Zoek.exe v5.0.0.0 Updated 03-November-2014
Tool run by Admin on ma 03/11/2014 at 19:47:37,96.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\1TB schijf 2014\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]
==== Older Logs ======================
C:\zoek-results2014-11-03-175731.log 16314 bytes
C:\zoek-results2014-11-03-180918.log 21759 bytes
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\afasrv64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox .exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.e xe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_ 0_0_189_ActiveX.exe
E:\1TB schijf 2014\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Admin\AppData\Local\Temp ====
2014-11-03 18:12:00 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_e xt.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjpku1t.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-25 19:43:52 11996C1FD2D437347654E660DE9144A7 609240 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe
2014-10-25 19:41:31 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-26 10:17:50 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-10-26 10:17:49 2147C5330F983D76A36B73F4A804F778 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2014-10-25 19:43:19 B55FA6AD6C4A74AFC85433490E97C0DE 3826628 ----a-w- C:\Windows\Sysnative\nvcoproc.bin
2014-10-25 19:41:31 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2014-10-25 19:41:31 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-25 19:41:32 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-10-17 09:15:55 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-16 10:22:06 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 10:22:02 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Admin\AppData\Roaming ======
2014-10-25 19:58:21 4352D88A78AA39750BF70CD6F27BCAA5 4 ----a-w- C:\Users\Admin\AppData\Roaming\appdataFr2.bin
2014-10-15 14:20:24 3F784960D883E07B7BB34814FFDED261 110688 ----a-w- C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\GDIPFONTCACHEV1.DAT
2014-10-07 18:23:28 -------- d-----w- C:\Users\Admin\AppData\Local\sabnzbd
====== C:\Users\Admin ======
2014-10-25 20:12:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
====== C: exe-files ==
=== C: other files ==
2014-11-03 18:02:17 EAEEA223DD0C5672DDDF88D14506E098 456886 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\CLSDWK9E\silverlightmediaele ment[1].zip
2014-11-03 18:01:47 81092F7AF3400291C02CAB6E54D61B71 172220 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\CGI4AW91\RegisterDevice[1].zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-4162061662-3345863227-1776897274-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"
"WSHelperSetup.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WSHelperSetup.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"
"WSHelperSetup.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\citrix\\icacli~1\\rs hook.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GENIE"="C:\Program Files (x86)\NETGEAR\A6200\A6200.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\Ki esPDLR.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="ApnTBMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\Updater\\TBNoti fier.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleIEDAV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AppleIEDAV"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\AppleIEDAV.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="ApplePhotoStreams"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="beid"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe\" /startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserPlugInHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="BrowserPlugInHelper"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Wondershare\\Video Converter Ultimate\\BrowserPlugInHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\com.apple.dav.bookmarks. daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="com.apple.dav.bookmarks.daemon"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\BookmarkDAV_client.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="DBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\DBAgent.exe\" /WinStart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="hpqSRMon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="KiesAirMessage"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanuchApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="LanuchApp"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\NETGEAR\\A6200\\LanuchApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uploader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="Uploader"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\Seagate.Dashboard.Uploader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USBestCR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="USBestCR"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sitecom MD-020 SIM Editor\\iconcs11004138.exe RunFromReg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\ CurrentVersion\\Run"
"item"="Wondershare Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\S tart Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra 08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Sitecom Wireless Utility.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\S tart Menu\\Programs\\Startup\\Sitecom Wireless Utility.lnk"
"backup"="C:\\Windows\\pss\\Sitecom Wireless Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Sitecom\\Common\\RaUI .exe -s"
"item"="Sitecom Wireless Utility"
==== Startup Folders ======================
2014-09-14 16:01:15 1046 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [01/11/2014 11:48]
C:\Windows\tasks\AutoKMSCustom.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [20/02/2013 14:51]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Admin DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe]
"C:\Windows\SysNative\tasks\AutoKMSCustom" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTas k" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Seagate_Install_Launch " [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe]
"C:\Windows\SysNative\tasks\{52D18B42-EB86-4EFC-90BE-3F444C9BB6A4}" [C:\Users\Admin\Documents\nec_usb3_1.020.1\nec_usb3 _1.020.1\nec_usb3_1.020.1\nec_usb3_1.020.1.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpd ate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtecti onPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Fi refox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensi ons]
"{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}"="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt" []
==== Firefox Extensions ======================
ExtDir: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\extensions
- MP3 Rocket Downloader - %ExtDir%\mp3rocketdownloader@mp3rocket.me.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensio ns
chgdeabpmphfhkoemjjglmilajldekbp - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={search...ox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4162061662-3345863227-1776897274-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\dcc4ee87-6a34-4339-9241-34e0eee5fca0 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\G oogle deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chr ome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserPlugInHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks. daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\acrord32_sbx\Tem porary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1104 folders=91 244721434 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ma 03/11/2014 at 20:05:41,88 ======================
Weergegeven resultaten: 1 t/m 10 van 20
Discussie: Sharkmancoupon
Threaded View
-
3 November 2014, 21:08 #11Gevorderd
- Geregistreerd
- 11 May 2005
- Locatie
- Blankenberge
- Berichten
- 407
- Bedankjes
- 366
- Bedankt
- 45 keer in 31 posts
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
Sharkmancoupon
Door Blankenberge in forum MalwareReacties: 4Laatste bericht: 31 October 2014, 22:18
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers