Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Jacques on za 03-05-2014 at 12:36:32,75. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jacques\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe C:\WINDOWS\SysWOW64\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\dashost.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe C:\WINDOWS\System32\WinLogon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\System32\LogonUI.exe C:\WINDOWS\System32\dwm.exe C:\WINDOWS\system32\dwm.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe C:\WINDOWS\system32\taskhostex.exe C:\WINDOWS\Explorer.EXE C:\Windows\System32\skydrive.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Windows\System32\SettingSyncHost.exe C:\Windows\System32\WWAHost.exe C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.42_x64__8jx5e25qw3tdc\Kav.Metro.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe C:\WINDOWS\syswow64\wwahost.exe C:\Users\Jacques\Desktop\zoek.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k WerSvcGroup ==== System Restore Info ====================== 3-5-2014 12:38:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\Jacques\AppData\Roaming\Ashampoo Slideshow Studio HD 2 deleted successfully C:\Users\Jacques\AppData\Roaming\Mozilla deleted successfully C:\Users\Jacques\AppData\Local\MigWiz deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-348676042-3188446348-2133082208-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-348676042-3188446348-2133082208-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Installed Programs ====================== 64 Bit HP CIO Components Installer Ashampoo AppLauncher v.1.0.0 Ashampoo Burning Studio 11 v.11.0.4 Ashampoo Core Tuner 2 v.2.0.1 Ashampoo GetBack Photo v.1.0.1 Ashampoo HDD Control 2 v.2.1.0 Ashampoo Music Studio 4 v.4.0.1 Ashampoo Photo Commander 10 v.10.1.3 Ashampoo Photo Optimizer 5 v.5.1.2 Ashampoo Slideshow Studio HD 2 v.2.0.5 Ashampoo Snap 5 v.5.1.5 Ashampoo UnInstaller 4 v.4.30 Ashampoo Video Styler v.1.0.1 Ashampoo WinOptimizer 9 v.9.04.31 Bing Bar BufferChm CCleaner Copy CyberLink Home Cinema 10 CyberLink LabelPrint 2.5 CyberLink MediaEspresso 6.5 CyberLink Power2Go 8 CyberLink PowerDVD 10 CyberLink PowerDVD Copy 1.5 CyberLink PowerRecover D3DX10 Destinations DeviceDiscovery DJ_AIO_03_F4200_Software_Min DocProc F4200 FastStone Image Viewer 5.1 FileZilla Client 3.8.0 Fotogalerie Fotogalerija Fotogalleri Fotogalleriet Fotograf Galerisi Fot˘t r Galeria de Fotografias Galerˇa de fotos Galeria fotografii Galerie de photos Google Chrome Google Update Helper GPBaseService2 HP Customer Participation Program 14.0 HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 HP Imaging Device Functions 14.0 HP Solution Center 14.0 HP Update HPPhotoGadget HPProductAssistant HPSSupply Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client Junk Mail filter update Kaspersky Internet Security KompoZer 0.8b3 Malwarebytes Anti-Malware versie 2.0.1.1004 MarketResearch Microsoft Application Error Reporting Microsoft Office Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP3 Parser (KB2758694) OCR Software by I.R.I.S. 14.0 OpenOffice 4.0.1 Photo Common Photo Gallery Podstawowe programy Windows Live Raccolta foto Realtek Ethernet Controller Driver Realtek High Definition Audio Driver S?????? f?t???af??? Scan Shop for HP Supplies SkypeT 6.3 SolutionCenter Status Toolbox TrayApp Valokuvavalikoima WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven peruspaketti ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Jacques\AppData\Roaming\systweak deleted C:\Users\Jacques\AppData\LocalLow\VideoDownloadConverter_4z deleted C:\Users\Jacques\AppData\LocalLow\VideoDownloadConverter_4zEI deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3980 MB CPU Info: Intel(R) Celeron(R) CPU G1620 @ 2.70GHz CPU Speed: 2694,1 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Samsung SyncMaster 570V/580V TFT | Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8188CU draadloze LAN 802.11n USB 2.0-netwerkadapater | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW SH-216DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 869,4GB | D: 60,0GB | G: 698,6GB Hard Disks - Free: C: 829,2GB | D: 44,9GB | G: 598,4GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDION H77H2-EM Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Kaspersky Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Kaspersky Internet Security disabled Default Browser: Google Chrome 34.0.1847.131 Internet Explorer Version: 11.0.9600.17105 Google Chrome version: 34.0.1847.131 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2014-04-28 08:55:22 2301304260456CAB0F9BF2083F6ADB56 327168 ----a-w- C:\WINDOWS\IsUn0413.exe 2014-04-28 08:55:20 A0BA961EE30D37F3B00F8E03524CFB8B 276 ----a-w- C:\WINDOWS\_delis32.ini 2014-04-15 10:11:13 81394C91B7B5A7C799E249AE82491F13 2373784 ----a-w- C:\WINDOWS\explorer.exe 2014-04-09 12:56:21 CE2896707B5DF87A7745CD9F2D333D65 193264 ----a-w- C:\WINDOWS\hpoins28.dat 2014-04-09 12:56:21 78FB317381BA4886A6663D17051509CD 584 ------w- C:\WINDOWS\hpomdl28.dat ====== C:\Users\Jacques\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-05-02 08:27:57 5869FBC754578A59C8C8635B99DB79DE 17384448 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-02 08:26:25 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-28 08:57:22 DB7AE9635A7968A5FBF0C5CB2A67FF97 38160 ----a-w- C:\WINDOWS\SysWOW64\LMRTREND.dll 2014-04-28 08:57:22 9A58AA9C232C83BACB475D8171ED3FFD 155408 ----a-w- C:\WINDOWS\SysWOW64\LMRT.dll 2014-04-28 08:57:21 B69471289A2C07F7497BD941559E9C42 182032 ----a-w- C:\WINDOWS\SysWOW64\dxtmsft3.dll 2014-04-28 08:57:21 89112689A307A65769CA942079CACE9B 140800 ----a-w- C:\WINDOWS\SysWOW64\tm20dec.ax 2014-04-28 08:57:20 92F8115DDC7136ECCD7BDDBC492F9861 63488 ----a-w- C:\WINDOWS\SysWOW64\unam4ie.exe 2014-04-28 08:57:20 169B101BC0D37583F9B268F644278207 217984 ----a-w- C:\WINDOWS\SysWOW64\strmdll.dll 2014-04-28 08:57:19 F318E151801F7EB505894718E03BC438 5672 ----a-w- C:\WINDOWS\SysWOW64\quartz.vxd 2014-04-28 08:57:19 B5D7471E38ED6D03145D5E6DCB368715 11776 ----a-w- C:\WINDOWS\SysWOW64\mciqtz.drv 2014-04-28 08:57:19 8BFD9305913198FC50EF5282C337498F 194320 ----a-w- C:\WINDOWS\SysWOW64\qcut.dll 2014-04-28 08:57:19 8A226304F2EADD8C96AC211ED190DA48 1088272 ----a-w- C:\WINDOWS\SysWOW64\danim.dll 2014-04-28 08:57:19 550BA20DF6C08E628CA9ABD0F6E917B8 10240 ----a-w- C:\WINDOWS\SysWOW64\vidx16.dll 2014-04-28 08:57:18 7210D5407A2D2F52E851604666403024 2272 ----a-w- C:\WINDOWS\SysWOW64\w95inf16.dll 2014-04-28 08:57:18 4BE7661C89897EAA9B28DAE290C3922F 4608 ----a-w- C:\WINDOWS\SysWOW64\w95inf32.dll 2014-04-28 08:56:59 B9807BDDD55D3D4DA93A0BF5F67E4144 278528 ----a-w- C:\WINDOWS\SysWOW64\pncrt.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-05-02 08:28:00 A98DA2EC1E56CF52C682D072F77D9874 23547904 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-05-02 08:26:23 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb 2014-04-23 08:09:05 779FB2F26E4339A4DD3EEF57E4E593FA 3408896 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2014-04-23 08:09:04 ED6A11F4562F89F559243AC87B01DBF4 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2014-04-23 08:09:04 C89F2486735F7360D6D7B7B14E4B07C9 1705984 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2014-04-23 08:09:04 48C4FAB482665748D3598D96AD3461D9 381952 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2014-04-23 08:09:04 04FFE8E9A0B4621A56773065AA41D575 190976 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-04-30 08:36:34 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-30 08:36:01 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2014-04-30 08:36:01 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2014-04-30 08:36:01 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2014-04-15 10:49:19 F21B77B4D74092A543807D3CEB711A88 1118552 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2014-04-15 10:49:17 9539F7917B4B6D92C90F0FAA6B86C605 539992 -c--a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys 2014-04-15 10:49:07 B2BD017231836DA9F63F41E3A075D73E 590168 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2014-04-15 10:49:00 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys 2014-04-15 10:48:57 233A4C961703D6B3EBA4EC1A3E85AACE 298496 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys 2014-04-15 10:48:54 275AFE3FA35E8D78BE97695DF49817C6 280920 -c--a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2014-04-15 10:48:51 87765EF43C33BE342F4ACB0E3FBF89A6 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2014-04-15 10:48:50 8685379B82AC81187813225905531D1E 272896 -c--a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys 2014-04-15 10:48:48 46D1DF775FFF14585218BBE16E5B2C9A 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys 2014-04-15 10:48:46 EA23453240137F6773174E0D93F61A69 148824 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2014-04-15 10:48:43 3595FBDF25F8BA6256072D103937D7D6 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2014-04-15 10:48:38 8F39AFEB255487932DFF14D9E0E0FC24 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2014-04-15 10:48:36 52E483A3701A5A61A75A06993720347D 551256 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys 2014-04-15 10:48:21 FDEC5799BA499D18AFA3A540538866E7 236888 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2014-04-15 10:48:15 48430B0313FC1CFE3D2400553F1A93CD 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2014-04-15 10:48:13 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\WINDOWS\Sysnative\drivers\luafv.sys 2014-04-15 10:48:12 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\WINDOWS\Sysnative\drivers\PEAuth.sys 2014-04-15 10:48:04 02836172141D3AFA35B07679E253E503 151384 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2014-04-15 10:47:56 EF3AE7773394DF49CE74AF78A1C8D23D 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpioclx.sys 2014-04-15 10:47:55 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\fileinfo.sys 2014-04-15 10:47:54 E515A287C8FAE901EB8FB42F168E14F2 924504 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys 2014-04-15 10:47:53 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys 2014-04-15 10:47:52 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys 2014-04-15 10:47:45 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpfve.sys 2014-04-15 10:47:42 C1F564F324685C088ECAB1933576CF91 54816 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys 2014-04-15 10:47:40 B034A41891A36457B994307DFA772293 189784 -c--a-w- C:\WINDOWS\Sysnative\drivers\UCX01000.SYS 2014-04-15 10:47:37 9DDCA7F18983C5410DEFF79F819DF93C 994136 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2014-04-15 10:47:27 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\WINDOWS\Sysnative\drivers\watchdog.sys 2014-04-15 10:11:15 FEEFE783D87C9063CDAC6DBDCF95F533 2519384 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-04-15 10:11:13 C7D252742946DD395670649742FBD73D 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-04-15 10:11:12 1C80517BE6836A812F6A9B99B8321351 2013016 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2014-04-15 10:11:09 E62EAEF0BAC9DD61BF22D4A7F2F18571 679424 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2014-04-15 10:11:06 C997E6A37BA8915224B3FB5024A34F69 402944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-04-15 10:11:06 4030CB06B8D963A45CED9E60C9F2A11E 379224 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2014-04-15 10:11:05 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys 2014-04-15 10:11:02 4627C1FBF2802425A408A2D2AF28CF85 565536 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2014-04-15 10:11:01 466BDC0006103F2547D308DD3CD64398 245760 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2014-04-15 10:11:01 179A41249055D5F039F1B6703F3B6D2B 376152 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys 2014-04-15 10:11:00 AC408FA243471C25CDE435C3B83536A9 337752 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys 2014-04-15 10:11:00 647C7652FA19F98CADF2BFDA2164BFEC 443392 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2014-04-15 10:10:59 F88CC88F4A6D8476F1664E805CA18CC2 180056 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2014-04-15 10:10:59 CFC52C49BEFE4D70D87FFA900EAB9777 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2014-04-15 10:10:58 C48CDFD48A43E4AEC8170E1E50A3FACD 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2014-04-15 10:10:58 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2014-04-15 10:10:57 FD9C9E9E3F0ED51502C7E8C066BE26B9 79360 ----a-w- C:\WINDOWS\Sysnative\drivers\IPMIDrv.sys 2014-04-15 10:10:57 BFBE1C5F57FE7A885673A1962D5532B7 136024 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys 2014-04-15 10:10:57 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2014-04-15 10:10:57 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys 2014-04-15 10:10:57 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpipreg.sys 2014-04-15 10:10:57 3E28B99198B514DFEB152EACF913025E 283648 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2014-04-15 10:10:57 1D55DADC22D21883A2F80297F5A5AE48 140288 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys 2014-04-05 08:00:49 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ====== C:\WINDOWS\Tasks ====== 2014-04-18 12:00:57 FDFF11C15FBB03C9BECE37187C824731 1076 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-18 12:00:57 F538C2FE43DC9C11D3CEF16DBE6627D0 4048 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2014-04-18 12:00:57 A323D6A8E6D6A5485808353B15A79947 3812 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2014-04-18 12:00:56 F4CD62D36BB5147CB4FF429B5ABE3BF1 1072 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-05 10:41:22 C476BD86ED4B9AE91ADF60D6ADFF22C7 3554 ----a-w- C:\WINDOWS\Sysnative\Tasks\CreateChoiceProcessTask ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-04-30 14:25:29 -------- d-----w- C:\Program Files\trend micro 2014-04-20 08:43:45 -------- d-----w- C:\Program Files\Windows Live ======= C:\PROGRA~2 ===== 2014-04-28 08:56:59 -------- d-----w- C:\PROGRA~2\COMMON~1\Real 2014-04-18 12:00:54 -------- d-----w- C:\PROGRA~2\Google 2014-04-15 19:57:33 -------- d-----w- C:\PROGRA~2\Navigram 2014-04-09 12:59:06 -------- d-----w- C:\PROGRA~2\Microsoft 2014-04-09 12:58:03 -------- d-----w- C:\PROGRA~2\COMMON~1\HP 2014-04-09 12:57:59 -------- d-----w- C:\PROGRA~2\COMMON~1\Hewlett-Packard 2014-04-09 12:57:30 -------- d-----w- C:\PROGRA~2\HP 2014-04-09 11:16:22 -------- d-----w- C:\PROGRA~2\FastStone Image Viewer 2014-04-08 19:48:24 -------- d-----w- C:\PROGRA~2\KompoZer 2014-04-08 07:29:14 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-04-08 07:29:14 -------- d-----r- C:\PROGRA~2\Skype 2014-04-03 19:10:55 -------- d-----w- C:\PROGRA~2\OpenOffice 4 ======= C: ===== 2014-04-30 08:51:23 56204867D0E327A90067EB37E31EF03E 2367 ----a-w- C:\malwarefile2.txt 2014-04-30 08:50:12 F56756A6940C155E19AB2825651EAD8D 2279 ----a-w- C:\malwarefile.txt ====== C:\Users\Jacques\AppData\Roaming ====== 2014-04-29 07:42:32 -------- d-----w- C:\Users\Jacques\AppData\Local\Ashampoo 2014-04-29 07:42:27 -------- d-----w- C:\Users\Jacques\AppData\Roaming\Ashampoo 2014-04-18 12:05:26 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google 2014-04-18 12:00:47 -------- d-----w- C:\Users\Jacques\AppData\Local\Google 2014-04-18 12:00:25 -------- d-----w- C:\Users\Jacques\AppData\Local\Deployment 2014-04-18 12:00:25 -------- d-----w- C:\Users\Jacques\AppData\Local\Apps 2014-04-17 10:20:09 -------- d-----w- C:\Users\Jacques\AppData\Local\ElevatedDiagnostics 2014-04-17 10:18:30 -------- d-s---w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Locallow\Microsoft 2014-04-17 07:52:52 -------- d-sh--w- C:\Users\Jacques\AppData\Locallow\EmieUserList 2014-04-17 07:52:46 -------- d-sh--w- C:\Users\Jacques\AppData\Local\EmieUserList 2014-04-17 07:52:46 -------- d-sh--w- C:\Users\Jacques\AppData\Local\EmieSiteList 2014-04-17 07:52:44 -------- d-sh--w- C:\Users\Jacques\AppData\Locallow\EmieSiteList 2014-04-16 09:42:00 -------- d-----w- C:\Users\Jacques\AppData\Roaming\SketchUp 2014-04-09 13:00:25 -------- d-----w- C:\Users\Jacques\AppData\Roaming\HP 2014-04-09 12:59:01 -------- d-----w- C:\Users\Jacques\AppData\Roaming\HpUpdate 2014-04-09 11:16:46 -------- d-----w- C:\Users\Jacques\AppData\Roaming\FastStone 2014-04-08 19:48:30 -------- d-----w- C:\Users\Jacques\AppData\Roaming\kompozer.net 2014-04-08 19:48:30 -------- d-----w- C:\Users\Jacques\AppData\Local\kompozer.net 2014-04-08 10:43:15 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft 2014-04-08 07:29:17 -------- d-----w- C:\Users\Jacques\AppData\Roaming\Skype 2014-04-07 10:47:56 -------- d-----w- C:\Users\Jacques\AppData\Local\Cyberlink 2014-04-07 10:47:53 -------- d-----w- C:\Users\Jacques\AppData\Roaming\CyberLink 2014-04-07 10:13:26 -------- d-----w- C:\Users\Jacques\AppData\Local\Microsoft_Corporation 2014-04-05 14:07:11 0C4B1ACB72943D8D024DABD9CDC37F85 7605 ----a-w- C:\Users\Jacques\AppData\Local\resmon.resmoncfg 2014-04-03 19:12:05 -------- d-----w- C:\Users\Jacques\AppData\Roaming\OpenOffice 2014-04-03 12:12:23 -------- d-----w- C:\Users\Jacques\AppData\Local\Diagnostics ====== C:\Users\Jacques ====== 2014-04-30 14:23:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Jacques\Desktop\RSITx64.exe 2014-04-30 08:34:07 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Jacques\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 07:54:20 55BC08E32879A3DE7386A2695D668304 4745984 ----a-w- C:\Users\Jacques\Downloads\ccsetup413.exe 2014-04-22 07:51:57 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2014-04-20 08:44:33 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-04-18 12:03:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-16 09:40:58 -------- d-----w- C:\ProgramData\SketchUp 2014-04-09 13:00:25 -------- d-----w- C:\ProgramData\WEBREG 2014-04-09 12:58:39 -------- d-----w- C:\ProgramData\HP Product Assistant 2014-04-09 12:57:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-04-09 12:56:08 -------- d-----w- C:\ProgramData\HP 2014-04-09 11:16:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2014-04-09 11:07:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 2014-04-08 19:48:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-08 07:29:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-04-08 07:29:10 -------- d-----w- C:\ProgramData\Skype 2014-04-03 19:25:33 B0DB20C802D99FF8D5446F5A0233E9A7 26112 --sha-w- C:\Users\Jacques\Thumbs.db 2014-04-03 19:11:22 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1 ====== C: exe-files == 2014-05-03 10:35:37 493066F5A0B451CD753D0B382CE60D15 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-348676042-3188446348-2133082208-1002\$IUHD1J5.exe 2014-05-03 10:34:25 2ED2319F3DE13495AAA49B70A1467055 1285120 ----a-w- C:\$Recycle.Bin\S-1-5-21-348676042-3188446348-2133082208-1002\$RUHD1J5.exe 2014-05-02 15:12:33 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\$SysReset\Temp\A4B18320-8EF5-4ACE-90EA-2BC6EF971474\DismHost.exe 2014-05-01 08:54:23 BE94F93185E44F4A94CB78F746EA4264 1155072 ----a-w- C:\Users\Jacques\AppData\Local\Packages\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\AC\Microsoft\CLR_v4.0\NativeImages\AccuWeather.Store\fb101535bc4e69be041c59b9965764f4\AccuWeather.Store.ni.exe 2014-04-30 14:25:31 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jacques.exe 2014-04-30 14:23:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Jacques\Desktop\RSITx64.exe 2014-04-30 08:34:07 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Jacques\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 07:54:20 55BC08E32879A3DE7386A2695D668304 4745984 ----a-w- C:\Users\Jacques\Downloads\ccsetup413.exe 2014-04-29 13:10:40 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.131\34.0.1847.131_34.0.1847.116_chrome_updater.exe 2014-04-28 08:57:20 B16443BA0652C42645B32A48232822E7 109840 ----a-w- C:\Program Files (x86)\Windows Media Player\mplayer2.exe 2014-04-28 08:57:20 92F8115DDC7136ECCD7BDDBC492F9861 63488 ----a-w- C:\Windows\SysWOW64\unam4ie.exe 2014-04-28 08:57:19 0AF665DBF9605D4250908D28860BC364 75024 ----a-w- C:\Windows\Inf\unregmp2.exe 2014-04-28 08:56:59 76A4891F276B898DB8CD293C62D67CFF 88576 ----a-w- C:\Program Files (x86)\Common Files\Real\Update\rnuninst.exe 2014-04-28 08:55:22 2301304260456CAB0F9BF2083F6ADB56 327168 ----a-w- C:\Windows\IsUn0413.exe 2014-04-28 08:55:02 521E78063F893E3F594B2DE8304913F3 98304 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe 2014-04-28 08:55:01 A808B0CBBACC7BD2865EC2834666EC12 598016 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe === C: other files == 2014-04-30 08:36:34 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-30 08:36:01 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-04-30 08:36:01 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-30 08:36:01 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-29 10:01:25 29FC26081F4D56F7548593271D90990F 101508521 ----a-w- C:\ProgramData\Kaspersky Lab\KAV.14.0.0.4651g_04.29_12.01_4080.dump.zip 2014-04-28 20:49:24 B7EF4D8636A41E96E9D4A7398357743C 89004944 ----a-w- C:\ProgramData\Kaspersky Lab\KAV.14.0.0.4651g_04.28_22.49_1456.dump.zip 2014-04-28 20:48:18 549B16BDE241177B7F493CF17E8E76D9 89004462 ----a-w- C:\ProgramData\Kaspersky Lab\KAV.14.0.0.4651g_04.28_22.48_1456.dump.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-348676042-3188446348-2133082208-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe /Q:A" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" ==== Startup Folders ====================== 2014-04-09 12:58:26 2123 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-04-2014 14:00] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-04-2014 14:00] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{21BF86D6-3FE0-465B-B10D-AFF32496582D}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [25-04-2014 09:50] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Jacques\AppData\Roaming\KompoZer\Profiles\e9ffw223.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ProfilePath: C:\Users\Jacques\AppData\Roaming\kompozer.net\KompoZer\Profiles\v71f21r1.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[] dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[29-10-2013 22:09] hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[29-10-2013 22:09] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[29-10-2013 22:09] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[01-04-2014 14:12] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[29-10-2013 22:09] Angry Birds - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj Google Docs - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky URL Advisor - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj Cut the Rope - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj Safe Money - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh Dangerous Websites Blocker - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail Virtual Keyboard - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh Google Wallet - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Anti-Banner - Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.nu.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.nu.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{C3D8B52B-ED4E-4C02-B548-C01A21A545AB}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C3D8B52B-ED4E-4C02-B548-C01A21A545AB} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Marktplaats.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - adfarm.mediaplex.com/ad/ck/5026-153897-5908-1?mpre=http%3A%2F%2Fwww.marktplaats.nl (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Marktplaats.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - adfarm.mediaplex.com/ad/ck/5026-153897-5908-1?mpre=http%3A%2F%2Fwww.marktplaats.nl (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} (Mail Migration) - https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1095384404 O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1140/Navigram.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Ashampoo Core Tuner 2 Service (ACT2_Service) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jacques\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jacques\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jacques\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=7 6702400 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jacques\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Jacques\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 03-05-2014 at 12:51:14,43 ======================