Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by andre on za 24/09/2016 at 12:47:27,06. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Documents and Settings\andre\Bureaublad\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 24/09/2016 12:48:15 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Documents and Settings\andre\Application Data\Mozilla deleted successfully C:\Documents and Settings\andre\Application Data\WinRAR deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\RobloxVersions deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\urpsVhmi deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\YJzvmlyz deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\YJzvmlyzdy deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\YJzvmlyzdyn deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\YJzvmlyzdynojje deleted successfully C:\Documents and Settings\andre\Local Settings\Application Data\YJzvmlyzdynojjel deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d010537-9e99-400b-b652-b0d5a5757e5d} deleted successfully HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{197799DF-4DB1-4E46-AE89-32FF0DD529D3} deleted successfully HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BFF6ED0-B342-4BC1-A7CA-F650D794917C} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{6d010537-9e99-400b-b652-b0d5a5757e5d} deleted successfully HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully ==== Installed Programs ====================== 1400 1400_Help 1400Trb Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin AiO_Scan AiOSoftware ATI - Software-verwijderprogramma ATI Catalyst Control Center ATI Display Driver AVG AVG 2016 AVG Protection AVG Zen Beveiligingsupdate voor Windows XP (KB923789) BufferChm BVRP_CUE Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center HydraVision Full Catalyst Control Center Localization All ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Destinations DeviceManagementQFolder DocProc eSupportQFolder Fax FMW 1 Google Toolbar for Internet Explorer Google Update Helper Google+ Auto Backup HD Tune Pro 5.60 HitmanPro 3.7 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Image Zone Express HP Imaging Device Functions 5.3 HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant Malwarebytes Anti-Malware versie 2.2.1.1043 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (Dutch) 12 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Premium NewCopy Picasa 3 PrivaZer ProductContext Ralink Wireless LAN Readme ScannerCopy Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skins SolutionCenter Status TrayApp Unload Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition Visual Studio 2012 x86 Redistributables WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver ==== Running Processes ====================== C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HitmanPro\hmpsched.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\Framework\Common\avgsvcx.exe C:\Program Files\AVG\Av\avgwdsvcx.exe C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AVG\Framework\Common\avguix.exe C:\Program Files\AVG\Av\avgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe C:\Documents and Settings\andre\Bureaublad\zoek.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Documents and Settings\andre\Local Settings\Application Data\CymyDMKn deleted C:\Documents and Settings\andre\Application Data\WinZip\WinZipDU deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\{0EDEE830-20E6-4C1E-9C8A-5A9020119C4E} deleted C:\WINDOWS\System32\SET2D8.tmp deleted C:\WINDOWS\System32\SET2DA.tmp deleted C:\WINDOWS\System32\SET2DE.tmp deleted C:\WINDOWS\System32\SET2E6.tmp deleted C:\WINDOWS\System32\SET2E8.tmp deleted C:\WINDOWS\System32\SET4A.tmp deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\6F63A5880063AD9AD054E6BA7B07D287\6F63A5880063AD9AD054E6BA7B07D287" deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\6F63A5880063AD9AD054E6BA7B07D287\6F63A5880063AD9AD054E6BA7B07D287.ico" deleted "C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe" deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe" deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\6F63A5880063AD9AD054E6BA7B07D287" deleted "C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz" not deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg_Update_0516piz" not deleted ==== System Specs ====================== Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Manufacturer: VIAK8_ - Model: AWRDACPI Install Date: 26/10/2010 18:19:58 Last Boot: 24/09/2016 12:05:48 Processor: AMD Sempron(tm) Processor 3400+ Number of Processors: 1 Work Station Bootmode: Normal boot Total RAM: 511 MB (free 194 MB - 37) Computername: ANDRE-2258F70D1 Domain: WORKGROUP User: andre (Administrator account) Removable Disk: A:\ - - GB (free GB) Local Disk: C:\ - NTFS - 152 GB (free 109 GB) CD \ DVD Drive: D:\ Removable Disk: F:\ - FAT32 - 3 GB (free 3 GB) Bootdevice: \Device\HarddiskVolume1 Windows update: 2016-09-22 01:15:40 Country: België Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG Internet Security On-access scanning disabled (Updated) Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Updated) Firewall: AVG Internet Security disabled Internet Explorer version: 8.0.6001.18702 Flash Player version: 10.1.102.64 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-09-22 19:48:57 D09AFE5F7793418365DADF2B647D05C1 32610 ----a-w- C:\WINDOWS\SchedLgU.Txt 2016-09-20 21:29:02 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2016-09-20 21:29:02 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2016-09-20 21:29:02 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe 2016-09-17 14:04:09 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2016-09-17 14:04:08 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe ====== C:\DOCUME~1\andre\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2016-09-24 06:08:44 E90207AE5C3951D3E209EA59A31ABDA9 268600 ----a-w- C:\WINDOWS\System32\FNTCACHE.DAT 2016-09-18 17:52:02 DDC2FD95F1B3A55CDDD0D91F0D7B3122 13312 ------w- C:\WINDOWS\System32\xp_eos.exe 2016-09-17 19:43:14 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\System32\bootdelete.exe 2016-09-17 19:43:14 282097CD5662379130689E6F5EFB0ED5 2288 ----a-w- C:\WINDOWS\System32\bootdelete.lst 2016-09-17 18:41:16 335C25A1F16F016E463AC3E716D13DE0 20048 ----a-w- C:\WINDOWS\System32\.crusader ====== C:\WINDOWS\system32\drivers ===== 2016-09-17 13:01:26 5023F594D5448E16F920157174C61358 170200 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys 2016-09-17 12:55:47 A1D52DB330E18B5A7A718D31D950CA87 24448 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2016-09-17 12:55:47 24A4B357D906D3CB52F370338FA3B62C 123264 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys ====== C:\WINDOWS\Tasks ====== 2016-09-19 17:55:07 E92B8A8EC935540E3683E5548361BB13 222 ----a-w- C:\WINDOWS\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job 2016-09-19 17:55:03 E984D5549BA8C468A855A05CB85275C6 216 ----a-w- C:\WINDOWS\Tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job 2016-09-14 18:16:59 BAB1C48EE4D229D42C9B3701E17D8A93 508 ----a-w- C:\WINDOWS\Tasks\AVG-SSU_0516piz_DELETE.job 2016-09-14 18:16:46 D000D05EE84F678F6A4B7F7649C9E5A8 424 ----a-w- C:\WINDOWS\Tasks\AVG-SSU_0516piz.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-09-22 15:49:57 -------- d-----w- C:\Program Files\HD Tune Pro 2016-09-21 19:43:08 -------- d-----w- C:\Program Files\PrivaZer 2016-09-17 18:30:14 -------- d-----w- C:\Program Files\HitmanPro 2016-09-14 17:22:47 -------- d-----w- C:\Program Files\AVG ======= C: ===== 2016-09-19 14:56:09 33F3E2FEEF6911AE504FFB40392E3594 1291 ----a-w- C:\AdwCleaner[S1].txt ====== C:\Documents and Settings\andre\Application Data ====== 2016-09-24 06:13:57 DD71CE8297624A6625F24A33DAFE0D4B 69232 ----a-w- C:\Documents and Settings\andre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2016-09-22 15:51:13 -------- d-----w- C:\Documents and Settings\andre\Application Data\HD Tune Pro 2016-09-21 19:43:08 -------- d-----w- C:\Documents and Settings\andre\Menu Start\Programma's\PrivaZer 2016-09-21 19:43:08 -------- d-----w- C:\Documents and Settings\andre\Local Settings\Application Data\PrivaZer 2016-09-17 06:08:05 -------- d-----r- C:\Documents and Settings\andre\Menu Start\Programma's\Systeembeheer 2016-09-15 19:05:22 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\AvgSetupLog 2016-09-14 17:48:21 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG 2016-09-14 17:48:04 -------- d-----w- C:\Documents and Settings\andre\Application Data\AVG 2016-09-14 17:44:45 -------- d-----w- C:\Documents and Settings\andre\Application Data\TuneUp Software 2016-09-14 17:26:01 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg 2016-09-14 17:14:15 -------- d-----w- C:\Documents and Settings\andre\Local Settings\Application Data\AvgSetupLog 2016-09-14 17:14:15 -------- d-----w- C:\Documents and Settings\andre\Local Settings\Application Data\Avg ====== C:\Documents and Settings\andre ====== 2016-09-22 19:11:43 -------- d--h--r- C:\Documents and Settings\andre\Onlangs geopend 2016-09-22 15:48:05 6B0AA7731F1B02850E8EF1739128AC3F 2239373 ----a-w- C:\Documents and Settings\andre\Bureaublad\hdtunepro_560_trial.exe 2016-09-21 19:42:55 8D85A0110AEED20D828A996DCDE46282 7492360 ----a-w- C:\Documents and Settings\andre\Bureaublad\privazer_free.exe 2016-09-19 21:54:00 95835F222CB4888F325149FF3B33952D 1107968 ----a-w- C:\Documents and Settings\andre\Bureaublad\RSIT.exe ====== C: exe-files == 2016-09-22 15:49:57 63ABC2E67A080888AEA74E47C07FA345 714526 ----a-w- C:\Program Files\HD Tune Pro\unins000.exe 2016-09-22 15:49:57 5272AF9FB4E95CF6A0E748A0EFBB295C 970752 ----a-w- C:\Program Files\HD Tune Pro\HDTuneProDriveStatus.exe 2016-09-22 15:49:57 46BD9CBA3AC8D4359371F5113E4AFAA6 1363968 ----a-w- C:\Program Files\HD Tune Pro\HDTunePro.exe 2016-09-22 15:48:05 6B0AA7731F1B02850E8EF1739128AC3F 2239373 ----a-w- C:\Documents and Settings\andre\Bureaublad\hdtunepro_560_trial.exe 2016-09-21 19:43:08 DB3490AE5FE892D7FE39CD34EB5E18DF 14940936 ----a-w- C:\Program Files\PrivaZer\PrivaZer.exe 2016-09-21 19:43:08 76018EBA1073B917576475509AF3ACED 430856 ----a-w- C:\Program Files\PrivaZer\patch.exe 2016-09-21 19:43:08 60FF28274D0A80E2A8201B4CA6BC6EFB 417032 ----a-w- C:\Program Files\PrivaZer\privazer_start.exe 2016-09-21 19:42:55 8D85A0110AEED20D828A996DCDE46282 7492360 ----a-w- C:\Documents and Settings\andre\Bureaublad\privazer_free.exe 2016-09-20 21:29:02 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2016-09-20 21:29:02 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2016-09-20 21:29:02 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe 2016-09-19 21:54:00 95835F222CB4888F325149FF3B33952D 1107968 ----a-w- C:\Documents and Settings\andre\Bureaublad\RSIT.exe 2016-09-18 17:52:02 DDC2FD95F1B3A55CDDD0D91F0D7B3122 13312 -c----w- C:\WINDOWS\system32\dllcache\xp_eos.exe 2016-09-18 17:52:02 DDC2FD95F1B3A55CDDD0D91F0D7B3122 13312 ------w- C:\WINDOWS\system32\xp_eos.exe 2016-09-17 19:43:14 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\system32\bootdelete.exe 2016-09-17 18:30:16 191BF03BD03C8358CD4997FE69EC46B7 113632 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2016-09-17 18:30:14 B2BB28672194FFA219DA880E96B55BC0 10998608 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2016-09-17 14:04:09 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2016-09-17 14:04:08 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2016-09-17 12:39:30 A7F23CEE98F3D87BF32669E8C8097BCC 316072 ----a-w- C:\anti virus\AdwCleaner\quarantine\files\wpztvomorauvacldbacxbfayeznrpsko\updater\amd64Helper\DriverUpdateHelper64.exe 2016-09-17 12:39:29 F517C8122F6538F31A13C68E21821799 155816 ----a-w- C:\anti virus\AdwCleaner\quarantine\files\wpztvomorauvacldbacxbfayeznrpsko\updater\extract\7z.exe 2016-09-17 12:39:27 D279B2323DE7B635B3CF0BE9B4285224 1193640 ----a-w- C:\anti virus\AdwCleaner\quarantine\files\wpztvomorauvacldbacxbfayeznrpsko\unins000.exe 2016-09-17 12:37:44 5B40616649F4E9BA178E3809BBF3F5E9 265752 ----a-w- C:\anti virus\AdwCleaner\quarantine\files\ajtoheynzfcgutzlidickrgjwiklgyvv\bar\3.bin\AppIntegrator64.exe 2016-09-17 12:28:22 B2BB28672194FFA219DA880E96B55BC0 10998608 ----a-w- C:\anti virus\avg\HitmanPro35.exe 2016-09-17 12:28:19 D0C3F0827A1CC0107E5D42E23F664A84 3861056 ----a-w- C:\anti virus\avg\AdwCleaner.exe 2016-09-17 12:28:17 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\anti virus\avg\mbam-setup-2.2.1.1043.exe === C: other files == 2016-09-24 10:13:56 5DC4049531E5F0F4A0E8AF294C3D5430 2785 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\persist.zip 2016-09-24 06:38:28 0D29B7C56F416B09D4BBBD17AAB7C535 119564 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p12\submit.zip 2016-09-21 20:43:50 D73753D4A5ADC2BDA22E8B8BBA19E0AC 255118 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p7\submit.zip 2016-09-21 19:43:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\andre\Local Settings\Application Data\PrivaZer\data_patch.tmp.doc.zip 2016-09-21 19:05:21 A70C0F73322F4A9961BFD11A3F52CD93 987454 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p6\submit.zip 2016-09-21 17:53:08 DC6D32B2B582AA4AC45DCB4B971A2B6B 206036 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p2\submit.zip 2016-09-21 11:19:40 CC267618B484622ED26D12089A94267B 1111350 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p5\submit.zip 2016-09-20 21:27:52 63631FABC0E510068C3FF72565FBB480 276927 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p1\submit.zip 2016-09-20 21:27:51 530FC89D0A8B132DE523E3BB47E90AA5 276928 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p0\submit.zip 2016-09-20 21:26:30 EE61362B5554AC0A4E00678650F9513F 1100976 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p4\submit.zip 2016-09-20 21:23:10 88373CDCFFA6AA3AA4C4C929041A308A 895141 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p8\submit.zip 2016-09-20 21:22:21 6A8A05C4BA09315C37B33B080DDED668 234234 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p13\submit.zip 2016-09-20 21:22:20 9E72D7C17C12C477E22150724EECB672 234219 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p11\submit.zip 2016-09-20 21:18:06 7384EEAD20C34C630BBA27D07A5D7329 255106 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p3\submit.zip 2016-09-20 17:53:06 B26887FC214A650BA91AF305A2CBFAB0 244288 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p10\submit.zip 2016-09-20 17:48:14 424CFE6B919AB4FE4B683CEBA608A6DC 506359 ----a-w- C:\Documents and Settings\All Users\Application Data\Avg\AV\IDS\outbox\p9\submit.zip 2016-09-17 14:06:05 9B972E1C48006579876BBE65CD9FF498 7128 ----a-w- C:\Qoobox\BackEnv\SetPath.bat 2016-09-17 13:01:26 5023F594D5448E16F920157174C61358 170200 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 2016-09-17 12:55:47 A1D52DB330E18B5A7A718D31D950CA87 24448 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2016-09-17 12:55:47 24A4B357D906D3CB52F370338FA3B62C 123264 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" "Google Update"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" "Google Photos Backup"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart" [HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" "Google Update"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" "Google Photos Backup"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AvgUi"="C:\Program Files\AVG\Framework\Common\avguirnx.exe /lps=fmw" "AVG_UI"="C:\Program Files\AVG\Av\avuirunnerx.exe C:\Program Files\AVG\Av\avgui.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSMSGS" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\AVG-SSU_0516piz.job --a------ C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe [] C:\WINDOWS\tasks\AVG-SSU_0516piz_DELETE.job --a------ C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/08/2015 21:44] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/08/2015 21:44] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job --a------ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [08/02/2014 00:37] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job --a------ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [08/02/2014 00:37] C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job --ah----- C:\Program Files\Microsoft Security Client\MpCmdRun.exe [20/06/2013 18:05] C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job --a------ [Undetermined Task] C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job --a------ C:\WINDOWS\system32\xp_eos.exe [27/02/2014 01:28] C:\WINDOWS\tasks\User_Feed_Synchronization-{6B271EA5-D300-472C-8ED7-85C2D4B61B06}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [25/11/2010 23:59] ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.ask.be/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.ask.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_nl" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Google Photos Backup] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288111720621 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgwdsvcx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\andre\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=74 folders=12 9300292 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully C:\Documents and Settings\andre\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\Documents and Settings\TEMP\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\andre\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\andre\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz" not found "C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg_Update_0516piz" not found ==== EOF on za 24/09/2016 at 17:29:10,65 ======================