Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Wouter on ma 26/12/2016 at 11:54:04,49. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wouter\Downloads\zoek (12).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-12-25-192230.log 35160 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Wouter\Downloads\zoek (12).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 -HKCU\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} -HKCU\SearchScopes\{42B87CD3-B1F9-4B73-8308-6CC088A705A8} -HKCU\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} ==== Deleting Files \ Folders ====================== ==== System Specs ====================== Windows: Windows 7 Enterprise Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4091 MB CPU Info: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz CPU Speed: 2526,5 MHz Sound Card: Speakers (High Definition Audio | Digital Audio (S/PDIF) (High De | Display Adapters: ATI Mobility Radeon HD 3650 | ATI Mobility Radeon HD 3650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | LogMeIn Mirror Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller | Intel(R) WiFi Link 5100 AGN CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GSA-T50N Ports: COM3 | COM6 | COM7 | COM10 | COM11 | COM12 | COM13 | COM14 | COM20 | COM21 | COM22 | COM40 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 298,0GB | E: 149,4GB | G: 1,5GB | H: 147,2GB Hard Disks - Free: C: 115,5GB | E: 149,3GB | G: 1,4GB | H: 88,4GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 11/28/08 | TOSQCI - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: TOSHIBA Satellite P300 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 55.0.2883.87 Internet Explorer Version: 11.0.9600.18376 Google Chrome version: 55.0.2883.87 Sun Java version: 1.8.0_111 (32-bit) Sun Java version: 1.8.0_111 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Wouter\AppData\Local\Temp ==== 2016-12-26 10:47:01 5A16EC08A4D55400C513606AAFEE797F 73728 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-fccd3f7f.exe 2016-12-25 22:04:23 FA9CE1F96C04F1049BAFF836A5A65100 1458176 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-eed492a8.exe 2016-12-25 19:40:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-4fab66b3.exe 2016-12-25 19:20:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-60db8c70.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-12-05 18:28:01 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2016-12-05 18:27:18 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2016-12-05 18:27:18 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2016-12-05 18:27:18 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2016-11-29 19:38:51 9E4F6C131443AD9B3F447B69EA09A229 3032 ----a-w- C:\Windows\Sysnative\Tasks\{F3A7F863-2307-494F-A610-B55D651E06C5} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-12-22 17:48:37 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-11-29 19:42:00 -------- d--h--w- C:\PROGRA~2\InstallShield Installation Information ======= C: ===== ====== C:\Users\Wouter\AppData\Roaming ====== 2016-12-25 19:19:25 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2016-12-25 19:19:25 -------- d-----w- C:\Users\LogMeInRemoteUser\AppData\Local\Temp 2016-12-25 19:19:25 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2016-12-25 19:19:25 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2016-12-25 19:19:24 -------- d-----w- C:\Users\Wouter\AppData\Local\Temp ====== C:\Users\Wouter ====== 2016-12-25 18:41:00 6401CEADA81BDD42CC8FA60A02DC2BC0 737344 ----a-w- C:\Users\Wouter\Downloads\chromeinstall-8u111.exe 2016-12-22 17:48:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Wouter\Downloads\RSITx64.exe 2016-11-29 20:15:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade 2016-11-29 19:42:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters ====== C: exe-files == 2016-12-26 10:47:01 5A16EC08A4D55400C513606AAFEE797F 73728 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-fccd3f7f.exe 2016-12-26 10:43:57 A01D05F7C7D2A73F298B0C2123C3E835 1384792 ----a-w- C:\Windows\Temp\CR_33DDA.tmp\setup.exe 2016-12-26 10:43:56 0EAB7D2ED0072DC8FC7F7F1791BB23A9 13800312 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\55.0.2883.87\55.0.2883.87_54.0.2840.71_chrome_updater.exe 2016-12-25 22:04:23 FA9CE1F96C04F1049BAFF836A5A65100 1458176 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-eed492a8.exe 2016-12-25 19:40:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-4fab66b3.exe 2016-12-25 19:20:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-60db8c70.exe 2016-12-25 18:42:37 ED141A08605AF568747C8F418170FC06 159296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\unpack200.exe 2016-12-25 18:42:37 6DDA1D127FD0C4B8F93307E6D52B1ABD 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\tnameserv.exe 2016-12-25 18:42:37 5F2D0025CB3C078E0AAB83E1430827C6 52800 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssvagent.exe 2016-12-25 18:42:37 490D67C45EE587B06833ADA0811F241B 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\servertool.exe 2016-12-25 18:42:36 F38FB008B3816D9585F10A7D2CC22DF1 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\orbd.exe 2016-12-25 18:42:36 EBF20DDA7DDA14BBD1F6F2F1B37BC113 83008 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2launcher.exe 2016-12-25 18:42:36 B8EDC4631E2B5D7AE9E626690F6506FF 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\rmid.exe 2016-12-25 18:42:36 A1AD424B821EB9878B985AB43253DCA0 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\keytool.exe 2016-12-25 18:42:36 8448994199BEE00F4C40A561AE77672F 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\kinit.exe 2016-12-25 18:42:36 65E94EC48AE31838C8F6F2F4FC59AB44 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\pack200.exe 2016-12-25 18:42:36 487C48AA28B0DC99A387F31E7764ABFB 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jjs.exe 2016-12-25 18:42:36 3FAF0C9A1D59F5D196C0578839A00EFE 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\policytool.exe 2016-12-25 18:42:36 391D35229BF096E04FEE6F8520DC3B21 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\klist.exe 2016-12-25 18:42:36 1D623A885163D6BA50175987B4BB9450 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\rmiregistry.exe 2016-12-25 18:42:36 09C754EFAEE0DA93817D5DC0A5FFE8B4 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\ktab.exe 2016-12-25 18:42:35 C2B897032A8604E1827B0CD07EBB3306 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\java-rmi.exe 2016-12-25 18:42:35 C07D4839606118BBF7C5153FF171301C 70208 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe 2016-12-25 18:42:35 A90E29C3839ED2141F80670A3DB32F69 191552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe 2016-12-25 18:42:35 5A92988B4DEC8EAFE62F7D2DBE8AB620 269888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe 2016-12-25 18:42:35 1B7F15EA9DA5322698988698C7D58959 191040 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe 2016-12-25 18:42:35 1598CF2FAD014E95975560929F578E05 30784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jabswitch.exe 2016-12-25 18:41:00 6401CEADA81BDD42CC8FA60A02DC2BC0 737344 ----a-w- C:\Users\Wouter\Downloads\chromeinstall-8u111.exe 2016-12-22 17:48:37 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Wouter.exe 2016-12-22 17:48:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Wouter\Downloads\RSITx64.exe === C: other files == 2016-12-25 18:42:38 467720B73E839ED66826EAF59C9A59E7 14156 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2610777763-104077107-2974326002-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpybotPostWindows10UpgradeReInstall" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\AV\\Spybot - Search and Destroy\\Test.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] ==== Startup Folders ====================== 2016-11-07 08:16:31 956 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:03] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:03] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8E05FDA0-9362-4B2E-A7E4-815B326E8F8A}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Wouter\AppData\Roaming\TomTom\HOME\Profiles\w0rk5cy2.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions poimdfnhgefmnkeefbjibbiemlimdnof - No path found[] Chrome Web Store Payments - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - No_Url_Value HKCU\SearchScopes\{42B87CD3-B1F9-4B73-8308-6CC088A705A8} - No_Url_Value HKCU\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} - No_Url_Value ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=45 folders=81 15154742 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully C:\Users\Wouter\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wouter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-6E-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on ma 26/12/2016 at 12:40:46,40 ======================