Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by lida on wo 20-05-2015 at 9:16:54,36. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\lida\Desktop\zoek.exe [Scan all users] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-05-20-065851.log 416 bytes ==== Possible Rootkit Infection ====================== C:\Windows\installer\{3942a362-6706-1187-174e-39ca927326da}\L C:\Windows\installer\{3942a362-6706-1187-174e-39ca927326da}\U ==== Empty Folders Check ====================== C:\PROGRA~2\AppName deleted successfully C:\PROGRA~2\NTI deleted successfully C:\PROGRA~2\PrivaZer deleted successfully C:\PROGRA~2\SystemAide deleted successfully C:\PROGRA~2\VS Revo Group deleted successfully C:\PROGRA~2\WinAVI deleted successfully C:\PROGRA~2\Wise deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\RegRun deleted successfully C:\PROGRA~3\WinZipEC deleted successfully C:\Users\lida\AppData\Roaming\AdobeUM deleted successfully C:\Users\lida\AppData\Roaming\Beeq deleted successfully C:\Users\lida\AppData\Roaming\BitTorrent deleted successfully C:\Users\lida\AppData\Roaming\Malwarebytes deleted successfully C:\Users\lida\AppData\Roaming\TP deleted successfully C:\Users\lida\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Administrator.acer5336.000\AppData\Local\kpn deleted successfully C:\Users\lida\AppData\Local\Downloaded Installations deleted successfully C:\Users\lida\AppData\Local\Zylom Games deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== \"Nero SoundTrax Help ęTorrent 64 Bit HP CIO Components Installer Aangifte inkomstenbelasting 2010 Aangifte inkomstenbelasting 2011 Acer Backup Manager Acer ePower Management Acrobat.com Adobe AIR Adobe Flash Player 16 ActiveX Adobe Flash Player 17 NPAPI Adobe Reader XI (11.0.11) - Nederlands Adobe Refresh Manager Adobe© Photoshop© Album Starter Edition 3.0 Advertising Center Aidfile recovery software professional version 3.6.6.2 Backup Manager Basic Compatibiliteitspakket voor het 2007 Microsoft Office system D3DX10 DolbyFiles ESET NOD32 Antivirus Facebook Video Calling 3.1.0.521 Firebird 2.5.0.26074 (Win32) FLAC To MP3 V4.0.4 Free Audio Converter version 5.0.22.128 Google Chrome Google Update Helper HD Tune 2.55 HP Update Identity Card ImagXpress Intel(R) Graphics Media Accelerator Driver Intel(R) Rapid Storage Technology IPTInstaller Java 8 Update 45 Java Auto Updater Junk Mail filter update Launch Manager Maxthon Cloud Browser Menu Templates - Starter Kit Mesh Runtime Messenger Companion Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office Professional Editie 2003 Microsoft Security Client NL-NL Language Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Templates - Starter Kit MSI to redistribute MS VS2005 CRT libraries MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2758694) MySQL Connector C++ 1.1.5 MySQL Connector J MySQL Connector Net 6.9.5 MySQL Connector/C 6.1 MySQL Connector/ODBC 5.3 MySQL Documents 5.6 MySQL Examples and Samples 5.6 MySQL Installer for Windows - Community MySQL Notifier 1.1.6 MySQL Server 5.6 Nero 8 Nero 9 Nero BurningROM Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress neroxml NetWorkingWizard_ICM Newzbin Nokia Connectivity Cable Driver PCStreams Realtek USB 2.0 Card Reader SAMSUNG Mobile Modem V2 Software Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Servicetool Skype Click to Call SkypeT 7.0 SoundTrax Speccy Spotify Spotnet Synaptics Pointing Device Driver Torrent Stream 1.0.6 TuneUp Utilities Language Pack (nl-NL) VCRedistSetup Verzoek of wijziging voorlopige aanslag 2011 Verzoek of wijziging voorlopige aanslag 2012 VLC media player 0.9.8a Welcome Center Winamp Winamp Applicatie Detect Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Apparaatcentrum WinRAR 5.20 (32-bit) WinRAR 5.20 (64-bit) WinZip 17.5 YTDPro ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Repair.exe C:\Users\lida\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20-05-2015_1029_.backup ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20-05-2015_1029_.backup ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20-05-2015_1029_.backup ProfilePath: C:\Users\lida\AppData\Roaming\TomTom\HOME\Profiles\l6ycvcc1.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20-05-2015_1029_.backup ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\4d26s7ug.default prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AppName not found C:\PROGRA~2\NTI not found C:\PROGRA~2\PrivaZer not found C:\PROGRA~2\SystemAide not found C:\PROGRA~2\VS Revo Group not found C:\PROGRA~2\WinAVI not found C:\PROGRA~2\Wise not found C:\PROGRA~2\Unlocker deleted C:\PROGRA~2\Digital Trends deleted C:\PROGRA~3\128654331398327123 deleted C:\Users\lida\.android deleted C:\PROGRA~2\GUT5763.tmp deleted C:\PROGRA~2\GUTFC69.tmp deleted C:\PROGRA~2\GUMFC58.tmp deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\RegUse deleted C:\bbuninst.exe deleted C:\install.exe deleted C:\found.000 deleted C:\Users\Administrator.acer5336.000\AppData\Roaming\ProductData deleted C:\Users\lida\AppData\Roaming\appdataFr3.bin deleted C:\Users\lida\AppData\Roaming\BitLord deleted C:\Users\lida\AppData\Roaming\ProductData deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\Wondershare Video Converter Ultimate deleted C:\PROGRA~3\Funny Bear Studio deleted C:\PROGRA~3\ProductData deleted C:\Users\lida\AppData\Local\nss52AC.tmp deleted C:\Users\lida\AppData\Local\nsy3CCC.tmp deleted C:\Users\lida\AppData\Local\8B692337-1430410784-DF11-9D42-88AE1D990611 deleted C:\Users\lida\AppData\Local\Avanquest North America deleted C:\Users\lida\AppData\Local\BitLord deleted C:\Users\lida\AppData\Local\avgchrome deleted C:\Users\lida\AppData\Local\cache deleted C:\Users\lida\AppData\LocalLow\ADSRemoval deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\User deleted C:\Windows\Syswow64\GroupPolicy\Machine deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader2@ftdownloader.com.xpi deleted C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi deleted "C:\Users\lida\AppData\Roaming\2MzXENkj8" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\iobitapps@mybrowserbar.com" deleted "C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\iobitapps@mybrowserbar.com" deleted "C:\PROGRA~3\1c9126ec9d00b53\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141020173549" deleted "C:\Users\lida\AppData\Roaming\Kigu\noor.oll" deleted "C:\Users\lida\AppData\Roaming\driver\driver.html" deleted "C:\Users\lida\AppData\Roaming\Kieked\gape.zes" deleted "C:\PROGRA~3\1c9126ec9d00b53" deleted "C:\Users\lida\AppData\Roaming\Kigu" deleted "C:\Users\lida\AppData\Roaming\driver" deleted "C:\Users\lida\AppData\Roaming\Kieked" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 1978 MB CPU Info: Intel(R) Celeron(R) CPU 900 @ 2.20GHz CPU Speed: 2192,1 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Broadcom 802.11n-netwerkadapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT32N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 219,8GB Hard Disks - Free: C: 123,3GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 08/17/10 | DELL - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer JE51_MV Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: ESET NOD32 Antivirus 8.0 disabled (Outdated) Default Browser: Maxthon Cloud Browser 4, 4, 5, 1000 Internet Explorer Version: 11.0.9600.17801 Google Chrome version: 42.0.2311.152 Adobe Reader version: 11.0.11.18 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) Flash Player version: 17.0.0.169 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\lida\AppData\Local\Temp ==== 2015-05-13 05:48:14 4DAE3266AB0BDB38766836008BF2C408 489472 ----a-w- C:\Users\lida\AppData\Local\Temp\SDIAG_a0564700-d0bd-4bb5-97fe-9e9a06335bbf\DiagPackage.dll 2015-05-10 16:07:56 EF1891A9B74E6FF57F7EB3668B9F8F66 2959504 ----a-w- C:\Users\lida\AppData\Local\Temp\HPSUNW5I.JMG\hpusetup.exe 2015-05-10 16:07:55 670FBC743EBC5484419D8EEB62482267 123392 ----a-w- C:\Users\lida\AppData\Local\Temp\HPSUNW5I.JMG\HpsuPreProc2.exe 2015-05-07 08:51:05 60358C327CCB03EF60DA426F70E5D3D5 4547936 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service.exe 2015-05-07 08:19:06 C853450F4BBBEAFA767BBE4FDB1ED679 115552 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\tv_x64.dll 2015-05-07 08:19:05 DBEA0245002D8FFA8F23CEFEAA71852D 95584 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\tv_w32.dll 2015-05-07 08:19:05 4157FC04F3B5AC3477E48346BEC4CC30 2721120 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_StaticRes.dll 2015-05-07 08:19:05 04ED8B8109B9F3A31E998206061DBCF9 315744 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Resource_nl.dll 2015-05-07 08:19:04 E76DAE70915CBD2168D3DD03D93E05C2 238432 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe 2015-05-07 08:19:03 5CD05A591DC60886812D802E7E03A902 202592 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe 2015-05-07 08:19:00 BE6D3527BFA6E39AF8D1B26FC22CF0CB 4369760 ----a-w- C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-05-17 16:09:06 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 15:37:20 CFCB89C0FE8EF502A7934C0D20E5DBD6 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-05-17 15:37:20 C3120D99E6DA7878A1DD2D88138AC60A 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-05-17 15:37:20 9025CA7BCD6B7956366FC90B3D6E3933 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-17 15:37:19 8C00AB01B1BC1E2F69765776BBC5A5D1 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-17 15:37:18 AA2F2D55DEF98007839D0189D721D70B 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-05-17 15:37:18 6388FC82897DDDA607BBE3580D75AE15 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-05-17 15:37:17 D74445161E58644309F858342F5E265C 19691008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-05-17 15:37:17 C2EB0AA5570CF8BC881B36EE55A59337 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-05-17 15:37:17 C1A32612710492D0C3339E46EC15E333 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-05-17 15:37:17 7B4FA4B41FBDBB12C5038FCB6E6652AA 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-05-17 15:37:17 746BBC86351D07859D8B40056447F7B2 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-17 15:37:15 28313FF0DE83EAD8F5EF1B963D9078C3 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-05-17 15:37:14 E993B5E929F46A52E9F4EB68A7855CDF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-05-17 15:37:14 63A2E3E9C771B1D4D7D84942D6FCB661 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-05-17 15:37:14 136687227F11CE928CB05F4FD90319AC 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-05-17 15:37:13 F2DB87F164BC13AB8EF90FBF5D866B65 664576 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-05-17 15:37:13 CC4974FCF9387F32A0FF87BCE093A5AD 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-05-17 15:37:13 C525258A00ECFB4CE089F54C163268C3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-05-17 15:37:12 3CE5DE0730C22A54FE783DB8A989E8BD 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-05-17 15:37:12 1BBC9CFD29A62D80FB77BB69BFF7513C 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-05-17 15:37:11 BCFA71A878903B5F92A7AFEFCCC5CA97 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-05-17 15:37:11 5AAC24BF6C4A54DA526CC6244DEBE227 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-05-17 15:37:11 0E22CD36FC3292CB812CC46CBCFD8444 12828672 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-05-17 15:37:04 CB5F450D21B9D76B7F01D006E4AEDB40 1882112 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-05-17 15:37:04 6E2B4875B968324E5844F35A37A79260 4305920 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-05-17 15:37:04 1C5C5B5EF9CFDFC897D4549A2385DB3A 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-17 15:37:03 37625FC1DAF886F1980E2D8F315B93AC 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-05-17 15:37:03 07E82A31808C8BC053D1DE547082C58F 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-05-17 15:36:01 2665A3D34D1C62DF303723422215B001 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-05-17 15:36:00 D0CA74BE380498A0111A73EB9C76CF8F 342016 ----a-w- C:\Windows\SysWOW64\certcli.dll 2015-05-17 15:33:31 C22AB1781BC6F0BB1C9B352CF66DBFFC 1250816 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2015-05-17 15:33:13 418AEC0CE89A13200F2820079B9CDFD9 216064 ----a-w- C:\Windows\SysWOW64\InkEd.dll 2015-05-09 17:30:01 8D50ED3F0FBE3590AB0D43BF7B60E57A 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-09 17:30:00 0A66C88B087249742381924AB8F9EFCC 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-09 17:29:59 D0F574320615303ADECDCB452EBB8930 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll 2015-05-09 17:29:58 A44680B810977EA64E280523E96F2EA9 1310744 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-05-09 17:29:57 7A5824DC9A85FCE4334F57FF0795853E 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2015-05-09 17:29:57 1569F20BB9DB9FDC87A6D3C8A3726ABF 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-05-09 17:29:56 EB058143B57ED460AC4F2DFBA104BBFF 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-05-09 17:29:55 C6D2D384B6232B0B800234C03C50979F 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-05-09 17:29:55 8C45A65ED20B487085B79EEFCC08D160 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll 2015-05-09 17:29:55 54A01CC4BC47B31C5CD082D064AB37BC 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-05-09 17:29:54 850F756363237A2EB069B9B25EF8BEC3 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-05-09 17:29:54 7F99900705E249E9D5C55E490B7D076E 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-05-09 17:29:54 74C0EC1257698176E288DA282F318E1C 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-05-09 17:29:54 66D6A06936088E412E29A182679F0D71 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-05-09 17:29:54 0B6E937863837BA3383E9CE9200DDF1E 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-05-09 17:29:53 FCB1C8345C794FE89ABA03B4CA3131BB 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-05-09 17:29:53 D9E25B4BD2120CC5183CCCE9421C7AFE 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-05-09 17:29:53 AFFE5747054D03F8CEE18A8518A9AA34 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-05-09 17:29:53 97B30711DC6CA0EA4EACEDCE8080A3B4 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-05-09 17:29:52 F286528898342F0F1EB402606750C391 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-05-09 17:29:52 ABA025664F9F42C568B2C022AADCB18F 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-05-09 17:29:52 99A508910BB06DFBE99D9AF7D6B4E950 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-05-09 17:29:52 3346701038E55BD366F3D5CE31F55483 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-05-09 17:29:51 79AF005633B7E41B7A194A7E7B9D3D93 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-05-09 17:29:51 741DB93796E7D4F3F804C13537FB40F4 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-05-09 17:29:51 6BB13D5E12C5C4D829C1D640DF269EA0 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-05-09 17:29:49 F43CB86F9536B17E5C7CFCFB48ACBE54 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-05-09 17:29:48 D9716B488CC27652C12B1B5E0944987E 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-05-09 17:29:48 9638DA21E965E23C85C4319F3F66D824 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-05-09 17:29:48 86B2AC15999BB4F8B5C84AB6154A1783 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-05-09 17:29:47 D079A408CC3E22A09D1260A6F18FC0FD 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-05-09 17:29:47 BF9BB4113E9FCDABD4C703DDD06293F3 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-05-09 17:28:39 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\SysWOW64\wpdshext.dll 2015-05-09 17:22:59 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2015-05-09 17:22:57 B01B8C949EDEC1B8A856E3056BDA7C42 1372160 ----a-w- C:\Windows\SysWOW64\dwmcore.dll 2015-05-09 17:22:56 F7F135F7702E0FB3EFE89283E2BE2EBB 67584 ----a-w- C:\Windows\SysWOW64\dwmapi.dll 2015-05-09 17:22:37 D3E8C7FADB758E5D222C639CC65790AD 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll 2015-05-09 17:22:37 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-05-09 17:22:36 DCA2C6E7990771209CDD8E9DA90ED0E2 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-05-17 16:09:06 189FB45D7442083AE8A2E4E612233EF7 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 15:37:20 E802824B9B4A16355A5233A7B8215ECE 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-05-17 15:37:20 9DCD15027A13195ABA68B40A5EB26691 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-05-17 15:37:19 70EDB996FE1BCB699232A15CB0D0FA32 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-05-17 15:37:18 5EDC6AF7589B65C89CB1154B3377D0C4 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-05-17 15:37:18 1122DD841CCB7E07EF41039CBD66A29E 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-05-17 15:37:17 6D2787CD32595A91969502A399E7BA48 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-05-17 15:37:14 ED4EB5A0CDD251A17B946C515CB94D70 1547264 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-05-17 15:37:14 D7B9EEF960F68DC18724BB5F89A464DD 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-05-17 15:37:13 010F562B961AB8CAEC7A0C72F8FDD690 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-05-17 15:37:12 2A2CDE78F9E9019AD0E4D804A02688A3 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-05-17 15:37:11 EB9FCD39D65E23380CB2C2F0E6F2ED53 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-05-17 15:37:11 E20B5098C8707B2CF0858024568234FF 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-05-17 15:37:09 F28577138120BA7E5423820D4B4C4727 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-05-17 15:37:09 49B1935F131A44CD29857D6900CB643F 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-05-17 15:37:05 F918BE3C5ACA0B6485D725CC1A5348DC 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-05-17 15:37:05 843D063E75B19188759CBEC82828BCB1 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-05-17 15:37:04 B85ECB91C88F6E74045061B7F7DDEFA2 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-05-17 15:37:04 29BBA65402DD568F49C837533F269482 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-05-17 15:37:04 0B4E78E6E65D1FD2CE55C93CF1EFD623 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-05-17 15:37:02 CA0369799519F33DDE8FD26F5D87D014 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-05-17 15:37:02 1D610F215769E4FF56C7B1847DE4B86D 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-05-17 15:37:01 E061B5A1D0F9BBACA41149201ADF4A3B 14401536 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-05-17 15:37:00 FFC30231459FC44FD73E07532C707791 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-05-17 15:37:00 63061A0826839DE8F5B4713976C99F1B 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-05-17 15:37:00 1921A72BF1273BED72E569EF1F1A0611 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-05-17 15:36:59 F0289B3A341429117696F0279DA977B6 2352128 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-05-17 15:36:59 DC1200D3C3AC1E69A4DAD053BC26BF0D 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-05-17 15:36:59 79A4C71CD8B610DE9F66B72B5654C450 6025728 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-05-17 15:36:58 C1D6BD834E69E8F77C8B4DDFCEE073F6 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-05-17 15:36:57 F2A1718334172C0F4E231E998F6CB8AB 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-05-17 15:36:57 5A18ACE782C215300BE1C82D9EDC565B 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-05-17 15:36:56 C31D57F7A58FACDA2671075CEBA75199 24971776 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-05-17 15:36:01 ED4B980701D081AC42F7B121C1E42149 460800 ----a-w- C:\Windows\Sysnative\certcli.dll 2015-05-17 15:36:01 8AD8D17425C75D2621B2CDFE0DEABD21 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-05-17 15:33:43 71C85477DF9347FE8E7BC55768473FCA 328704 ----a-w- C:\Windows\Sysnative\services.exe 2015-05-17 15:33:33 E612E86FA15EA1EF9A52433A2743C447 1179136 ----a-w- C:\Windows\Sysnative\FntCache.dll 2015-05-17 15:33:32 490505F6E53EF046EC70A353BC9CD615 1647104 ----a-w- C:\Windows\Sysnative\DWrite.dll 2015-05-17 15:33:31 D858C33B133740D5F1F1CF71C33F6355 3204608 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-05-17 15:33:13 2B36E0C5C262437E1B098344DEFA55F8 275456 ----a-w- C:\Windows\Sysnative\InkEd.dll 2015-05-17 15:33:10 6B0F962B1EE486FFE7BCABBC9C736976 24576 ----a-w- C:\Windows\Sysnative\jnwmon.dll 2015-05-09 17:30:07 EA8A3E8C674B03CB4AFA1D344DBD7BC1 1254400 ----a-w- C:\Windows\Sysnative\diagtrack.dll 2015-05-09 17:30:07 D449C36379EBEFD3CCDAEC328002BB5B 36864 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2015-05-09 17:30:03 A985325F4FE72FB003749A2FBBA9952E 5569984 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-05-09 17:30:02 8453010B6512DAEAFC61CC0836FA137E 1728960 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-05-09 17:29:59 10D39E74B0D5011A8C199B9646579C3F 879104 ----a-w- C:\Windows\Sysnative\tdh.dll 2015-05-09 17:29:58 B01B21E15671ACD3F0AD131DC4CABFC7 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll 2015-05-09 17:29:58 1C9F2F4A2C603739BD8CC8C64310AFD7 1162752 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-05-09 17:29:57 DA8B541825991F6699790E617FF0FF60 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-05-09 17:29:57 408A8232E84515E4AA819E0C95E65257 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-05-09 17:29:56 FDF1E0FD74DED0034BA6FFB665E0641E 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-05-09 17:29:56 EE27E1D639E3807229C15AF94320CF0A 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe 2015-05-09 17:29:56 A0BCD6A64281492EFAE02AC144A335F1 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-05-09 17:29:56 9C5DBA74D0C641C2A4ABDC79969B7BEF 104448 ----a-w- C:\Windows\Sysnative\logman.exe 2015-05-09 17:29:56 52146DBFE253B83FAB1980AA704C7974 113664 ----a-w- C:\Windows\Sysnative\sechost.dll 2015-05-09 17:29:56 0CD609B1143961F5C3BA691729A6A5DA 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-05-09 17:29:55 E55A72876BC5E244D0A8F7F07862A939 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-05-09 17:29:55 D17DD01601460F5899E5C154B3FD0BFA 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-05-09 17:29:55 CCAB9BE9C9100C5F54A5A8F355730841 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-05-09 17:29:55 52935C072F8D5A92508AA3A3CC9133C7 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-05-09 17:29:54 FE60A67032A5C94F6ACE483C8FE84105 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe 2015-05-09 17:29:54 DA5EF2CC0764BE7097BAFA9CAF903FE8 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-05-09 17:29:54 CD3770C78AFFC223A3B9D38F27B7A309 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-05-09 17:29:54 40C5EA47D4AEC96249B09BF0C076A60C 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-05-09 17:29:54 2292CD8500725B94B7D2E3C0C84F2D19 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-05-09 17:29:53 ACE24D86D2714FCC1639F890DF54951B 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-05-09 17:29:53 A3DCC3D8BB57E31EA07949313CC3A3CF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-05-09 17:29:53 9262D6E2C239EDD6D87B080F2BCCEC9F 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-05-09 17:29:53 79F036EB691ABBA84E8EB1715E5F2B17 43008 ----a-w- C:\Windows\Sysnative\relog.exe 2015-05-09 17:29:53 4DD0098FFAB4664DB979537C48AE055F 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-05-09 17:29:52 E1B0C7042BA7B8903D60DF3885F2DFE7 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-05-09 17:29:52 D2602AC48B38FA10956E32D18E7143B0 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-05-09 17:29:52 BB7BAF9532DBA5AB4009E981687D1EA6 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe 2015-05-09 17:29:52 8C711AF30BE3991050D0D011D92CFBE0 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-05-09 17:29:52 0D9BDBE780DD81757AC5AF87E8B1EBEC 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-05-09 17:29:51 D205305FB0E352A9D4CF922D6A016BF4 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-05-09 17:29:51 ADC2D7B5BFF277E5A9FACE6A21A24ABC 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-05-09 17:29:51 50EBA6640805F6D5EF4A0DCEF2D180AB 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-05-09 17:29:48 AF278DB00C43E925E58C8CA2C0CF4C71 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-05-09 17:29:48 90293AAC2AB0908BFF98ADB89CEBC931 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-05-09 17:29:47 90DC7B112F946B412C9CDC6F459F4053 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-05-09 17:29:47 7A448B8CED7F7348C36159D5CC8E19ED 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-05-09 17:28:39 E5404072A5A9E0B452ADDF1D1339176C 2543104 ----a-w- C:\Windows\Sysnative\wpdshext.dll 2015-05-09 17:22:59 C7E50B04623FC6FF54EAF88938A8936E 142336 ----a-w- C:\Windows\Sysnative\poqexec.exe 2015-05-09 17:22:57 20E761A4D203D5F403B6EC2FB95B7A6B 1632768 ----a-w- C:\Windows\Sysnative\dwmcore.dll 2015-05-09 17:22:56 DDFCECAADEE51EFB82A0548BE5EBD8AC 82944 ----a-w- C:\Windows\Sysnative\dwmapi.dll 2015-05-09 17:22:37 F55F287810AAF708618793764AF7D1BB 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe 2015-05-09 17:22:37 83BFCCAC53795E8A5055A93672D0C46C 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll 2015-05-09 17:22:37 31D260ADAF1CCFEFC49DB9FBCE9986DA 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll 2015-05-09 17:22:36 7E21D3072EB20D5400919D435D549A9B 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll ====== C:\Windows\Sysnative\drivers ===== 2015-05-09 17:29:56 F7DFAE6040AC910B7C64EE208A34157D 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-05-09 17:29:56 8FE94F2EF9BF444E93E35D87E210D02F 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-05-01 04:55:14 AD8A16CEDA88D4792D20D83A30321295 3292 ----a-w- C:\Windows\Sysnative\Tasks\{9883DDD3-C4CE-4568-BDD1-C520671A1B93} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-05-17 08:02:34 -------- d-----w- C:\Program Files\Trend Micro 2015-05-09 18:02:34 -------- d-----w- C:\Program Files\MySQL 2015-04-29 14:10:45 -------- d-----w- C:\Program Files\ESET ======= C:\PROGRA~2 ===== 2015-05-19 16:13:34 -------- d-----w- C:\PROGRA~2\HD Tune 2015-05-11 15:46:11 -------- d-----w- C:\PROGRA~2\Newzbin 2015-04-30 18:32:17 -------- d-----w- C:\PROGRA~2\COMMON~1\DVDVideoSoft 2015-04-30 18:32:16 -------- d-----w- C:\PROGRA~2\DVDVideoSoft ======= C: ===== 2015-05-04 18:37:16 8BBBD3DC353DCDA2926766A326349344 13870 ----a-w- C:\mailware 4-5-2015.txt ====== C:\Users\lida\AppData\Roaming ====== 2015-05-17 07:50:19 -------- d-----w- C:\Users\lida\AppData\Local\AviraResume 2015-05-17 07:14:42 -------- d-----w- C:\Users\lida\AppData\Locallow\Trend Micro 2015-05-16 16:21:19 3AE356605142AD59DAF81E2E082CAA11 36 ----a-w- C:\Users\lida\AppData\Local\housecall.guid.cache 2015-05-11 16:03:59 -------- d-----w- C:\Users\lida\AppData\Local\_ 2015-05-10 16:11:03 -------- d-----w- C:\Users\lida\AppData\Roaming\HpUpdate 2015-04-30 18:32:17 -------- d-----w- C:\Users\lida\AppData\Roaming\DVDVideoSoft 2015-04-30 14:11:21 -------- d-----w- C:\Users\lida\AppData\Local\ESET 2015-04-29 15:16:41 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\ESET 2015-04-22 19:24:25 -------- d-----w- C:\Users\lida\AppData\Local\mquadr.at ====== C:\Users\lida ====== 2015-05-19 16:13:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2015-05-19 16:12:45 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\lida\desktop\hdtune_255.exe 2015-05-19 15:57:55 B944B853023312DEBA65AD08D30D6F6A 6484352 ----a-w- C:\Users\lida\desktop\ccsetup505.exe 2015-05-19 12:48:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\lida\desktop\RSITx64.exe 2015-05-19 12:38:27 678AB0E8665345E72D11149A36F965BE 5127432 ----a-w- C:\Users\lida\desktop\spsetup128.exe 2015-05-16 16:22:25 -------- d-----w- C:\ProgramData\Trend Micro 2015-05-11 15:46:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newzbin 2015-05-10 16:12:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-05-06 08:25:25 -------- d-----w- C:\Users\lida\Intel 2015-05-06 05:37:10 -------- d-----w- C:\ProgramData\Acebyte 2015-04-30 18:51:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-04-30 18:33:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-04-22 19:24:46 -------- d-----w- C:\ProgramData\mquadr.at 2015-04-22 19:24:09 -------- dc-h--w- C:\ProgramData\{6511AE77-911F-4CA2-A15A-510F904C6E3E} ====== C: exe-files == 2015-05-20 06:29:02 FFDD29F8C0A8CEBC8D8464F20BFAE44F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-322041493-2860374838-2779380684-1001\$IUADMUD.exe 2015-05-20 06:20:33 F68A5507E37C1FC1C17F6B1A6BFF582E 1308672 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-322041493-2860374838-2779380684-1001\$RUADMUD.exe 2015-05-19 16:13:35 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files (x86)\HD Tune\HDTune.exe 2015-05-19 16:13:34 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files (x86)\HD Tune\unins000.exe 2015-05-19 12:49:54 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\lida.exe 2015-05-18 11:02:23 D114497B17F8118E6AAD27735B467D3A 41774672 ----a-w- C:\Program Files (x86)\Google\Update\Install\{6F9988F6-6CAF-468A-8184-AA87BA0A7D89}\42.0.2311.152_chrome_installer.exe 2015-05-18 11:00:56 D114497B17F8118E6AAD27735B467D3A 41774672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.152\42.0.2311.152_chrome_installer.exe 2015-05-18 05:56:34 D308FEE17FBACB94C2E27067AE2C57A6 1044048 ----a-w- C:\Program Files (x86)\Google\Update\Install\{7EB6BFF5-AE80-43CE-BA56-DA1C988D2DE6}\42.0.2311.152_42.0.2311.135_chrome_updater.exe 2015-05-18 05:56:33 D308FEE17FBACB94C2E27067AE2C57A6 1044048 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.152\42.0.2311.152_42.0.2311.135_chrome_updater.exe 2015-05-17 15:37:18 4B3D652AACEE4FE636F74CB8015BF00E 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-05-17 15:37:14 A2A98DBD9E13B81AB68FB6A699A157CB 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-05-17 15:37:14 2AA6685FC67CDD231BA0345112DFEE89 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-05-17 15:37:13 EC75F14CC85659C780A0DC575F7B1242 815304 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-05-17 15:37:06 CDBB6EFC96D0567951A13A6ABDCA1FDE 484864 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-05-17 15:37:04 ABE6FDB01D22FD63BB190BF95F5BC9B6 813776 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-05-17 15:33:17 D5E35700566B225CBF8ECD7F92C460C8 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2015-05-17 15:33:12 0DBC9BB05703CA0D8792E2075D62B3C3 51200 ----a-w- C:\Program Files\Windows Journal\PDIALOG.exe 2015-05-17 13:59:04 6732C4A894855042FD3618406B6BBD48 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe 2015-05-17 13:59:04 0894890F30B5F6510DF953BC50B5504F 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe 2015-05-17 13:58:57 F6EEE6848E933962E12E7B3F25C73C88 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe 2015-05-17 13:58:40 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe 2015-05-17 13:51:19 BB3045B399D898061B926B447C446E05 127816 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe 2015-05-17 13:51:13 6509A96DAE25340772B51AC020CB1094 304968 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe 2015-05-17 13:51:12 8715A0D10CFFC8DEE923957F07DAA042 244040 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe 2015-05-17 13:51:11 0C03FB91E17987EED93F60007B08DAA0 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe 2015-05-17 13:50:34 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C6F54417-4287-466E-AAB0-E1F9CA57E16D}\GoogleUpdateSetup.exe 2015-05-17 13:50:34 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe === C: other files == 2015-05-17 08:19:10 4EA7AD2C5B743F48ECFF282BBC62D076 152176 ----a-w- C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1107\Helper\chrome_tmbep.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-322041493-2860374838-2779380684-1001\Software\Microsoft\Windows\CurrentVersion\Run] "MySQL Notifier"="C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Servicetool"="C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe /auto" "OOTag"="C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "RegUse"="C:\Program Files (x86)\RegUse\RegUse.exe" "NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Target"="\??\C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe" "Target"="\??\C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe" "Target"="\??\C:\Users\lida\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe" "Target"="C:\Windows\system32\rundll32.exe c:\Program Files (x86)\SystemAide\SystemAide.dll,serv" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MySQL Notifier"="C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice" "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" "ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CleanGeniusTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CleanGeniusTray" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Portable\\EaseUS CleanGenius Pro 3.0.6\\CleanGeniusTray.exe\" -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^lida^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lucas---Gea----Met-Een-Lach-Door-Het-Lev....lnk] "path"="C:\\Users\\lida\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Lucas---Gea----Met-Een-Lach-Door-Het-Lev....lnk" "backup"="C:\\Windows\\pss\\Lucas---Gea----Met-Een-Lach-Door-Het-Lev....lnk.Startup" "backupExtension"=".Startup" "command"="C:\\ProgramData\\{cfc5e77c-a01b-4c2a-cfc5-5e77ca019df2}\\Lucas---Gea----Met-Een-Lach-Door-Het-Lev....exe --startup=1" "item"="Lucas---Gea----Met-Een-Lach-Door-Het-Lev..." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^lida^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Muziekgallerij - Piraten Hits Deel 1.rar (1).lnk] "path"="C:\\Users\\lida\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Muziekgallerij - Piraten Hits Deel 1.rar (1).lnk" "backup"="C:\\Windows\\pss\\Muziekgallerij - Piraten Hits Deel 1.rar (1).lnk.Startup" "backupExtension"=".Startup" "command"="C:\\ProgramData\\{72db956a-0094-df40-72db-b956a00955a8}\\Muziekgallerij - Piraten Hits Deel 1.rar (1).exe --startup=1" "item"="Muziekgallerij - Piraten Hits Deel 1.rar (1)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^lida^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk] "backup"="C:\\Windows\\pss\\Socialbox.lnk.Startup" "backupExtension"=".Startup" "item"="Socialbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Adobe LM Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-322041493-2860374838-2779380684-1001Core.job --a------ C:\Users\lida\AppData\Local\Facebook\Update\FacebookUpdate.exe [20-10-2012 10:25] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-322041493-2860374838-2779380684-1001UA.job --a------ C:\Users\lida\AppData\Local\Facebook\Update\FacebookUpdate.exe [20-10-2012 10:25] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-01-2014 08:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-01-2014 08:19] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DriverDocRunAtStartup" [C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-322041493-2860374838-2779380684-1001Core" [C:\Users\lida\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-322041493-2860374838-2779380684-1001UA" [C:\Users\lida\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FGRun" [C:\Users\lida\AppData\Roaming\pack.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\Maxthon Update" ["C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe"] "C:\Windows\SysNative\tasks\MySQLNotifierTask" ["C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe"] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_lida" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\{16264CB2-FA2C-4A79-AE2F-FEB3E4B01E96}" [C:\Users\lida\Documents\MioMore Desktop 7.50\Miomore.exe] "C:\Windows\SysNative\tasks\{363A4F1F-2030-43A4-A9F1-AAE8D965DB1A}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.124.259/nl/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\{5CC65132-301E-4A79-A315-58DE15776319}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsWLM] "C:\Windows\SysNative\tasks\{637FC946-ED04-41D3-BB17-C72697FC4891}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsWLM] "C:\Windows\SysNative\tasks\{67DB1F6A-3A0F-4419-B316-43EC4028A013}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsWLM] "C:\Windows\SysNative\tasks\{7ACDE0EB-8998-4433-841E-591E98AC7FB5}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.9.0.115.259/nl/abandoninstall?source=lightinstaller&page=tsInstall] "C:\Windows\SysNative\tasks\{E7D35BEE-5F5E-45A2-A83F-6FB7B1B3D848}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.0.106/nl/abandoninstall?page=tsMain] "C:\Windows\SysNative\tasks\{EAD41A0C-51EB-4BF0-ADE6-FF55857B6C6C}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.9.0.115.259/nl/abandoninstall?source=lightinstaller&page=tsBing] "C:\Windows\SysNative\tasks\MySQL\Installer\ManifestUpdate" ["c:\program files (x86)\mysql\mysql installer for windows\mysqlinstallerconsole.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\0 user_pref("browser.search.defaultenginename", "Yahoo!"); user_pref("browser.search.selectedEngine", "Yahoo!"); ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user_pref("browser.search.defaultenginename", "Yahoo!"); user_pref("browser.search.selectedEngine", "Yahoo!"); ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0 user_pref("browser.search.defaultenginename", "Yahoo!"); user_pref("browser.search.selectedEngine", "Yahoo!"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0 - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF ProfilePath: C:\Users\lida\AppData\Roaming\TomTom\HOME\Profiles\l6ycvcc1.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ProfilePath: C:\Users\lida\AppData\Roaming\Mozilla\Firefox\Profiles\4d26s7ug.default - Undetermined - %ProfilePath%\extensions\{} AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator.acer5336.000\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator.acer5336.000\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\lida\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\lida\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.152 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions chgdeabpmphfhkoemjjglmilajldekbp - No path found[] fheoggkfdfchfphceeifdbepaooicaho - No path found[] ochbjojkpcmlfeagbaahkofepalngihg - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions begbnpffhnpedhocnobliippgejhjpfp - C:\Users\lida\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx[] ochbjojkpcmlfeagbaahkofepalngihg - C:\Users\lida\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx[29-04-2014 23:29] Docs - Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo TrendMicro BEP Extension - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee Google Search - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - lida\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\lida\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.nl/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Start Page"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Start Page"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Bar"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Bar"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" "newtab"="about:tabs" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" "newtab"="about:tabs" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Start Page"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41&st=chrome&q=" "Start Page"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385309377133&tguid=75087-8679-1385309377133-24EDB6A237F38848738F73278FBC2B41" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-322041493-2860374838-2779380684-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d640ce67-58e4-43c2-9adc-6bb959d7c606} deleted successfully HKEY_USERS\S-1-5-21-322041493-2860374838-2779380684-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d640ce67-58e4-43c2-9adc-6bb959d7c606} deleted successfully HKEY_USERS\S-1-5-21-322041493-2860374838-2779380684-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d640ce67-58e4-43c2-9adc-6bb959d7c606} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d640ce67-58e4-43c2-9adc-6bb959d7c606} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\begbnpffhnpedhocnobliippgejhjpfp deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll O4 - HKLM\..\Run: [Servicetool] C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe /auto O4 - HKLM\..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [RegUse] C:\Program Files (x86)\RegUse\RegUse.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL56 - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator.acer5336.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Administrator.acer5336.000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\lida\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=257 folders=103 120885591 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Administrator.acer5336\AppData\Local\temp emptied successfully C:\Users\Administrator.acer5336.000\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Gebruiker\AppData\Local\temp emptied successfully C:\Users\lida\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\lida\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ibB115.tmp" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ibB116.tmp" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ibB117.tmp" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ibB186.tmp" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ibC729.tmp" not found ==== EOF on wo 20-05-2015 at 13:50:30,66 ======================