Zoek.exe v5.0.0.0 Updated 21-05-2014 Tool run by User on vr 11/07/2014 at 18:33:47,40. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode No Internet Access Detected Launched: D:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 11/07/2014 18:39:11 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\GUM45F5.tmp deleted successfully C:\PROGRA~2\Mozilla Firefox deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\Users\User\AppData\Roaming\Advanced System Protector deleted successfully C:\Users\User\AppData\Roaming\Systweak deleted successfully C:\Users\User\AppData\Roaming\uTorrent deleted successfully C:\Users\User\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06edbe0c-589f-48c8-b521-1bfffd44ba09} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06edbe0c-589f-48c8-b521-1bfffd44ba09} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_CLASSES_ROOT\CLSID\{6a1911c0-81f7-41a2-b733-99cf5721bb83} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6a1911c0-81f7-41a2-b733-99cf5721bb83} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a1911c0-81f7-41a2-b733-99cf5721bb83} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a1911c0-81f7-41a2-b733-99cf5721bb83} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{06edbe0c-589f-48c8-b521-1bfffd44ba09} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06edbe0c-589f-48c8-b521-1bfffd44ba09} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6a1911c0-81f7-41a2-b733-99cf5721bb83} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{06edbe0c-589f-48c8-b521-1bfffd44ba09} deleted successfully HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Installed Programs ====================== 64 Bit HP CIO Components Installer Absolute Notifier Adobe Reader X (10.1.10) MUI AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan Apple Application Support Apple Mobile Device Support Apple Software Update Bing Bar Bonjour BufferChm C4100 c4100_Help Copy CyberLink PowerDVD 10 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DocProc Dropbox E-POP Easy File Share ETDWare PS/2-X64 11.7.2.1_WHQL ExpressCache Facebook Video Calling 2.0.0.447 Fast Flash Sleep Resume Fax Galeria fotografii Galerie de photos Garmin BaseCamp Garmin USB Drivers Google Chrome Google Earth Plug-in Google Update Helper Google+ Auto Backup GPBaseService2 Help Desk HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photosmart All-In-One Driver Software HP Solution Center 14.0 HP Update HPPhotoGadget HPProductAssistant HPSSupply iCloud Intel AppUp(SM) center Intel(R) Manageability Engine Firmware Recovery Agent Intel(R) Management Engine Components Intel(R) PRO/Wireless Driver Intel(R) Processor Graphics Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel(R) Rapid Start Technology Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© PROSet/Wireless Software Intel© PROSet/Wireless WiFi Software Intel© Trusted Connect Service Client iTunes Kaspersky Internet Security 2013 Kaspersky PURE 3.0 MarketResearch Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mixxx 1.11.0 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 neroxml Network System Driver Network64 Norton Online Backup ARA OCR Software by I.R.I.S. 14.0 Photo Common Photo Gallery Picasa 3 Plants vs. Zombies Podstawowe programy Windows Live QuickTime 7 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Recovery Rich Media View S Agent Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Settings Sharepod 4.0.1.1 Shop for HP Supplies Software Version Updater SolutionCenter Spotify Status Support Center Support Center FAQ SW Update Toolbox TrayApp Trust Media Viewer Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition User Guide WebReg Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack ==== Running Processes ====================== C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe C:\WINDOWS\SysWOW64\svchost.exe C:\windows\SysWOW64\irstrtsv.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\WINDOWS\SysWOW64\nethtsrv.exe C:\WINDOWS\SysWOW64\netupdsrv.exe C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Samsung\Settings\sSettings.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe D:\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a1911c0-81f7-41a2-b733-99cf5721bb83}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06edbe0c-589f-48c8-b521-1bfffd44ba09}] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a1911c0-81f7-41a2-b733-99cf5721bb83}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Delta not found C:\Program Files (x86)\TrustMediaViewerV1 deleted C:\Program Files (x86)\RichMediaViewV1 deleted C:\PROGRA~2\iNTERNET Turbo deleted C:\PROGRA~2\MyPC Backup deleted C:\extensions.ini deleted C:\Users\User\AppData\Roaming\Babylon deleted C:\Users\User\AppData\Roaming\Delta deleted C:\PROGRA~3\AbsoluteNotifier.txt deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\Users\User\AppData\Local\CRE deleted C:\Users\User\AppData\Local\SwvUpdater deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\User\Downloads\iLividSetup.exe deleted C:\Users\User\Downloads\rcpsetup_softonic_new_sd_new_nl.exe deleted C:\Users\User\Downloads\SoftonicDownloader_voor_bluetooth-driver-installer.exe deleted C:\Users\User\AppData\LocalLow\Conduit deleted C:\windows\SysNative\tasks\AmiUpdXp deleted C:\WINDOWS\SysWow64\searchplugins deleted C:\WINDOWS\SysWow64\Extensions deleted C:\Users\User\Desktop\Backup\En Ikke\Bureaublad\softonic_ggl_1.6.7.4.exe deleted C:\Users\User\Desktop\Backup\En Ikke\Mijn documenten\Downloads\SoftonicDownloader_voor_free-youtube-download.exe deleted C:\Users\User\Desktop\Backup\En Ikke\Mijn documenten\Downloads\SoftonicDownloader_voor_realtek-ac97-audio-driver.exe deleted C:\Users\User\AppData\Roaming\LoJackSetup.exe deleted C:\PROGRA~3\MakeMarkerFile.exe deleted "C:\awh6837.tmp" deleted "C:\awhE0F7.tmp" deleted ==== System Specs ====================== Operating System: Microsoft Windows 8.1 6.3.9600 64 bits Manufacturer: SAMSUNG ELECTRONICS CO., LTD. - Model: 530U3C/530U4C/532U3C Install Date: 18/04/2014 22:31:52 Last Boot: 11/07/2014 15:06:40 Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Number of Processors: 4 Work Station Bootmode: Normal boot Total RAM: 3797 MB (free 1417 MB - 37) Computername: GEBRUIKER Domain: WORKGROUP User: User (Administrator account) Local Disk: C:\ - NTFS - 440 GB (free 233 GB) Removable Disk: D:\ - FAT - 1 GB (free 1 GB) Bootdevice: \Device\HarddiskVolume2 Windows update: Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Kaspersky PURE 3.0 On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Kaspersky PURE 3.0 disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Kaspersky PURE 3.0 disabled Default Browser: Google Chrome 35.0.1916.153 Internet Explorer Version: 11.0.9600.17207 Google Chrome version: 35.0.1916.153 Adobe Reader version: 10.1.10.18 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\User\AppData\Local\Temp ==== 2014-07-11 16:31:52 5634C601025C31032A0AF1590B4C0CA6 43008 ----a-w- C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknlvwq.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-07-09 11:20:28 8A9CB0FE11800DBBDBA8FE4F54828892 779264 ----a-w- C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 11:20:22 4F7DA26AC4BD319080B6FCB4F87936CE 225280 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 11:19:57 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 11:19:15 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 11:19:08 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 11:19:00 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 11:18:55 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 11:18:52 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 11:18:52 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 11:18:52 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 11:18:50 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 11:18:49 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 11:18:48 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 11:18:47 175A663547805367C10746FC416D4605 704512 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-09 11:18:29 0A9EB3956BCB7E5CDE15AF987BD81543 488960 ----a-w- C:\WINDOWS\SysWOW64\qedit.dll 2014-07-09 11:18:21 7DB59908D49605F2CD0CFB0CF9940E86 735232 ----a-w- C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-09 11:18:20 9EE0C96C5D9840DF3517C9B7D19ED590 318976 ----a-w- C:\WINDOWS\SysWOW64\certcli.dll 2014-07-09 11:15:27 819E423A2914A67CD23D53997F7B4E8D 756224 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-09 11:15:23 CF7953FFEFED26AC657067CD2C259BCD 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2014-07-09 11:15:21 4B7FA0A3D7B9D316BC6B2A409701E47D 828928 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-09 11:15:20 9E9182A652F5287DA05B3893A2E19FEC 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-09 11:15:20 77B0DF38B67C00EFB5B131D279FC12ED 666624 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-07-11 13:18:55 48DA65F29BB4C5AD21EC67C2D64700D6 64856 ----a-w- C:\WINDOWS\Sysnative\klfphc.dll 2014-07-09 12:17:33 3D748E5558FD9A9F03182CB2330698DC 1018880 ----a-w- C:\WINDOWS\Sysnative\termsrv.dll 2014-07-09 11:20:30 83E3C080E9B0E0677DBCDF9D7F434166 4190720 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-07-09 11:20:28 15750011454B89F4950D7E7E4A947EC1 834048 ----a-w- C:\WINDOWS\Sysnative\osk.exe 2014-07-09 11:20:20 3310F7A257F0EAABDD41E10E1F3FCCFE 250880 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2014-07-09 11:20:18 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-07-09 11:19:31 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-07-09 11:19:22 366FA6D38406DC8BED62825C196144D1 13527040 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-07-09 11:19:01 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-07-09 11:18:57 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-07-09 11:18:56 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-07-09 11:18:55 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2014-07-09 11:18:54 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\WINDOWS\Sysnative\dxtmsft.dll 2014-07-09 11:18:51 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2014-07-09 11:18:50 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-07-09 11:18:50 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2014-07-09 11:18:47 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-07-09 11:18:47 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-07-09 11:18:30 78FC2B2BA0E5E1C9249E3157D4EE9BC7 586240 ----a-w- C:\WINDOWS\Sysnative\qedit.dll 2014-07-09 11:18:25 C3028569F244470F3D54026884E16E06 1417216 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2014-07-09 11:18:23 423D68307E57654A000AA484B009DD16 735232 ----a-w- C:\WINDOWS\Sysnative\adtschema.dll 2014-07-09 11:18:23 3B78D6DC57654CDD96E073724A2228AE 436224 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2014-07-09 11:16:52 C43573182D614B94272115C7B641D24A 688128 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2014-07-09 11:16:51 591B2C8C5C6B944AF538F182B7AF00A6 385536 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2014-07-09 11:16:50 49ECDFF7027737C9F62D6D96AACCBFB0 527360 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2014-07-09 11:15:26 C2F515FC027867E5EAF12AC9815B3ABD 923136 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2014-07-09 11:15:25 C5FA4562E9ACB7323B3FB333E6C021CF 13287936 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2014-07-09 11:15:24 E66AC3CA92FC471BFE69F61549193A64 3463680 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2014-07-09 11:15:22 CCC6D7250D01DA7E5499B0722CF6CAE3 1054208 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll 2014-07-09 11:15:22 9FA466A42109F408AC6C2848E851C38A 555736 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll 2014-07-09 11:15:22 4A12C727502A07C4B89B663B942DF289 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2014-07-09 11:15:21 53BEF9A65EA686018B9EDF9665F5EBDE 827392 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2014-07-09 11:15:20 2C28079658CCA1E8C3810E185CCC2234 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2014-07-09 11:10:19 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2014-07-11 13:15:38 AD24A96001837D222B509CD579589DAB 67784 ----a-w- C:\WINDOWS\Sysnative\drivers\CSVirtualDiskDrv.sys 2014-07-11 13:15:35 4199113D7B588AC98575109DE363427E 98504 ----a-w- C:\WINDOWS\Sysnative\drivers\CSCrySec.sys 2014-07-11 13:13:24 92EE9BE40D03544C5A99FA0153A5E746 90208 ----a-w- C:\WINDOWS\Sysnative\drivers\klflt.sys 2014-07-11 13:13:24 5F247D87B44E26AED440A063A7A4FDB7 625760 ----a-w- C:\WINDOWS\Sysnative\drivers\klif.sys 2014-07-09 11:18:43 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2014-07-09 11:18:24 1CD3A907D64D08F49208DA00B69BF35E 565576 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2014-06-21 22:04:50 A9749FD0A06E22009EA972D8B9CB046B 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2014-06-21 22:04:50 4B666AE119D2ADBAC816BEA7DB4D6881 2518872 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-06-21 22:04:48 D18EC2C83C2F773C9476A4FB0AA4C314 295424 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys 2014-06-21 22:02:59 92370F46AF28D54B67C135FA8C2AFCFC 1200128 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2014-06-21 22:02:55 78514B073CC5775800A65BFB82A0D66B 443904 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2014-06-21 22:02:53 FD163F487CBA9C98AFFEB546C80F49A2 677376 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2014-06-21 22:02:53 DBA635C6398782C549E3BE45CF1D0411 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2014-06-21 22:02:53 4BB9BC49DEE1A319EC58274A7BBED663 310616 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2014-06-21 22:02:51 0696F66E4D423793951A60562F794D14 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-06-21 22:02:49 498288DD5CA42C2D36D125893E968C53 77312 -c--a-w- C:\WINDOWS\Sysnative\drivers\hdaudbus.sys 2014-06-21 22:02:47 F152D55E497E12256290C43B31C7D0CE 589656 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2014-06-21 22:02:47 CADCE0D6C30427F70A4BFA426256F68C 337240 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys 2014-06-21 22:02:46 716059F37BCCB1ABEDE99EBE82E8E362 246272 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2014-06-21 22:02:45 D90AB68D0FAC9F357F663670FDBB511E 275800 -c--a-w- C:\WINDOWS\Sysnative\drivers\msiscsi.sys 2014-06-21 22:02:44 4C1E71E37B56C768900B1FCF81205027 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2014-06-21 22:02:43 6592D192E2823C043EDBC010E7774053 360792 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys 2014-06-21 22:02:43 33977549C2CED09936E05BEE7659EAFF 384856 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2014-06-21 21:59:53 182561A14F2E93E81E66FE3700D17A5A 55328 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys 2014-06-16 09:46:28 0FAE91E73DDFA2CEEF77AEEE69E78089 46160 ----a-w- C:\WINDOWS\Sysnative\drivers\nethfdrv.sys ====== C:\WINDOWS\Tasks ====== 2014-06-28 23:04:18 901F627F3C88C58818BA35552D3B4065 4026 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001UA 2014-06-28 23:04:18 6DF4139F64FB8C48AB06B5B197DEB30D 1082 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001UA.job 2014-06-28 23:04:16 74CE4AE35AA4569D8C23EA412155C384 3646 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001Core 2014-06-28 23:04:15 4B426FA71379661C632ABB768F87EBD8 1030 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001Core.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-07-08 16:36:31 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-07-11 13:14:01 -------- d-----w- C:\PROGRA~2\COMMON~1\InfoWatch 2014-07-11 13:13:47 -------- d-----w- C:\PROGRA~2\Kaspersky Lab 2014-06-27 04:33:50 -------- d-----w- C:\PROGRA~2\Sharepod 2014-06-21 21:51:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Config ======= C: ===== 2014-07-11 13:12:03 F14F1EBB47CCBD9C1AE2348E8FF7BF9E 687 ----a-w- C:\awhF038.tmp 2014-07-09 23:21:19 F14F1EBB47CCBD9C1AE2348E8FF7BF9E 687 ----a-w- C:\awh4696.tmp ====== C:\Users\User\AppData\Roaming ====== 2014-07-03 12:59:48 -------- d-s---w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft 2014-06-28 23:04:01 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-06-27 04:34:22 -------- d-----w- C:\Users\User\AppData\Local\Macroplant,_LLC ====== C:\Users\User ====== 2014-07-11 12:59:51 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\User\Desktop\pure13.0.2.558nl-nl (1).exe 2014-07-10 21:10:28 9F4E93FA44FC28C57AE54E8C67CBB82E 360712608 ----a-w- C:\Users\User\Downloads\AIO_CDA_NonNet_Full_Win_WW_140_408 (2).exe 2014-07-08 21:27:42 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64 (2).exe 2014-07-08 16:49:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64 (1).exe 2014-07-08 16:35:54 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64.exe 2014-07-08 14:14:14 1A3818A0C4766552B5E41CF01CF44A49 1258080 ----a-w- C:\Users\User\Downloads\Player_Setup.exe 2014-06-27 04:33:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sharepod ====== C: exe-files == 2014-07-11 15:28:01 9BE2A4F692FDD913D3900DF6CF142E54 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1979242446-1953454004-3411639635-1001\$IE8HC0G.exe 2014-07-11 12:59:51 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\User\Desktop\pure13.0.2.558nl-nl (1).exe 2014-07-10 21:10:28 9F4E93FA44FC28C57AE54E8C67CBB82E 360712608 ----a-w- C:\Users\User\Downloads\AIO_CDA_NonNet_Full_Win_WW_140_408 (2).exe 2014-07-09 11:20:28 8A9CB0FE11800DBBDBA8FE4F54828892 779264 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-09 11:20:28 15750011454B89F4950D7E7E4A947EC1 834048 ----a-w- C:\Windows\System32\osk.exe 2014-07-09 11:18:47 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-07-09 11:18:33 6946919260BB72A21C69037C6BA2CDB5 2095616 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2014-07-09 11:16:54 679A800CFFBB8EA970506887045F2E41 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-07-09 11:16:53 B1544CE66FD0135A170F09B66A9E7800 172200 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-07-09 11:15:22 4A12C727502A07C4B89B663B942DF289 54776 ----a-w- C:\Windows\System32\wuauclt.exe 2014-07-09 11:10:19 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\Windows\System32\WSReset.exe 2014-07-09 11:10:19 BE1FAE2B208F1E0B38FD4EF353D067C8 25304 ----a-w- C:\Windows\WinStore\WSHost.exe 2014-07-08 21:27:42 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64 (2).exe 2014-07-08 16:49:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64 (1).exe 2014-07-08 16:36:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\User.exe 2014-07-08 16:35:54 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64.exe 2014-07-08 14:14:14 1A3818A0C4766552B5E41CF01CF44A49 1258080 ----a-w- C:\Users\User\Downloads\Player_Setup.exe === C: other files == 2014-07-11 13:15:38 AD24A96001837D222B509CD579589DAB 67784 -c--a-w- C:\Windows\System32\DRVSTORE\CSVirtualD_F7916E11D7681A24B36211064D371658D8254487\win8\amd64\CSVirtualDiskDrv.sys 2014-07-11 13:15:38 AD24A96001837D222B509CD579589DAB 67784 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys 2014-07-11 13:15:35 4199113D7B588AC98575109DE363427E 98504 -c--a-w- C:\Windows\System32\DRVSTORE\CSCrySec_w_F7916E11D7681A24B36211064D371658D8254487\win8\amd64\CSCrySec.sys 2014-07-11 13:15:35 4199113D7B588AC98575109DE363427E 98504 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys 2014-07-11 13:13:24 92EE9BE40D03544C5A99FA0153A5E746 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys 2014-07-11 13:13:24 5F247D87B44E26AED440A063A7A4FDB7 625760 ----a-w- C:\Windows\System32\drivers\klif.sys 2014-07-09 11:20:30 83E3C080E9B0E0677DBCDF9D7F434166 4190720 ----a-w- C:\Windows\System32\win32k.sys 2014-07-09 11:18:43 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-07-09 11:18:24 1CD3A907D64D08F49208DA00B69BF35E 565576 ----a-w- C:\Windows\System32\drivers\cng.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4" "Absolute Notifier"="C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=hex(2):00,00 ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Folders ====================== 2014-01-16 23:46:38 1099 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-12-21 00:56:42 1324 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2014-05-09 22:34:31 2119 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\AmiUpdXp.job --a-------- C:\Users\User\AppData\Local\SwvUpdater\Updater.exe [] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001Core.job --a-------- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [07/01/2013 20:20] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001UA.job --a-------- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [07/01/2013 20:20] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/12/2012 16:10] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/12/2012 16:10] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001Core.job --a-------- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [29/06/2014 01:04] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001UA.job --a-------- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [29/06/2014 01:04] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001Core" [C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001UA" [C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FFSRConfigurer" ["C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001Core" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1979242446-1953454004-3411639635-1001UA" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"] "C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"] "C:\WINDOWS\SysNative\tasks\Registry Optimizer_DEFAULT" [C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe] "C:\WINDOWS\SysNative\tasks\Registry Optimizer_UPDATES" [C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe] "C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"] "C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{083536F8-32B3-4F3A-90A4-876918AF0687}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\WLANStartup" ["%programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [11/07/2014 15:14] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\User\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[28/11/2013 12:06] hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[28/11/2013 12:06] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[28/11/2013 12:03] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[28/11/2013 12:03] jlddiloefdgiakadglhmgaalpjgejehl - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2503\ch\TrustMediaViewerV1alpha2503.crx[] nbaogjghbkgijjefelejepegnhmdkkdb - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release136\ch\RichMediaViewV1release136.crx[] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[28/11/2013 12:06] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\User\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo uTorrentBar_NL - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky URL Advisor - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj Safe Money - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh Content Blocker - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail Virtual Keyboard - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh Trust Media Viewer - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlddiloefdgiakadglhmgaalpjgejehl Rich Media View - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaogjghbkgijjefelejepegnhmdkkdb Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Anti-Banner - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman ==== Chrome Fix ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlddiloefdgiakadglhmgaalpjgejehl deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbaogjghbkgijjefelejepegnhmdkkdb deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{20BA935A-1904-4FB7-AAB9-C6B35BBC3624}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {20BA935A-1904-4FB7-AAB9-C6B35BBC3624} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {75EFF8A6-F70A-46F9-B0AE-501B9F2FC0D6} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1979242446-1953454004-3411639635-1001\Software\Microsoft\Internet Explorer\SearchScopes\{75EFF8A6-F70A-46F9-B0AE-501B9F2FC0D6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@RichMediaViewV1release136.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@TrustMediaViewerV1alpha2503.net deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jlddiloefdgiakadglhmgaalpjgejehl deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbaogjghbkgijjefelejepegnhmdkkdb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm O9 - Extra button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll O9 - Extra button: Verzenden naar Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU) O9 - Extra 'Tools' menuitem: Verzenden naar Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Absolute Notifier (AbsoluteNotifier) - Absolute Software - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: ExpressCache - Condusiv Technologies - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\windows\SysWOW64\irstrtsv.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\User\Desktop\Backup\En Ikke\Mijn documenten\dirk\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=721 folders=165 142358036 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 11/07/2014 at 19:12:44,55 ======================