Zoek.exe v5.0.0.0 Updated 15-07-2014 Tool run by Gebruiker on di 15-07-2014 at 19:12:45,14. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 15-7-2014 19:14:23 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Oracle deleted successfully C:\Users\Gebruiker\AppData\Roaming\IrfanView deleted successfully C:\Users\Gebruiker\AppData\Local\calibre-cache deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4223338115-2189017797-2829409057-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Windows\SysWOW64\ctfmon.exe C:\Users\Gebruiker\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\saVyennsharre deleted C:\ProgramData\saovvenusshaRe deleted C:\PROGRA~2\SaveShare deleted C:\PROGRA~2\MyFree Codec deleted C:\Users\Gebruiker\AppData\Roaming\EZDownloader deleted C:\PROGRA~3\StarApp deleted C:\PROGRA~3\InstallMate deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saovvenusshaRe deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saVyennsharre deleted C:\Users\Gebruiker\Searches deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Windows\Installer\601a1.msi" deleted "C:\Windows\Installer\d31933.msi" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4094 MB CPU Info: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz CPU Speed: 2645,9 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: ATI Mobility Radeon HD 4500 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-7643S Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 120,0GB | D: 811,4GB Hard Disks - Free: C: 76,3GB | D: 706,4GB Manufacturer *: Phoenix BIOS Info: AT/AT COMPATIBLE | 10/08/09 | ACRSYS - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: Packard Bell ONETWO L5710 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 35.0.1916.153 Internet Explorer Version: 11.0.9600.17207 Google Chrome version: 35.0.1916.153 Adobe Reader version: 11.0.07.79 Sun Java version: 1.7.0_55 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2014-07-14 18:49:56 FADFD07238928EC847A8ACC23AE67B33 58603008 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\is360511915\4759DF23_stp.MSI 2014-07-14 18:49:56 30224D77C095FA1CCD75390733211E2C 860096 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\ICReinstall_winzip18-home.exe 2014-07-08 15:17:26 78B37E556C96E68AD42DAEB97E47A50C 156160 ------w- C:\Users\Gebruiker\AppData\Local\Temp\ish8493817\wnzpw.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-07-10 11:04:00 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-10 11:03:59 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2014-07-10 11:03:53 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-07-10 11:03:53 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-10 11:03:53 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-07-10 11:03:53 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-07-10 11:03:53 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 11:03:53 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-10 11:03:52 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 11:03:52 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-07-10 11:03:52 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 11:03:52 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 11:03:51 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-07-10 11:03:51 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 11:03:51 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 11:03:51 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-07-10 11:03:50 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-07-10 11:03:50 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-07-10 11:03:50 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 11:03:50 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 11:03:48 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-10 11:03:48 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-07-10 11:03:48 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-07-10 11:03:48 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-10 11:03:48 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-07-10 11:03:48 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-07-10 11:03:48 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-07-10 11:03:47 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-07-10 11:03:38 868F7CC05BEE116D2CE3EE85FEDA2BAC 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-07-10 11:03:38 7455AA8DEDAF2E6F4CDD176A98347B84 342528 ----a-w- C:\Windows\SysWOW64\certcli.dll 2014-07-10 11:03:38 515869F5D4A1BF839D74E381766285A9 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-07-10 11:03:38 2C29C123AA147B207A5C4C459415F72B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-07-10 10:11:04 5893E2393BBEAD344BC726B280B1CC79 10603008 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-10 11:04:07 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-07-10 11:04:07 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-07-10 11:04:00 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-07-10 11:04:00 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe 2014-07-10 11:03:59 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2014-07-10 11:03:53 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-07-10 11:03:53 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-07-10 11:03:53 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-07-10 11:03:53 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-07-10 11:03:52 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-07-10 11:03:51 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-07-10 11:03:51 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-07-10 11:03:50 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-07-10 11:03:50 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-07-10 11:03:50 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-07-10 11:03:49 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-07-10 11:03:49 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-07-10 11:03:49 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-07-10 11:03:49 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-07-10 11:03:48 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-07-10 11:03:47 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-07-10 11:03:47 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-07-10 11:03:47 366FA6D38406DC8BED62825C196144D1 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-07-10 11:03:46 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-07-10 11:03:46 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-07-10 11:03:46 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-07-10 11:03:46 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-07-10 11:03:46 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-07-10 11:03:45 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-07-10 11:03:45 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-07-10 11:03:45 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-07-10 11:03:45 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-07-10 11:03:44 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-07-10 11:03:44 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-07-10 11:03:44 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-07-10 11:03:38 8649D9AAF461552FE629550D35F7E06E 1462272 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-07-10 11:03:38 773C09F8302F0D20F1D84BE4906FB05D 463872 ----a-w- C:\Windows\Sysnative\certcli.dll 2014-07-10 11:03:38 1BCA4929809615D451B04AEB1AE8D1B8 340992 ----a-w- C:\Windows\Sysnative\schannel.dll ====== C:\Windows\Sysnative\drivers ===== 2014-07-14 19:00:04 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-07-14 18:59:52 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-07-14 18:59:52 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-07-14 18:59:52 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-07-10 11:03:59 BDF76C3CE993FFB6214287272708364F 496640 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-14 19:27:38 -------- d-----w- C:\Program Files\trend micro 2014-07-14 18:51:25 -------- d-----w- C:\Program Files\WinZip ======= C:\PROGRA~2 ===== 2014-07-01 21:13:00 -------- d-----w- C:\PROGRA~2\GemistDownloader ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-07-14 18:51:34 -------- d-----w- C:\Users\Gebruiker\AppData\Local\WinZip 2014-07-14 18:51:19 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\sparta111 2014-07-14 18:50:58 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Sparta 2014-07-01 21:13:01 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GemistDownloader 2014-07-01 21:13:01 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\GemistDownloader 2014-06-19 21:17:08 -------- d-sh--w- C:\Users\Gebruiker\AppData\Locallow\EmieUserList 2014-06-19 21:15:47 -------- d-sh--w- C:\Users\Gebruiker\AppData\Local\EmieUserList 2014-06-19 21:15:47 -------- d-sh--w- C:\Users\Gebruiker\AppData\Local\EmieSiteList 2014-06-19 21:15:44 -------- d-sh--w- C:\Users\Gebruiker\AppData\Locallow\EmieSiteList ====== C:\Users\Gebruiker ====== 2014-07-14 19:26:02 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gebruiker\Desktop\RSITx64.exe 2014-07-14 18:51:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2014-07-14 18:51:28 -------- d-----w- C:\ProgramData\WinZip ====== C: exe-files == 2014-07-14 19:27:38 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2014-07-14 19:26:02 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gebruiker\Desktop\RSITx64.exe 2014-07-14 18:49:56 30224D77C095FA1CCD75390733211E2C 860096 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\ICReinstall_winzip18-home.exe 2014-07-10 11:04:07 B1544CE66FD0135A170F09B66A9E7800 172200 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-07-10 11:04:07 679A800CFFBB8EA970506887045F2E41 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-07-10 11:04:05 A1CF92651A2274E887189DABD2929DEF 82944 ----a-w- C:\Windows\SysWOW64\Dism\DismHost.exe 2014-07-10 11:04:05 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Windows\System32\Dism\DismHost.exe 2014-07-10 11:04:00 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-10 11:04:00 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\System32\osk.exe 2014-07-10 11:04:00 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 2014-07-10 11:04:00 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe 2014-07-10 11:03:53 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-07-10 11:03:53 24868C9D422EDB5B249C0C81B01A0C19 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-07-10 11:03:51 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-07-10 11:03:51 65D0ECD485C8605B07C8338708224818 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-07-10 11:03:51 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-07-10 11:03:50 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-07-10 11:03:49 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-07-10 11:03:49 8395829B1CE9E11C6441753257DC7591 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-07-10 11:03:48 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-07-10 11:03:46 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-07-10 11:03:44 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-07-10 10:11:04 5893E2393BBEAD344BC726B280B1CC79 10603008 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe === C: other files == 2014-07-14 19:00:04 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-14 18:59:52 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-07-14 18:59:52 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-07-14 18:59:52 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-14 18:52:09 4BA7F436FBF66CFCFA0C3F0AAF7868AD 933706 ----a-w- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXO8YZBO\WzProdAdv[1].zip 2014-07-10 11:04:00 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys 2014-07-10 11:03:59 BDF76C3CE993FFB6214287272708364F 496640 ----a-w- C:\Windows\System32\drivers\afd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4223338115-2189017797-2829409057-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GameShadow"="C:\Program Files (x86)\GameShadow\GameShadow.exe /q" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GameShadow"="C:\Program Files (x86)\GameShadow\GameShadow.exe /q" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-07-2014 12:11] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-07-2013 15:43] C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce7fb973550710.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-07-2013 15:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Gebruiker-PC-Gebruiker" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1ce7fb973550710" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bakijjialdiiboeaknfpmflphhmljfkd - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bakijjialdiiboeaknfpmflphhmljfkd - No path found[] Google Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast Online Security - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki saVyennsharre - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmpjbfjeahpbhjbpnckefgbikcceeol Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda saVyennsharre - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\opcohkoibldpammhiojahfjgheelfped Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia saovvenusshaRe - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahinodfidnhbokinhnllllcokjgcad ==== Chrome Fix ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmpjbfjeahpbhjbpnckefgbikcceeol deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkmpjbfjeahpbhjbpnckefgbikcceeol_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkmpjbfjeahpbhjbpnckefgbikcceeol_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\opcohkoibldpammhiojahfjgheelfped deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_opcohkoibldpammhiojahfjgheelfped_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_opcohkoibldpammhiojahfjgheelfped_0.localstorage-journal deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahinodfidnhbokinhnllllcokjgcad deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pnahinodfidnhbokinhnllllcokjgcad_0.localstorage deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pnahinodfidnhbokinhnllllcokjgcad_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symbaloo.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symbaloo.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {31090377-0740-419E-BEFC-A56E50500D5B} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88256D243F296DA498C2FDEE74F5969A deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{47267EBA-C14A-80B8-5E9A-393EBC68ADA4} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{66548FCE-B4C7-AD5A-FE51-EDBCC77A49CF} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7A42C76-A7A6-7C26-C72F-84FF8B17C306} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42D65288-92F3-4AD6-892C-DFEE475F69A9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\88256D243F296DA498C2FDEE74F5969A deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - Unknown owner - C:\Program Files\AVAST Software\Avast\afwServ.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=88 folders=30 33303936 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 15-07-2014 at 19:28:57,36 ======================