Zoek.exe v5.0.0.1 Updated 12-December-2015 Tool run by Boonen-Janssen LT on zo 13-12-2015 at 9:21:08,32. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Boonen-Janssen LT\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-12-09-193218.log 7270 bytes C:\zoek-results2015-12-09-194652.log 533 bytes ==== Empty Folders Check ====================== C:\Users\Boonen-Janssen LT\AppData\Local\NetworkTiles deleted successfully C:\Users\Boonen-Janssen LT\AppData\Local\NokiaAccount deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2224847367-241674632-2506324913-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A888713-BD76-4656-A195-DC57DFD1E840} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== D:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\SysWOW64\IoctlSvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe D:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Users\Boonen-Janssen LT\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] ==== Deleting Files \ Folders ====================== "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" not found C:\PROGRA~3\HPs deleted C:\PROGRA~3\HP deleted C:\PROGRA~2\Raptr deleted C:\PROGRA~3\Premium deleted C:\Users\Boonen-Janssen LT\AppData\LocalLow\Conduit deleted C:\PROGRA~2\GUT3208.tmp deleted C:\PROGRA~2\GUM3207.tmp deleted C:\PROGRA~2\Alawar.co.nl deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\found.000 deleted C:\PROGRA~3\AlawarWrapper deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\{E6DC2030-847C-4CAF-99E0-D923DE89C4DE} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Boonen-Janssen LT\AppData\Local\Unity deleted C:\Users\Boonen-Janssen LT\AppData\Local\iConvertor deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Boonen-Janssen LT\AppData\LocalLow\Unity deleted C:\END deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\Syswow64\ConduitEngine.tmp deleted C:\WINDOWS\Syswow64\tmpEEE6.tmp deleted C:\WINDOWS\Syswow64\tmpEEF7.tmp deleted C:\Users\Public\Documents\AlawarWrapper deleted E:\Boonen-Janssen\Downloads\Setup.exe deleted "C:\Windows\Installer\9455d.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3957 MB CPU Info: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz CPU Speed: 2528,8 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: AMD Mobility Radeon HD 5000 Series | AMD Mobility Radeon HD 5000 Series Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: WatchGuard Secure Client Virtual NDIS6 Adapter | Broadcom 802.11n-netwerkadapter | Broadcom NetLink (TM) Gigabit Ethernet | Microsoft Wi-Fi Direct Virtual Adapter CD / DVD Drives: 2x (I: | J: | ) I: TSSTcorpCDDVDW TS-L633C | J: ELBY CLONEDRIVE Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 97,6GB | D: 117,2GB | E: 117,2GB | F: 117,2GB | G: 117,2GB | H: 118,9GB Hard Disks - Free: C: 26,4GB | D: 102,6GB | E: 36,0GB | F: 93,0GB | G: 109,7GB | H: 117,6GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 06/21/10 | Ver 1.00PARTTBL Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire 7741 Country: Nederland Language: NLD ==== System Specs (Software) ====================== FW: WatchGuard Mobile VPN Firewall *Disabled* Default Browser: Firefox 40.0.3 Internet Explorer Version: 11.0.10240.16431 Mozilla Firefox version: 39.0 (x86 nl) Adobe Reader version: 11.0.13.17 Sun Java version: 1.8.0_65 (32-bit) Sun Java version: 1.8.0_65 (64-bit) Flash Player version: 19.0.0.245 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\BOONEN~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-12-13 08:17:05 43A13A034EF7B0AFE976F2E58EA8B5C9 16148 ----a-w- C:\WINDOWS\Sysnative\BOJALAPTOP_Boonen-Janssen LT_HistoryPrediction.bin ====== C:\WINDOWS\Sysnative\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-12-03 18:37:44 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-11-16 06:38:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Boonen-Janssen LT\AppData\Roaming ====== 2015-11-16 13:45:13 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\dcpsvc 2015-11-14 17:44:02 -------- d-----w- C:\Users\Boonen-Janssen LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Boonen-Janssen LT ====== 2015-12-03 17:29:41 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\.oracle_jre_usage 2015-11-16 06:38:26 -------- d-----w- C:\Users\Boonen-Janssen LT\.oracle_jre_usage ====== C: exe-files == 2015-12-13 08:18:34 AD60A39A820804E89BC2EAD599ED94E1 8067784 ----a-w- C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe 2015-12-13 08:18:34 AD60A39A820804E89BC2EAD599ED94E1 8067784 ----a-w- C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\OneDriveSetup.exe 2015-12-13 08:18:20 EB0965F7AE1394C0A3165A5E9A32C44D 164040 ----a-w- C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe 2015-12-13 08:18:13 2DB7D5B28812523AAF17F71A8EB4832E 171712 ----a-w- C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe === C: other files == 2015-12-13 08:18:13 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2224847367-241674632-2506324913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "HP Officejet Pro 276dw MFP (NET)"="C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe -deviceID CN35U13G2F:NW -scfn HP Officejet Pro 276dw MFP (NET) -AutoStart 1" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Dropbox Update"="C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-2224847367-241674632-2506324913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "Standby"="C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe -START" "NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "AllShareAgent"="C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AvastUI.exe"="D:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "HP Officejet Pro 276dw MFP (NET)"="C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe -deviceID CN35U13G2F:NW -scfn HP Officejet Pro 276dw MFP (NET) -AutoStart 1" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Dropbox Update"="C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" "Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "PocketCloud Location"="C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NcpBudgetGui] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NcpBudgetGui" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\WatchGuard\\Mobile VPN\\NcpBudgetGui.exe\" -start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NcpMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NcpMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\WatchGuard\\Mobile VPN\\ncpmon.exe\" autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NcpPopup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NcpPopup" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\WatchGuard\\Mobile VPN\\ncppopup.exe\" noerrmsg" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NcpRsuGui] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NcpRsuGui" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\WatchGuard\\Mobile VPN\\rwsrsu.exe\" -gui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VirtualCloneDrive" "hkey"="HKLM" "command"="\"D:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\202B13~1.181\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-11-2015 09:04] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2224847367-241674632-2506324913-1000Core.job --a-------- C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe [07-07-2015 08:31] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2224847367-241674632-2506324913-1000UA.job --a-------- C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe [07-07-2015 08:31] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02-09-2015 19:29] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02-09-2015 19:29] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-BojaLaptop-Boonen-Janssen LT" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2224847367-241674632-2506324913-1000Core" [C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2224847367-241674632-2506324913-1000UA" [C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HP AR Program Upload - 0a4e4dbb87544b8c9437e706a9ebd9c890d983c41b7740ca934499f9d2a74455" [C:\Program Files\HP\HP Officejet Pro 276dw MFP\bin\HPRewards.exe] "C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{BC10E438-10C4-4468-9EFF-42253963F0A7}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{750C710B-C7B9-45BA-84D3-DB49313CC3C8}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\BOONEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\hp6jwp7g.default-1427295258352 - FxIF - %ProfilePath%\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Boonen-Janssen LT\AppData\Roaming\Mozilla\Firefox\Profiles\hp6jwp7g.default-1427295258352 F114FBA6246530B89DD1E04351E0EAC5 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Boonen-Janssen LT\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Boonen-Janssen LT\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\BOONEN~1\AppData\Local\Temp\crx6D35.tmp[] gomekmidlodglbbmalcneegieacbdmki - D:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[30-03-2015 19:11] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.com/?trackid=sp-006" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms} HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - No_Url_Value HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED77BE5C789DA434DB25DEDB12DDD18A deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5B21EB80-0CCA-91C0-D67C-5F6E6EBF6342} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5EB77DE-D987-434A-BD52-EDBD21DD1DA8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ED77BE5C789DA434DB25DEDB12DDD18A deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AvastUI.exe] "D:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [HP Officejet Pro 276dw MFP (NET)] "C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe" -deviceID "CN35U13G2F:NW" -scfn "HP Officejet Pro 276dw MFP (NET)" -AutoStart 1 O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Boonen-Janssen LT\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [OneDrive] "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5892.0626" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: Inktwaarschuwingen controleren - HP Officejet Pro 276dw MFP PCL 6 (netwerk).lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files (x86)\Microsoft Visual Studio 8\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Boonen-Janssen LT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe O23 - Service: NcpSec - Unknown owner - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: rwsrsu - Unknown owner - C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe O23 - Service: Wyse Remote Access (WyseRemoteAccess) - Wyse Technology. - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Boonen-Janssen LT\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Boonen-Janssen LT\AppData\Local\Mozilla\Firefox\Profiles\hp6jwp7g.default-1427295258352\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1704 folders=385 246633144 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\BOONEN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 13-12-2015 at 9:58:41,01 ======================