Zoek.exe v5.0.0.0 Updated 10-February-2015 Tool run by caecccc on wo 11/02/2015 at 10:42:00,87. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\caecccc\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-10-26-150322.log 43697 bytes C:\zoek-results2014-11-05-122220.log 14057 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\caecccc\AppData\Roaming\systweak deleted successfully C:\Users\caecccc\AppData\Local\ConvertAd deleted successfully C:\Users\caecccc\AppData\Local\VirtualStore deleted successfully C:\Users\Guest\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} deleted successfully HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12509307-2A2A-48DD-817B-BC12C9A72720} deleted successfully HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3452B204-4CC9-40F4-8463-2999277BE330} deleted successfully HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BBF2E4-79D6-46A7-94DF-F26F1A6BFAA2} deleted successfully HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E825C4D5-F01E-44D2-9217-8CDCAB3CA533} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 16 ActiveX Adobe Flash Player 16 NPAPI ArcSoft WebCam Companion 3 Avast Premier Facebook Video Calling 3.1.0.521 Google Chrome Google Update Helper JMicron JMB38X Flash Media Controller Driver Microsoft .NET Framework 4.5.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 NVIDIA Control Panel 331.65 NVIDIA Graphics Driver 331.65 NVIDIA Install Application NVIDIA Update 1.15.2 NVIDIA Update Components Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition Skype Click to Call SkypeT 7.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Users\caecccc\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}] ==== Deleting Files \ Folders ====================== C:\ProgramData\rvlkl not found c:\progra~2\searchprotect not found C:\Program Files (x86)\Common Files\6029f0c8-49f2-4088-b76c-a4327bb3e5aa.dll deleted C:\Program Files (x86)\Common Files\02b93d75-5ec8-462c-851f-5d91d227cd32.dll deleted C:\PROGRA~3\374311380 deleted C:\PROGRA~2\02b93d75-5ec8-462c-851f-5d91d227cd32 deleted C:\PROGRA~2\globalUpdate deleted C:\PROGRA~3\Registry Helper deleted C:\Users\caecccc\AppData\Local\globalUpdate deleted C:\Windows\SysNative\roboot64.exe deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-1.job deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-11.job deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-4.job deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-5.job deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-5_user.job deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-6.job deleted C:\Windows\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-7.job deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-1 deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-11 deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-4 deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-5 deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-5_user deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-6 deleted C:\windows\SysNative\Tasks\abcbc285-3637-41b2-832a-af47b6df0881-7 deleted C:\Windows\tasks\9472bf32-801e-4380-a93a-312d3363a0e3.job deleted C:\Windows\tasks\fc6a064f-a2dd-4cc3-9a73-369f24d55904.job deleted C:\windows\SysNative\tasks\9472bf32-801e-4380-a93a-312d3363a0e3 deleted C:\windows\SysNative\tasks\fc6a064f-a2dd-4cc3-9a73-369f24d55904 deleted C:\windows\SysNative\tasks\ASP deleted C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Users\caecccc\Documents\Optimizer Pro deleted "c:\users\caecccc\appdata\local\Linkey\IEExtension\iedll.dll" deleted "C:\Users\caecccc\AppData\Local\Linkey\IEExtension\iedll.dll" deleted "c:\users\caecccc\appdata\local\Linkey" not deleted "C:\Users\caecccc\AppData\Local\Linkey" not deleted "c:\users\caecccc\appdata\local\Linkey\IEExtension" not deleted "C:\Users\caecccc\AppData\Local\Linkey\IEExtension" not deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3069 MB CPU Info: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz CPU Speed: 2273,9 MHz Sound Card: NVIDIA HDMI Out (NVIDIA High De | Speakers (2- High Definition Au | Display Adapters: NVIDIA GeForce 9600M GT | NVIDIA GeForce 9600M GT | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth Device (Personal Area Network) | Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) | Intel(R) WiFi Link 5100 AGN CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7561S Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 298,0GB Hard Disks - Free: C: 255,8GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 07/17/08 | HPQOEM - 1 Time Zone: Romance Standard Time Motherboard *: Compal 30F4 Country: Belgium Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 40.0.2214.111 Internet Explorer Version: 11.0.9600.17501 Google Chrome version: 40.0.2214.111 Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-02-09 23:40:45 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\caecccc\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-09 23:40:57 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\Sysnative\aswBoot.exe ====== C:\Windows\Sysnative\drivers ===== 2015-02-09 23:41:01 DE13ACC4B3EA66B4FBED7CF322807C90 87912 ----a-w- C:\Windows\Sysnative\drivers\aswmonflt.sys 2015-02-09 23:41:01 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys 2015-02-09 23:41:01 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys 2015-02-09 23:41:01 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys 2015-02-09 23:41:01 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys 2015-02-09 23:41:01 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys 2015-02-09 23:41:00 EAFC6970073525E98D4D0E2B56741227 28184 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys 2015-02-09 23:41:00 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\Sysnative\drivers\aswsnx.sys 2015-02-09 23:41:00 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys 2015-02-09 23:40:29 8025E7521EB601207627E8B4722ACE19 449936 ----a-w- C:\Windows\Sysnative\drivers\aswNdisFlt.sys 2015-01-14 11:36:43 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-02-10 00:03:50 17DCD7CB554B5AEDF5637109E2A4E680 3280 ----a-w- C:\Windows\Sysnative\Tasks\avastBCLRestartS-1-5-21-568048905-3917680449-3251823053-1000 2015-02-09 23:41:13 857722E83A6EEAD2FB7D65535287AAB0 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\caecccc\AppData\Roaming ====== ====== C:\Users\caecccc ====== 2015-02-10 12:46:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\caecccc\Downloads\RSITx64.exe 2015-02-10 12:29:43 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\caecccc\Downloads\SpyHunter-Installer.exe 2015-02-10 10:33:15 7FA461B0A9BCB86D2A97C0EFB7A1BDFC 2347384 ----a-w- C:\Users\caecccc\Downloads\esetsmartinstaller_lux_nl.exe 2015-02-09 23:37:56 DDCCF75551DA2D1A6E598AA2416A2135 4978536 ----a-w- C:\Users\caecccc\Downloads\avast_premier_antivirus_setup_online.exe 2015-02-09 22:31:24 5DB3D60EA3724EC00DC2495E95878E4E 128213 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (30).jpg 2015-02-09 22:31:03 1D389EE86A834134490AD92945DA71ED 105219 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (29).jpg 2015-02-09 22:30:45 497BACB2122F06F4078CBC7F81C66774 102182 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (27).jpg 2015-02-09 22:30:29 FBE5B8E85404A92A52A2AB1702509C78 138755 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (25).jpg 2015-02-09 22:30:19 1180AD9CCE8B55830D98C3987971D9E3 123649 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (24).jpg 2015-02-09 22:30:04 2BE545012F4C2EB584D92F745B2AA55C 133291 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (21).jpg 2015-02-09 22:29:48 6557CB63719A61D4388A6DEA63DC9ABC 144448 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (20).jpg 2015-02-09 22:29:02 ECE20E66AECA53B3E52086A968E10E7D 118175 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (13).jpg 2015-02-09 22:28:51 3B2DCDDA3FFFB3B90EBC47007305AD8C 133970 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (12).jpg 2015-02-09 22:28:40 25FDDA058FCBB4BCAEFA77DDD06F663E 170140 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (11).jpg 2015-02-09 22:28:30 BAD55B838E4B0F2E914CB291282EA308 318578 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (9).jpg 2015-02-09 22:28:11 4CD0765644693CBDC6DB6D191ED27B1A 253286 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (8).jpg 2015-02-09 22:27:47 C9C63C3A8A88AB7A95166057888958A2 174899 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (1).jpg 2015-02-09 15:51:33 773D84FA10B46CAAAF682E6CF228070C 95514 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (28).jpg 2015-02-09 15:51:07 7692F47151298375C5EEC53FCC5C539C 148569 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (17).jpg 2015-02-09 15:50:33 8CADD8FCD35D15663F56611117C7527A 132760 ----a-w- C:\Users\caecccc\Kyra & Christiano BE duo2 pic (16).jpg ====== C: exe-files == 2015-02-10 12:46:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\caecccc\Downloads\RSITx64.exe 2015-02-10 12:29:43 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\caecccc\Downloads\SpyHunter-Installer.exe 2015-02-10 10:33:15 7FA461B0A9BCB86D2A97C0EFB7A1BDFC 2347384 ----a-w- C:\Users\caecccc\Downloads\esetsmartinstaller_lux_nl.exe 2015-02-09 23:40:57 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\System32\aswBoot.exe 2015-02-09 23:37:56 DDCCF75551DA2D1A6E598AA2416A2135 4978536 ----a-w- C:\Users\caecccc\Downloads\avast_premier_antivirus_setup_online.exe 2015-02-05 20:25:07 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Install\{33656CA5-2D4A-4172-9089-9EBA0BD9AA10}\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-05 20:25:07 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-05 15:19:44 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe 2015-02-05 15:19:44 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe 2015-02-05 15:19:44 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe 2015-02-05 15:19:43 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe 2015-02-05 15:19:39 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe 2015-02-05 15:19:39 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe 2015-02-05 15:19:39 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe 2015-02-05 15:19:38 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe 2015-02-05 15:19:37 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{B9C59789-A9DA-4AE8-920C-8BAC761C60D5}\GoogleUpdateSetup.exe 2015-02-05 15:19:37 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe === C: other files == 2015-02-09 23:41:01 DE13ACC4B3EA66B4FBED7CF322807C90 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys 2015-02-09 23:41:01 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys 2015-02-09 23:41:01 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2015-02-09 23:41:01 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2015-02-09 23:41:01 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2015-02-09 23:41:01 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2015-02-09 23:41:00 EAFC6970073525E98D4D0E2B56741227 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2015-02-09 23:41:00 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys 2015-02-09 23:41:00 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2015-02-09 23:40:29 8025E7521EB601207627E8B4722ACE19 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-568048905-3917680449-3251823053-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "Registry Helper"="C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe /boot" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" ==== Startup Folders ====================== 2013-10-30 14:20:58 1310 ----a-w- C:\Users\caecccc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2014-10-25 03:23:30 666 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 18:36] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-568048905-3917680449-3251823053-1000Core.job --a------ C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/12/2013 22:24] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-568048905-3917680449-3251823053-1000UA.job --a------ C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/12/2013 22:24] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/10/2013 15:29] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/10/2013 15:29] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\avastBCLRestartS-1-5-21-568048905-3917680449-3251823053-1000" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-568048905-3917680449-3251823053-1000Core" [C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-568048905-3917680449-3251823053-1000UA" [C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2014-10-19 00:14:46 -------- d---a-w- C:\PROGRA~3\TEMP 2014-10-25 03:30:16 -------- d-----w- C:\PROGRA~3\McAfee ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10/02/2015 17:29] ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.94) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10/02/2015 00:40] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22] Google Docs - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf Soccerstand Live Results - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhenemddmbnpomkjddcgjkjmjbbchbbf Snooker - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjohiacoelemalmancnccjggomjnkfod YouTube - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Facebook - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm IP Address - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckgdoapjnjcjngggefgbkjmhgjoghcog Google Search - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gold and silver price - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eafkcibcfmfkhjopoaelaocfclfmlbem Google Calendar - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn The only way to organize your life and business - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjliknjliaohjgjajlgolhijphojjdkc Vertalen.nu - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\giapagjeblcapfphboclikepoeelhgkj Heart - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjnfkpbienbblndialjooaiaociigepn 365Scores - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gocaejggjgdmkhmbinicknpbhagkblop Speed Test - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlhbmnfdcklajeaeikfinieljfegamko Over hundred of currencies with daily exchange rates historical charts and more. - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno Skype Click to Call - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda 365Scores - Live ScoresSports News Alerts - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmpppefjehmjbiplimkfjeamnohldmko Outlook.com - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge Gmail - caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast Online Security - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Skype Click to Call - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.default-search.net?sid=498&aid=157&itype=r&ver=14591&tm=539&src=hmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe /sfzonebrowser C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\WebCam Companion 3.lnk - C:\Program Files (x86)\ArcSoft\WebCam Companion 3\uWebCam.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe /sfzonebrowser C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== shortcuts in Quick Launch ====================== C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\All In One.lnk - C:\Program Files (x86)\Xugjssimjgsve\hebnqzz.exe C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223 C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\caecccc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Registry Helper] "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Facebook Update] "C:\Users\caecccc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-568048905-3917680449-3251823053-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-568048905-3917680449-3251823053-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: rvlkl.lnk = C:\ProgramData\rvlkl\rvlkl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\caecccc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\caecccc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\caecccc\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully C:\Users\caecccc\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=277 folders=57 1424862506 bytes) ==== Empty Temp Folders ====================== C:\Users\caecccc\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Guest\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\caecccc\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "c:\users\caecccc\appdata\local\Linkey" not found "C:\Users\caecccc\AppData\Local\Linkey" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 11/02/2015 at 11:17:19,00 ======================