Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by lionel on ma 06/02/2017 at 17:55:00,39. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\lionel\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 6/02/2017 17:57:36 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\PhotoStitch deleted successfully C:\Users\lionel\AppData\Roaming\DiskDefrag deleted successfully C:\Users\lionel\AppData\Roaming\dvdcss deleted successfully C:\Users\lionel\AppData\Roaming\PeerNetworking deleted successfully C:\Users\lionel\AppData\Roaming\ZoomBrowser EX deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4210861826-744597554-2720867244-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Installed Programs ====================== Adobe AIR Adobe Community Help Adobe Flash Player 24 NPAPI Adobe Photoshop Elements 9 Adobe Reader X (10.1.16) - Nederlands Adobe Refresh Manager AVG AVG 2016 AVG Protection AVG Zen Basissoftware voor HP Deskjet 3050 J610 series Belgium e-ID middleware 4.0.7 (build 7466) Bing Bar Platform Bluesoleil2.7.0.35 VoIP Release 080317 Canon Utilities PhotoStitch CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibiliteitspakket voor het 2007 Microsoft Office system D3DX10 Dropbox Dropbox Update Helper Elements 9 Organizer Elements STI Installer FMW 1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Deskjet 3050 J610 series Haelp HP Photo Creations HP Update HPDiagnosticAlert HPDiagnosticCoreDll IncrediMail Java 8 Update 121 Java Auto Updater LightScribe System Software 1.12.33.2 Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Picture It Photo Standard 9 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Works Microsoft Works 6-9 Converter Microsoft Works Suite-invoegtoepassing Microsoft Word Microsoft_VC100_CRT_SP1_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 51.0.1 (x86 nl) Mozilla Maintenance Service MSVC80_x86_v2 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Essentials neroxml NVIDIA-configuratiescherm 311.06 NVIDIA 3D Vision stuurprogramma 311.06 NVIDIA Display Control Panel NVIDIA Grafisch stuurprogramma 311.06 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components OpenOffice 4.1.0 Paint Shop Pro 7 Anniversary Edition Photo Notifier and Animation Creator Picasa 3 PrivaZer Productverbeteringonderzoek HP Deskjet 3050 J610 series PVSonyDll Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista RealWorld Photos Revo Uninstaller 2.0.0 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft .NET Framework 4.5.2 (KB3048077) Security Update for Microsoft .NET Framework 4.5.2 (KB3072310) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft .NET Framework 4.5.2 (KB3099869) Security Update for Microsoft .NET Framework 4.5.2 (KB3122656) Security Update for Microsoft .NET Framework 4.5.2 (KB3127229) Security Update for Microsoft .NET Framework 4.5.2 (KB3135996) Security Update for Microsoft .NET Framework 4.5.2 (KB3142033) Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984938) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984943) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3114542) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3114742) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114895) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3115115) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3115107) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB3114426) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2880510) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3115195) 32-Bit Edition Segoe UI Sitecom WiFi USB adapter N300 Driver and Utility Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) TomTom HOME TomTom HOME Visual Studio Merge Modules TomTom MyDrive Connect 4.1.4.3089 TP-LINK TL-WN823N Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3115110) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 VIA Platform apparaatbeheer Visual Studio 2012 x86 Redistributables Visual Studio C++ 10.0 Runtime VLC media player Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVG\Framework\Common\avgsvcx.exe C:\Program Files\AVG\Av\avgwdsvcx.exe C:\Windows\system32\DbxSvc.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Dropbox\Client\Dropbox.exe C:\Program Files\AVG\Av\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\AVG\Framework\Common\avguix.exe C:\Program Files\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Sitecom\WiFi USB adapter N300 Driver and Utility\RtWlan.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\lionel\Downloads\zoek.exe C:\Windows\system32\conime.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirMailService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirSchedulerService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirWebService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5] [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1] ==== Deleting Files \ Folders ====================== C:\Users\lionel\AppData\Roaming\ProductData deleted C:\PROGRA~2\ProductData deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted "C:\Users\lionel\AppData\Local\{62AAFA34-2938-4C5E-98E0-182464115FED}" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2047 MB CPU Info: Intel(R) Core(TM)2 CPU E8400 @ 3.00GHz CPU Speed: 2995,3 MHz Sound Card: Luidsprekers (VIA High Definiti | SPDIF-interface (VIA High Defin | Luidsprekers (Bluetooth SCO Aud | Luidsprekers (Bluetooth AV Audi | Display Adapters: NVIDIA GeForce 8400 GS | NVIDIA GeForce 8400 GS | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 16 bit Network: Network Present Network Adapters: Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter | Bluetooth PAN Network Adapter | Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (E: | ) E: ATAPI iHAS220 6 Ports: COM3 | COM4 | COM5 | COM6 | COM7 | COM8 | COM9 | COM10 | COM11 | COM1 LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 156,2GB | D: 76,6GB | J: 298,0GB Hard Disks - Free: C: 93,2GB | D: 73,1GB | J: 243,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/28/08 | 052808 - 20080528 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer INC. P5KPL/1600 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition disabled (Outdated) Default Browser: Firefox 51.0.1 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 51.0.1 (x86 nl) Adobe Reader version: 10.1.16.13 Sun Java version: 1.8.0_121 (32-bit) Flash Player version: 24.0.0.194 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\lionel\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2017-02-06 16:41:07 1337593ACB4460BE388159A08C9DE1FE 400680 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2017-01-30 14:02:36 B6086890DCC120E239D0D69612EA1789 40256 ----a-w- C:\Windows\System32\DbxSvc.exe ====== C:\Windows\system32\drivers ===== 2017-01-30 14:02:36 DD2DBF8E5F858A7622BAA7F9B3A1C18B 35440 ----a-w- C:\Windows\System32\drivers\dbx-stable.sys 2017-01-30 14:02:36 DD2DBF8E5F858A7622BAA7F9B3A1C18B 35440 ----a-w- C:\Windows\System32\drivers\dbx-dev.sys 2017-01-30 14:02:36 DD2DBF8E5F858A7622BAA7F9B3A1C18B 35440 ----a-w- C:\Windows\System32\drivers\dbx-canary.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2017-02-03 11:56:08 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\lionel\AppData\Roaming ====== 2017-01-18 11:58:50 F1672CA2D2C05120B46687D5F3450F43 84 ----a-w- C:\Users\lionel\AppData\Roaming\wklnhst.dat 2017-01-16 16:19:35 -------- d-----w- C:\Users\lionel\AppData\Local\WindowsUpdate ====== C:\Users\lionel ====== 2017-02-04 13:23:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-03 11:54:51 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lionel\Downloads\RSIT.exe ====== C: exe-files == 2017-02-04 13:22:51 F0A23BCCC086FA630BB26EA62090832E 18904 ----a-w- C:\Program Files\Dropbox\Client\QtWebEngineProcess.exe 2017-02-04 13:22:29 B470CE1BE3D90BC5CA8278689670C7D8 174064 ----a-w- C:\Program Files\Dropbox\Client\DropboxUninstaller.exe 2017-02-04 13:22:28 B6086890DCC120E239D0D69612EA1789 40256 ----a-w- C:\Program Files\Dropbox\Client\driver_x86\dbxsvc.exe 2017-02-04 13:22:28 9C1B2A7270CB3953D32C0CA82A4746D7 26219896 ----a-w- C:\Program Files\Dropbox\Client\Dropbox.exe 2017-02-04 13:22:28 2C5A991F0320D95BAC80D0C31F43A79E 46400 ----a-w- C:\Program Files\Dropbox\Client\driver_amd64\dbxsvc.exe 2017-02-03 11:56:08 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\lionel.exe 2017-02-03 11:54:51 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lionel\Downloads\RSIT.exe 2017-02-03 11:18:03 27408AEE87871E9D232E731B56F95FF0 75648024 ----a-w- C:\Program Files\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\19.4.12\DropboxClient_19.4.12.exe === C: other files == 2017-02-04 13:22:28 DD2DBF8E5F858A7622BAA7F9B3A1C18B 35440 ----a-w- C:\Program Files\Dropbox\Client\driver_x86\dbx-stable.sys 2017-02-04 13:22:28 DD2DBF8E5F858A7622BAA7F9B3A1C18B 35440 ----a-w- C:\Program Files\Dropbox\Client\driver_x86\dbx-dev.sys 2017-02-04 13:22:28 DD2DBF8E5F858A7622BAA7F9B3A1C18B 35440 ----a-w- C:\Program Files\Dropbox\Client\driver_x86\dbx-canary.sys 2017-02-04 13:22:27 BAB0A5FC7D43463155ADFE6555D893CB 46192 ----a-w- C:\Program Files\Dropbox\Client\driver_amd64\dbx-stable.sys 2017-02-04 13:22:27 BAB0A5FC7D43463155ADFE6555D893CB 46192 ----a-w- C:\Program Files\Dropbox\Client\driver_amd64\dbx-dev.sys 2017-02-04 13:22:27 BAB0A5FC7D43463155ADFE6555D893CB 46192 ----a-w- C:\Program Files\Dropbox\Client\driver_amd64\dbx-canary.sys 2017-02-02 11:25:17 FF46BE5A2038070C7CC7E5DDB18B230E 5336 ----a-w- C:\Users\lionel\AppData\Roaming\Mozilla\Firefox\Profiles\qegsiy1g.default-1484818492473\features\{3bdb4bf3-1a32-4927-a606-12d3bbff7808}\hsts-priming@mozilla.org.xpi 2017-02-02 11:25:17 56D3B0435CCD413EBF6856EADE2D9B47 5527 ----a-w- C:\Users\lionel\AppData\Roaming\Mozilla\Firefox\Profiles\qegsiy1g.default-1484818492473\features\{3bdb4bf3-1a32-4927-a606-12d3bbff7808}\diagnostics@mozilla.org.xpi ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-4210861826-744597554-2720867244-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\Framework\Common\avguirnx.exe /lps=av" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "Dropbox"="C:\Program Files\Dropbox\Client\Dropbox.exe /systemstartup" "AvgUi"="C:\Program Files\AVG\Framework\Common\avguirnx.exe /lps=fmw" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "HDAudDeck"="C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor7.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService9] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NMIndexingService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Folders ====================== 2017-02-03 11:17:28 1112 ----a-w- C:\Users\lionel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/01/2017 14:14] C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files\Dropbox\Update\DropboxUpdate.exe [19/01/2016 17:51] C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files\Dropbox\Update\DropboxUpdate.exe [19/01/2016 17:51] C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\Users\lionel\AppData\Roaming\HP Photo Creations\Communicator.exe [21/12/2016 15:19] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\ASC Task (One-Time)" [C:\Program Files\IObit\Advanced SystemCare\PromoteASCAfterInstall.exe] "C:\Windows\system32\tasks\ASC9_PerformanceMonitor" [C:\Program Files\IObit\Advanced SystemCare\Monitor.exe] "C:\Windows\system32\tasks\ASC9_SkipUac_lionel" ["C:\Program Files\IObit\Advanced SystemCare\ASC.exe" /SkipUac] "C:\Windows\system32\tasks\AVG EUpdate Task" [avgsetupx.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Driver Booster SkipUAC (lionel)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\GU5SkipUAC" [C:\Program Files\Glary Utilities 5\Integrator.exe] "C:\Windows\system32\tasks\HP Photo Creations Communicator" [C:\Users\lionel\AppData\Roaming\HP Photo Creations\Communicator.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3050 J610 series" ["C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\hpUrlLauncher.exe" [C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\utils\hpUrlLauncher.exe] "C:\Windows\system32\tasks\Java Platform SE Auto Updater" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\PrivaZer_SkipUAC" [C:\Program Files\PrivaZer\PrivaZer.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\lionel\AppData\Roaming\Mozilla\Firefox\Profiles\qegsiy1g.default-1484818492473 user_pref("browser.startup.homepage", "about:home"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [06/02/2016 11:35] ==== Firefox Extensions ====================== ProfilePath: C:\Users\lionel\AppData\Roaming\Thunderbird\Profiles\tqkdnywb.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ProfilePath: C:\Users\lionel\AppData\Roaming\TomTom\HOME\Profiles\pvqn3gcl.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\lionel\AppData\Roaming\Mozilla\Firefox\Profiles\qegsiy1g.default-1484818492473 F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 08C3C6B144EB5EBDE93263237C53DB14 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 07A722522C5CB75AEBF837E0411415C0 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 1B743D5B6FD001660FAB17DD7C347A38 - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In 5885945862885D0D1D3BE7D8F411EE5B - C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U121 64CA0036B2F1AEB7256ADBF5D034FFCA - C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1210.13 C63C3E4DFC05BAD9B34C0F884150547C - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 9E602A9634AC3EFA8CD5BC4CD943416B - C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll - Shockwave Flash 30058F2746B25F60DCC7624E227357D1 - C:\Users\lionel\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer 4F3F6B17B4A5BDB68B3CB0367A2C214E - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] Google Drive - lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=av O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Mail Protection (AntiVirMailService) - Unknown owner - C:\Program Files\Avira\Antivirus\avmailc.exe (file missing) O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\Antivirus\sched.exe (file missing) O23 - Service: Avira Real-Time Protection (AntiVirService) - Unknown owner - C:\Program Files\Avira\Antivirus\avguard.exe (file missing) O23 - Service: Avira Web Protection (AntiVirWebService) - Unknown owner - C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgwdsvcx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: RealtekCU - Realtek Semiconductor Corp. - C:\Program Files\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lionel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\lionel\AppData\Local\Mozilla\Firefox\Profiles\qegsiy1g.default-1484818492473\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\lionel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=8 folders=4 16054 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\lionel\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\lionel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\lionel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on ma 06/02/2017 at 18:16:28,41 ======================