscards.nl/nlic/portal/anwb/?ns_campaign=notification.anwb&ns_mchannel=e-mail.notification&ns_source=internal.20150505&ns_linkname=tekstlink&ns_fee=0" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL" ==== Startup Folders ====================== 2008-08-19 11:40:54 1835 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2008-08-19 11:40:54 1835 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2015-04-24 15:03:35 1051 ----a-w- C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16-04-2015 18:37] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1992519123-4132911643-3822553869-1000Core.job --a------ C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [26-10-2014 00:20] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1992519123-4132911643-3822553869-1000UA.job --a------ C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [26-10-2014 00:20] C:\Windows\tasks\Scheduled scanning task.job --a------ C:\PROGRA1\INTERN3\apps\COMPUT1\ANTI-V1\fsav.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1992519123-4132911643-3822553869-1000Core" [C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1992519123-4132911643-3822553869-1000UA" [C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Scheduled scanning task" [C:\PROGRA~1\INTERN~3\apps\COMPUT~1\ANTI-V~1\fsav.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{C2AB3416-5164-4923-82ED-5A68766413B5}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{FB0A90B0-EF1F-4681-B4DC-5FB09CA3A10E}" [C:\Program Files\Skype\\Phone\Skype.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{448bb7fc-4480-4bbb-86d5-dacf656c0480}"="C:\Program Files\Internetbeveiliging\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https" [17-04-2015 22:48] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaahlfahldnilidgnlikdckbfehhca - No path found[] jmjjnhpacphpjmnnlnccpfmhkcloaade - C:/Program Files/Internetbeveiliging/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx[17-04-2015 22:46] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10-10-2011 12:09] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gkmikccifolokanfakbeadbmgchomeli - C:\Program Files\Internetbeveiliging\apps\SafeSearch\Chrome\main.crx[19-06-2014 10:28] Google Docs - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Booking.com for Chromeâ„¢ - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip Search by F-Secure - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli Bookmark Manager - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Browsing Protection by F-Secure - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade Skype Click to Call - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences llhkdhoafpjfnlhfpfgnpldfl":"8FDEBE9B040A170EC0CDE683A66B18D2FC5FE2628F821F50D1B8618D9A4AF400","mfehgcgbbipciphmccgaenjidiccnmng":"E4D114F194739DC4EC8F1B780623852E1624F2B9B17FB62E296FFA4FB369C429","mfffpogegjflfpflabcdkioaeobkgjik":"43FACB9D9580939146F5991F46DB6EF9EAC684557AB76B2D00EC837CC4DF924F","mgndgikekgjfcpckkfioiadnlibdjbkf":"78A60AF647F9B217498486C86B66345CA6F895DDDC2BAED20B0795E47B15E365","mhjfbmdgcfjbbpaeojofohoefgiehjai":"997FA0B1BEF2004E96CCFA34F64B225C72DABB07A70C6C771B8DC7A5C777EBDD","neajdppkdcdipfabeoofebfddakdcjhd":"8B7A0C77BA058D139F9D621C7C695245D23188ADE1492744B3CAEC87D70FD346","nkeimhogjdpnpccoofpliimaahmaaome":"180E960F2AE42E73B3285240EF3BC2DDC2FE51D704D2F87C01DE7EE385DF647B","nmmhkkegccagdldgiimedpiccmgmieda":"E238AA136924D9EE61D1510014ADCB8E8BBF53CEC56ED6626EC8771144E10869","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"52FBEF92CB8E521CB41AE25D404F8305490B787DE2C465E81267C25F44F02F32","pjkljhegncpnkpknbcohdijeoejaedia":"327322494A1AFE9541F904FA7D46785063CB756B5CA5C1548E7F38D5CD9EF535"}},"google":{"services":{"last_username":"5A4462AC6758ECC0FE52380D59E765AE94E93633F89D58E7AE893871A01102D2","username":"D0B7CF88C3DC49917C7129E797085D3AEEBE92B99E9F0AAE28026CA7064E1287"}},"homepage":"C2F7D3C4A31E14CFCFDD108C10B10C36141B361435BF39C24AE77DFFB52B763A","homepage_is_newtabpage":"C3A1D4E773DF45F987B2B7109F174CC09BC4257578FA44CE9E37157FB3993D21","pinned_tabs":"C2414D5BED91E77CE430455C8CA2B1EFB9EF0CC9BBC28F2B4C4FA3B170960175","prefs":{"preference_reset_time":"3F4605C94AB179779246232B15C9A90B6E5BDF3556F470744388E63726985952"},"profile":{"reset_prompt_memento":"921BC713B2A1C751E1C566096734411C9991266B4DB29104237892AE7C39F929"},"safebrowsing":{"incidents_sent":"7CAF2A362BC8D6E165ECA1BB4D0E3B0279A6E0D15013493572C309CF8E02EA1C"},"search_provider_overrides":"E1EF81B0EB3A63FC2C56B32A0B8F288D391F73493250B407F31A968C8C9CAC84","session":{"restore_on_startup":"BB264F4971C0870B8E7D2BE74734C4EFDC451CEF72AAB91DB2F86D867F207F31","startup_urls":"C5D9BC9EFFC6DC059F23BB57ECE28DFE857E5EC29B3FA2A3A98DEC465481B183"},"software_reporter":{"prompt_reason":"F2D8F6199CCD6B2BD4CD87BE0E2DD67F2D8DE6F113C75211FB6C20F37B08D5E1","prompt_seed":"C06AAC8A08F5E24B86D6A166F1D385ABC34F16B1BFF2314BD18974747D60BB2B","prompt_version":"A1D3076E4E444DE4E118E2977C2A86B4A8245A4A5E5F3E49C7F4535F5096BA2E"},"sync":{"remaining_rollback_tries":"9E713034B71C5FE0CD33BC46DD57151B52DE554C5712EDD7FFFC18D14ABF83B2"}},"super_mac":"F0C20F5617A490FE0A2E6A29CCC9A914B865A15C2513879620B381AB28BB977C"},"session":{"restore_on_startup":4,"startup_urls":["http://www.vvchaam.nl/"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{D4359B43-B7E8-4BB8-8C8E-125F148DF020}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {29ADE21B-BCF1-47ED-B239-A1E45EB22990} Google Url="http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_nl" {70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=CnzcSvFEm7rYDuBZslU1tM_b8UM?q={searchTerms}" {D4359B43-B7E8-4BB8-8C8E-125F148DF020} Google Url="http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_nl" ==== Reset Google Chrome ====================== C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Browsing Protection - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files\Internetbeveiliging\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Huishoudboekje] C:\Program Files\DATA BECKER\Huishoudboekje\quick.exe O4 - HKLM\..\Run: [F-Secure Hoster (45123)] "C:\Program Files\Internetbeveiliging\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON2265D9 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_S4FE8.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Epson Stylus SX420W(Netwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_SB649.tmp" /EF "HKCU" O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\RunOnce: [Application Restart #6] C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://www.icscards.nl/nlic/portal/anwb/?ns_campaign=notification.anwb&ns_mchannel=e-mail.notification&ns_source=internal.20150505&ns_linkname=tekstlink&ns_fee=0 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\Windows\system32\SAgent4.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3861 folders=801 1333879602 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Michelle\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Michelle\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on zo 31-05-2015 at 10:18:50,34 ======================