Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Astrid on vr 19-02-2016 at 19:13:46,63. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Astrid\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 19-2-2016 19:17:09 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\Astrid\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Astrid\AppData\Local\EmieSiteList deleted successfully C:\Users\Astrid\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Aangifte inkomstenbelasting 2014 Aangifte inkomstenbelasting voor ondernemers 2013 Aangifte inkomstenbelasting voor ondernemers 2014 Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Refresh Manager Adobe Shockwave Player 12.1 Alcor Micro USB Card Reader Brother MFL-Pro Suite DCP-J140W CCleaner CyberLink PhotoDirector 3 CyberLink PowerDirector 10 Dolby Digital Plus Advanced Audio DYMO Label v.8 Energy Manager Google Chrome Google Update Helper IDT Audio Intel Collaborative Processor Performance Control Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel© Trusted Connect Service Client Lenovo App Shop Lenovo EasyCamera Lenovo OneKey Recovery Lenovo PowerDVD10 Lenovo Solution Center Microsoft Office 365 - nl-nl Microsoft OneDrive Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Mozilla Maintenance Service Mozilla Thunderbird 38.5.0 (x86 nl) Mozilla Thunderbird 38.5.1 (x86 nl) Office 16 Click-to-Run Extensibility Component Office 16 Click-to-Run Licensing Component Office 16 Click-to-Run Localization Component paint.net Power2Go Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Client Installation Program Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver swMSM Synaptics Pointing Device Driver Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD UserGuide Verzoek of wijziging voorlopige aanslag 2015 Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Astrid\Downloads\zoek.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 4021 MB CPU Info: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz CPU Speed: 2543,3 MHz Sound Card: Speakers (IDT High Definition A | Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth-apparaat (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30) | Qualcomm Atheros AR9485WB-EG Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8E1 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 423,5GB | D: 25,0GB Hard Disks - Free: C: 378,8GB | D: 23,1GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | | LENOVO - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: LENOVO Ginkgo 7A1 Country: Nederland Language: NLD ==== System Specs (Software) ====================== AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 48.0.2564.116 Internet Explorer Version: 11.0.9600.18205 Google Chrome version: 48.0.2564.116 Adobe Reader version: 15.10.20056.167417 Shockwave Player version: 12.1r150 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\Astrid\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2016-02-10 14:52:26 E0F8B86E21CE366C41FD641A5904B399 2280448 ----a-w- C:\windows\SysWOW64\iertutil.dll 2016-02-10 14:52:26 05DC4CD07D10626D4EF38AB7A9F45771 1312256 ----a-w- C:\windows\SysWOW64\urlmon.dll 2016-02-10 14:52:23 5AA6B93A3561DD11BE89A0E994C78B9E 20366848 ----a-w- C:\windows\SysWOW64\mshtml.dll 2016-02-10 14:52:21 C65C32F73DB0FF40CD0B07A378ED7E31 12857856 ----a-w- C:\windows\SysWOW64\ieframe.dll 2016-02-10 12:49:12 A755B7648C50DF4ECADF382D7BE3AA36 12879360 ----a-w- C:\windows\SysWOW64\twinui.dll 2016-02-10 12:49:11 A6E09F1FC2FC2C0FC24D95A42FE51F1D 19794896 ----a-w- C:\windows\SysWOW64\shell32.dll 2016-02-10 12:49:10 3EB29F6CCA06D9FE59247663FA3B8FAA 2464256 ----a-w- C:\windows\SysWOW64\authui.dll 2016-02-10 12:48:45 FFBA16380D7EF0F04269868FCE5441BD 702976 ----a-w- C:\windows\SysWOW64\CPFilters.dll 2016-02-10 12:48:45 43D1E548DF6B92D76EDA39DF70917BC6 443392 ----a-w- C:\windows\SysWOW64\EncDec.dll 2016-02-10 12:48:44 EDDC08162E623EA9E109F12E26456FD9 116736 ----a-w- C:\windows\SysWOW64\mtxoci.dll 2016-02-10 12:48:44 2DE5AB807DC8237896FBCD950FB38F6F 162304 ----a-w- C:\windows\SysWOW64\msorcl32.dll 2016-02-10 12:48:43 AF9D04B9416E7FFCAA089A66468BAFC2 48640 ----a-w- C:\windows\SysWOW64\cfgbkend.dll 2016-02-10 12:48:42 B4FF23664A957548EC9BCB4FA650B6FF 5267968 ----a-w- C:\windows\SysWOW64\glcndFilter.dll 2016-02-10 12:48:42 09D57FA7B35C8E9E96F59427FB18D022 5264384 ----a-w- C:\windows\SysWOW64\Windows.Data.Pdf.dll 2016-02-10 12:48:40 11201AFBFCD805C677F52ED218197855 801792 ----a-w- C:\windows\SysWOW64\kerberos.dll 2016-02-10 12:48:39 C849F90CAF051924801384FBB0FEFF54 324096 ----a-w- C:\windows\SysWOW64\certcli.dll 2016-02-10 12:48:39 C3AE667F60E043515838AB868C9B0E5B 332640 ----a-w- C:\windows\SysWOW64\msv1_0.dll 2016-02-10 12:48:21 E6D8EB6E4EC09FF1E5FCDF9E441BC176 1501496 ----a-w- C:\windows\SysWOW64\ntdll.dll 2016-02-10 12:48:21 D311D7DCBA4A99BA5926F7EA09DCD23A 1564496 ----a-w- C:\windows\SysWOW64\combase.dll 2016-02-10 12:48:20 F595E51368FAEC71AAC9B760D0D855F5 548024 ----a-w- C:\windows\SysWOW64\WinTypes.dll 2016-02-10 12:48:20 617FF0BD5DC7C898E586375A877683D4 267776 ----a-w- C:\windows\SysWOW64\wincorlib.dll 2016-02-10 12:48:20 26BB48A84F5DE67EECF0F0EDE2C37A12 862720 ----a-w- C:\windows\SysWOW64\KernelBase.dll 2016-02-10 12:48:12 CB4959DB1E0D9D60FB271474DFDE303C 4611072 ----a-w- C:\windows\SysWOW64\jscript9.dll 2016-02-10 12:48:09 5CB71C6DB91BAC78E1F0E9953CAB8969 2120704 ----a-w- C:\windows\SysWOW64\wininet.dll 2016-02-10 12:48:07 B17F56307DFA36A21B67B4310563338E 99328 ----a-w- C:\windows\SysWOW64\hlink.dll 2016-02-10 12:48:07 6483EA614DA752566A20EC8CB20E7B3F 2050560 ----a-w- C:\windows\SysWOW64\inetcpl.cpl 2016-02-10 12:48:06 6F24910AC7C489AEBC9B07B1C7B95055 687104 ----a-w- C:\windows\SysWOW64\msfeeds.dll 2016-02-10 12:48:05 642BD93492ED41958C87BA96C75D0D93 880128 ----a-w- C:\windows\SysWOW64\inetcomm.dll 2016-02-10 12:48:05 2C85E92BD606792E95E32034D9C813B1 325632 ----a-w- C:\windows\SysWOW64\iedkcs32.dll 2016-02-10 12:48:05 11733FDE983323DD1F7493B5576FC84F 230400 ----a-w- C:\windows\SysWOW64\webcheck.dll 2016-02-10 12:48:04 A5E6C79B466BBEB5795F59E1B1DE634C 663552 ----a-w- C:\windows\SysWOW64\jscript.dll 2016-02-10 12:48:04 9A974C50E003639FED1F4540D606277E 496640 ----a-w- C:\windows\SysWOW64\vbscript.dll 2016-02-10 12:48:04 8C4AF7FA8E097BEE33AD430D335F942A 710144 ----a-w- C:\windows\SysWOW64\ieapfltr.dll 2016-02-10 12:47:55 D52676C1A7D6F864CA859FF4C6EC4399 578048 ----a-w- C:\windows\SysWOW64\WinSync.dll 2016-02-10 12:47:47 E65322F4FB047A40223C6A0F100AEEB6 726528 ----a-w- C:\windows\SysWOW64\wuapi.dll 2016-02-10 12:47:46 4E7B1A434629210E4526925F6D06D5DC 124928 ----a-w- C:\windows\SysWOW64\wuwebv.dll 2016-02-10 12:47:45 3CCAAF87448B781B2F7B5F36D5F5D349 81920 ----a-w- C:\windows\SysWOW64\wudriver.dll 2016-02-10 12:47:43 C927AA3F81FF8F8DD78D41A32371E7AB 29696 ----a-w- C:\windows\SysWOW64\wuapp.exe ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2016-02-10 14:52:26 7B755E401A318D3136948C72CD8AAB32 2887680 ----a-w- C:\windows\Sysnative\iertutil.dll 2016-02-10 14:52:26 748391D06E84EA371ADE4B10E38D54E9 25839104 ----a-w- C:\windows\Sysnative\mshtml.dll 2016-02-10 14:52:25 D7733D44A51BD06CD3D4E8EFFA00F1DB 1547264 ----a-w- C:\windows\Sysnative\urlmon.dll 2016-02-10 14:52:21 1162B324D878C71ADFB97392888266E7 14458368 ----a-w- C:\windows\Sysnative\ieframe.dll 2016-02-10 12:49:16 D179A1D171B61E7920D71F335030B373 22365992 ----a-w- C:\windows\Sysnative\shell32.dll 2016-02-10 12:49:14 D166F87519CECBC128B6B06E625B57A7 14467072 ----a-w- C:\windows\Sysnative\twinui.dll 2016-02-10 12:49:10 3F0B93D11213ACFB79BC68ABEA01ED59 2778624 ----a-w- C:\windows\Sysnative\authui.dll 2016-02-10 12:48:47 E10DA16D3BE0CD311B5F32A1550FEAFE 1162240 ----a-w- C:\windows\Sysnative\aeinv.dll 2016-02-10 12:48:47 A6E72DCF9A575C56021037C0500D8396 499200 ----a-w- C:\windows\Sysnative\devinv.dll 2016-02-10 12:48:47 8451F5DB58916753D1574F394931B2CA 677376 ----a-w- C:\windows\Sysnative\generaltel.dll 2016-02-10 12:48:47 82D7242A67CCE28D3676F09BDCC71137 33472 ----a-w- C:\windows\Sysnative\CompatTelRunner.exe 2016-02-10 12:48:47 497DA176FCEAEC2D3C0F8664474FEA3F 1362944 ----a-w- C:\windows\Sysnative\appraiser.dll 2016-02-10 12:48:47 3D71FAD5B40B3249333C6AEF4F889C61 696320 ----a-w- C:\windows\Sysnative\invagent.dll 2016-02-10 12:48:46 9F50126D50691F89C3ADD4A3060D41EF 76800 ----a-w- C:\windows\Sysnative\acmigration.dll 2016-02-10 12:48:45 CE796CD6AE31935582D0D73CAF00B3E7 898048 ----a-w- C:\windows\Sysnative\CPFilters.dll 2016-02-10 12:48:45 A807C7B73D28A5B6F9A0EF0715BADA7F 166400 ----a-w- C:\windows\Sysnative\mtxoci.dll 2016-02-10 12:48:45 164A9C7B031FFDEA44E8D74F63B30EE2 532480 ----a-w- C:\windows\Sysnative\EncDec.dll 2016-02-10 12:48:44 2C8ABF1E898B87638A348A270A21F192 62464 ----a-w- C:\windows\Sysnative\cfgbkend.dll 2016-02-10 12:48:43 82258C44F2FC31F3EC7C41C22F37C636 7783936 ----a-w- C:\windows\Sysnative\Windows.Data.Pdf.dll 2016-02-10 12:48:43 4DB064567F065FF35276CD9CEA82A561 7075328 ----a-w- C:\windows\Sysnative\glcndFilter.dll 2016-02-10 12:48:41 0232AD2EEE29DD534923AA87AFD46F37 4175872 ----a-w- C:\windows\Sysnative\win32k.sys 2016-02-10 12:48:40 624C434D9F21CA22AF2790CA0C801C52 987648 ----a-w- C:\windows\Sysnative\kerberos.dll 2016-02-10 12:48:39 6451A8D3B01FE7F5EC65D494F90B5015 442720 ----a-w- C:\windows\Sysnative\msv1_0.dll 2016-02-10 12:48:39 5C54D12F677944D7B0F18881BB4A4AB6 186880 ----a-w- C:\windows\Sysnative\dpapisrv.dll 2016-02-10 12:48:39 28F26BD7FC676C3334EFA25CA1E9B9CA 1442304 ----a-w- C:\windows\Sysnative\lsasrv.dll 2016-02-10 12:48:39 1AA07146A981E503ADFD051AB529A36A 445440 ----a-w- C:\windows\Sysnative\certcli.dll 2016-02-10 12:48:22 70C3D2CB0F2B1AA107C1C921FF1B866E 7453024 ----a-w- C:\windows\Sysnative\ntoskrnl.exe 2016-02-10 12:48:21 AA27B64DAABE8CFB1E1EC72614C994A8 1133744 ----a-w- C:\windows\Sysnative\KernelBase.dll 2016-02-10 12:48:21 8FA553FDB706E0DCBA7A3883B3C0C13E 2175008 ----a-w- C:\windows\Sysnative\combase.dll 2016-02-10 12:48:21 7F75A6AE89BFB8EA222AD3F8383FD326 1737088 ----a-w- C:\windows\Sysnative\ntdll.dll 2016-02-10 12:48:20 F57F30C73B33A11D094C24DA765EEA99 246784 ----a-w- C:\windows\Sysnative\microsoft-windows-system-events.dll 2016-02-10 12:48:20 452880B7F8B9F670066F8C26EF2A49AE 1063464 ----a-w- C:\windows\Sysnative\WinTypes.dll 2016-02-10 12:48:13 2465699318A732E42243FDA8B9E53EBD 6052352 ----a-w- C:\windows\Sysnative\jscript9.dll 2016-02-10 12:48:10 CB10939701B2B334E5AC019823FD43EF 2597376 ----a-w- C:\windows\Sysnative\wininet.dll 2016-02-10 12:48:08 855087A6E66B7F26DDB4DD0AAC8F2002 798208 ----a-w- C:\windows\Sysnative\msfeeds.dll 2016-02-10 12:48:08 5559A8F6D77F746D9A07C2107A1E1D2E 108544 ----a-w- C:\windows\Sysnative\hlink.dll 2016-02-10 12:48:08 31BFBD55D80391FE1F57C5F08520AB19 2123264 ----a-w- C:\windows\Sysnative\inetcpl.cpl 2016-02-10 12:48:07 FBAC94D8531BEBC749F20C2573CA3F30 2880000 ----a-w- C:\windows\Sysnative\actxprxy.dll 2016-02-10 12:48:05 AB1B212158B9AD53E859D4AB8E600C85 1032704 ----a-w- C:\windows\Sysnative\inetcomm.dll 2016-02-10 12:48:05 670C2C5BD632E0D28C05CBE924FB6F81 372224 ----a-w- C:\windows\Sysnative\iedkcs32.dll 2016-02-10 12:48:05 30F1422DE58ECA22EFF68E32EE230FB3 262144 ----a-w- C:\windows\Sysnative\webcheck.dll 2016-02-10 12:48:05 0FDC94FE7AF583F1F251DB2F8AA775FB 718336 ----a-w- C:\windows\Sysnative\ie4uinit.exe 2016-02-10 12:48:04 A53BA92BB2AD12CD588D608653D837FA 817664 ----a-w- C:\windows\Sysnative\jscript.dll 2016-02-10 12:48:04 2E147B50D120FFAA29B8AEF4AA251DD6 800768 ----a-w- C:\windows\Sysnative\ieapfltr.dll 2016-02-10 12:48:04 167C24BD00918779F6FB2A143EB881C9 571904 ----a-w- C:\windows\Sysnative\vbscript.dll 2016-02-10 12:47:55 092706F5B39565DA1E4784B19B06B02C 713216 ----a-w- C:\windows\Sysnative\WinSync.dll 2016-02-10 12:47:47 9607D1E0C43BAEDB3977A20978F83C11 897024 ----a-w- C:\windows\Sysnative\wuapi.dll 2016-02-10 12:47:47 891DD23E435D8D95D5A966B767F45A35 136912 ----a-w- C:\windows\Sysnative\wuauclt.exe 2016-02-10 12:47:47 8223EE1D7F869C35D8D4F7B6B6CA9016 3707392 ----a-w- C:\windows\Sysnative\wuaueng.dll 2016-02-10 12:47:46 E885FDD72C320A477EFA57CACF22D51E 2243584 ----a-w- C:\windows\Sysnative\wucltux.dll 2016-02-10 12:47:46 BDC44B05431C8ABE41AD5375C42F4AE1 409088 ----a-w- C:\windows\Sysnative\WUSettingsProvider.dll 2016-02-10 12:47:46 6CFEA83935BB29A7443FFA3E1AAFBEFD 140288 ----a-w- C:\windows\Sysnative\wuwebv.dll 2016-02-10 12:47:45 F9F8B3A1836A80EEFFC22B0C68F34F21 95744 ----a-w- C:\windows\Sysnative\wudriver.dll 2016-02-10 12:47:45 85AA54882D702A77A507520FE09E1D44 35840 ----a-w- C:\windows\Sysnative\wuapp.exe 2016-02-10 12:47:33 FD08F79EBD91BEED64E1C131261BE77C 3547648 ----a-w- C:\windows\Sysnative\rdpcorets.dll 2016-02-10 12:47:32 9EAA2C7E6FFED8AAAA3FBF3D8A25EC23 131584 ----a-w- C:\windows\Sysnative\rdpudd.dll ====== C:\windows\Sysnative\drivers ===== 2016-02-10 12:48:40 B0A106352DEF6D52332EA39E00462EA7 202240 ----a-w- C:\windows\Sysnative\drivers\mrxsmb20.sys 2016-02-10 12:48:40 61000E7155E92342D0D5338CE05D102A 401920 ----a-w- C:\windows\Sysnative\drivers\mrxsmb.sys 2016-02-10 12:48:17 D2AC8F07995CE6CD18848C129435B481 140800 ----a-w- C:\windows\Sysnative\drivers\mrxdav.sys ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-01-28 20:08:01 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2016-01-21 20:08:59 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird ======= C: ===== ====== C:\Users\Astrid\AppData\Roaming ====== ====== C:\Users\Astrid ====== 2016-02-19 14:12:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Astrid\Downloads\RSITx64.exe ====== C: exe-files == 2016-02-19 14:12:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Astrid\Downloads\RSITx64.exe 2016-02-19 07:45:31 45AB0193BCF8693503AF810B1E60D7FE 879512 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.116\48.0.2564.116_48.0.2564.109_chrome_updater.exe 2016-02-17 21:03:21 761204CE1F26D946B2ACE5D5FF2D5D16 1579928 ----a-w- C:\Users\Astrid\AppData\Local\Google\Chrome\User Data\SwReporter\6.44.3\software_reporter_tool.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2292006884-3492812581-672175727-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "331BigDog"="C:\Program Files (x86)\USB Camera\VM331STI.EXE" "Lenovo App Shop"="C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4" "UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0" "ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "Energy Manager"="C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe" "Lenovo Utility"="C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe" "IgfxTray"="C:\windows\system32\igfxtray.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" ==== Task Scheduler Jobs ====================== C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-08-2015 00:19] C:\windows\tasks\GoogleUpdateTaskMachineUA1cf6a915ec09a74.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-08-2015 00:19] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf6a915ec09a74" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\PDVDServ Task" [C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE] "C:\windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{3867EF27-C3A6-4332-8F18-1ECC0F9E65DF}" [C:\windows\system32\msfeedssync.exe] "C:\windows\SysNative\tasks\{41C389B9-881C-4BCC-8F1E-DF279CA937A4}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\windows\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSCService.exe] "C:\windows\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan] "C:\windows\SysNative\tasks\Lenovo\LSC\RebootCountTask" ["C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe"] "C:\windows\SysNative\tasks\Lenovo\LSC\Time72Task" ["C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe"] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== No folders found aged 0-6 months ==== Firefox Extensions ====================== ProfilePath: C:\Users\Astrid\AppData\Roaming\Thunderbird\Profiles\5kzc43p6.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Docs - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Docs Offline - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Astrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE" O4 - HKLM\..\Run: [Lenovo App Shop] "C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CFCC8D-D511-420B-BA6E-5E25DA4AB7B1}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Astrid\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Astrid\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Astrid\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Astrid\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Astrid\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== Empty Temp Folders ====================== C:\Users\Astrid\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Astrid\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on vr 19-02-2016 at 19:36:00,31 ======================