Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Sofie on di 05-07-2016 at 17:54:27,23. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sofie\Downloads\zoek (1).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-12-06-213330.log 71845 bytes C:\zoek-results2014-12-14-195322.log 69760 bytes C:\zoek-results2014-12-15-112237.log 68173 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Sofie\AppData\Local\ActiveSync deleted successfully C:\Users\Sofie\AppData\Local\CrashDumps deleted successfully C:\Users\Sofie\AppData\Local\EmieSiteList deleted successfully C:\Users\Sofie\AppData\Local\EmieUserList deleted successfully C:\Users\Sofie\AppData\Local\NetworkTiles deleted successfully C:\Users\Sofie\AppData\Local\VirtualStore deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\SysWOW64\dcomx32.exe C:\Program Files (x86)\Dell Update\DellUpService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Users\Sofie\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Dell Update\DellUpTray.exe C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Sofie\Downloads\zoek (1).exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe R2 - [Dell Foundation Services] - Dell Foundation Services - c:\program files\dell\dell foundation services\dfssvc.exe R2 - [DellDataVault] - Dell Data Vault - c:\program files\dell\delldatavault\delldatavault.exe R2 - [DellDataVaultWiz] - Dell Data Vault Wizard - c:\program files\dell\delldatavault\delldatavaultwiz.exe R2 - [DellUpdate] - Dell Update Service - c:\program files (x86)\dell update\dellupservice.exe R2 - [EpsonCustomerParticipation] - EpsonCustomerParticipation - c:\program files\epson\epsoncustomerparticipation\epcp.exe R2 - [EpsonScanSvc] - Epson Scanner Service - c:\windows\system32\escsvc64.exe R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe R2 - [SftService] - SoftThinks Agent Service - c:\program files (x86)\dell backup and recovery\sftservice.exe R2 - [SupportAssistAgent] - Dell SupportAssist Agent - c:\program files (x86)\dell\supportassistagent\bin\supportassistagent.exe R2 - [Windows Index Services] - Windows Index Services - c:\windows\system32\dcomx32.exe [x] R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [Disc Soft Ultra Bus Service] - Disc Soft Ultra Bus Service - c:\program files\daemon tools ultra\discsoftbusservice.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [DellProdRegManager] - Dell Product Registration Manager - c:\program files (x86)\dell product registration\regmgrsvc.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{05EE3202-A879-4F9D-895C-AC535855E0A9} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Sofie\AppData\Local\node-webkit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8097 MB CPU Info: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz CPU Speed: 1699,0 MHz Sound Card: Luidsprekers / koptelefoons (Re | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek PCIe FE Family Controller | Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Dell Wireless 1705 802.11b/g/n (2.4GHZ) CD / DVD Drives: 1x (D: | ) D: TSSTcorpDVD+-RW SU-208GB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 921,6GB | E: 496,0MB | X: 750,0MB Hard Disks - Free: C: 602,6GB | E: 428,7MB | X: 307,8MB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | | DELL - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Dell Inc. 09V1VC Country: Nederland Language: NLD ==== System Specs (Software) ====================== Default Browser: Google Chrome 51.0.2704.103 Internet Explorer Version: 11.420.10586.0 Google Chrome version: 51.0.2704.103 Adobe Reader version: 15.16.20045.188096 Sun Java version: 1.8.0_65 (32-bit) Sun Java version: 1.8.0_65 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-06-27 16:50:03 429D9EEB1DA2386625DF4601CC1C875A 2825944 ----a-w- C:\WINDOWS\RtlExUpd.dll 2016-06-20 07:12:39 E15BEB03592BA12C5C99E2BA46146BDD 4515264 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\Sofie\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-06-27 16:50:11 DF2FA22F4084D7F30AB271E6E3C59C25 563992 ----a-w- C:\WINDOWS\SysWOW64\MBTHX32.dll 2016-06-27 16:50:11 B8FEA541BD9EE7554294C3A69166A764 753280 ----a-w- C:\WINDOWS\SysWOW64\MBAPO32.dll 2016-06-27 16:50:11 3EA5AFAA20C36FB4344D1E9C4E502F39 1718528 ----a-w- C:\WINDOWS\SysWOW64\MBAPO232.dll 2016-06-27 16:50:10 8B85B10D8E504A85FAA843E88EF1A1E8 11900848 ----a-w- C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll 2016-06-27 16:49:51 51DC4F92C235FE68BE59ED16E64AD42C 1536 ----a-w- C:\WINDOWS\SysWOW64\RtkMsgs.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-06-27 16:54:14 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\Sysnative\GfxValDisplayLog.bin 2016-06-27 16:50:16 A88BE9A6C4E646A2B2A1BD3A7F4B58E7 198896 ----a-w- C:\WINDOWS\Sysnative\SRSHP64.dll 2016-06-27 16:50:16 A028717B791416182959B325D5B40679 211184 ----a-w- C:\WINDOWS\Sysnative\SRSTSH64.dll 2016-06-27 16:50:16 2FCADCC14F8E540F6ADE4BF92BD8AEDD 155888 ----a-w- C:\WINDOWS\Sysnative\SRSWOW64.dll 2016-06-27 16:50:16 018D3D2478754AA411DE6DA6DE5F8F21 518896 ----a-w- C:\WINDOWS\Sysnative\SRSTSX64.dll 2016-06-27 16:50:13 CA1D7D09854D305A64B100DC1400BA21 331880 ----a-w- C:\WINDOWS\Sysnative\RtlCPAPI64.dll 2016-06-27 16:50:13 8331FC724559DB1002249CE4792EB991 2702552 ----a-w- C:\WINDOWS\Sysnative\RTSnMg64.cpl 2016-06-27 16:50:13 66203A57C9E357845272734A69DB91A1 2919128 ----a-w- C:\WINDOWS\Sysnative\RtPgEx64.dll 2016-06-27 16:50:13 31BB22ED297CE8D88B518CB3467AA0D6 154184 ----a-w- C:\WINDOWS\Sysnative\RtkXInterface64.dll 2016-06-27 16:50:12 ECAEC5FBBBEF8612AF0A866AFA5F7EF2 101208 ----a-w- C:\WINDOWS\Sysnative\RTEEL64A.dll 2016-06-27 16:50:12 E9D4A333DF15D06C68AC4BFB9B6581CB 310104 ----a-w- C:\WINDOWS\Sysnative\RP3DAA64.dll 2016-06-27 16:50:12 D39F48916DCD8F6F5D1DA5FF0CA19BEB 1310936 ----a-w- C:\WINDOWS\Sysnative\RTCOM64.dll 2016-06-27 16:50:12 D0D0D82B7366E691275E433CD34F89B2 375128 ----a-w- C:\WINDOWS\Sysnative\RTEEP64A.dll 2016-06-27 16:50:12 B6FE01558CC03F3866C9AD0ED19261D8 310104 ----a-w- C:\WINDOWS\Sysnative\RP3DHT64.dll 2016-06-27 16:50:12 A6286A6C7A1BBFCBA17AA54384A21D1C 204120 ----a-w- C:\WINDOWS\Sysnative\RTEED64A.dll 2016-06-27 16:50:12 6F4CD493196100EEF349D7132CECAFD9 78680 ----a-w- C:\WINDOWS\Sysnative\RTEEG64A.dll 2016-06-27 16:50:12 4A1CA878196886743FE0E84F02C2C1DA 631000 ----a-w- C:\WINDOWS\Sysnative\RtDataProc64.dll 2016-06-27 16:50:11 D0EB28022A91A5C084E8A7DEBB08D8D2 141584 ----a-w- C:\WINDOWS\Sysnative\R4EEL64A.dll 2016-06-27 16:50:11 CD3F906FFA6CC16B27DADB0B913C83A7 72113152 ----a-w- C:\WINDOWS\Sysnative\RCORES64.dat 2016-06-27 16:50:11 A491B31AFE57E27425D5C9B2838A5CDA 1750232 ----a-w- C:\WINDOWS\Sysnative\RCoInstII64.dll 2016-06-27 16:50:11 8E0DDA3589EB1A92C674103596EB3183 628504 ----a-w- C:\WINDOWS\Sysnative\MBTHX64.dll 2016-06-27 16:50:11 8882AD10853E45402CABD3BAF48A7EFC 124176 ----a-w- C:\WINDOWS\Sysnative\R4EEA64A.dll 2016-06-27 16:50:11 587A8CF457604D84266FF858CEB60223 662784 ----a-w- C:\WINDOWS\Sysnative\MaxxVolumeSDAPO.dll 2016-06-27 16:50:11 50E41327A6B0312313C5A90A203950CA 65112 ----a-w- C:\WINDOWS\Sysnative\MBppld64.dll 2016-06-27 16:50:11 4CEE426B1FAD0479F95CB23F97EFCDC8 897152 ----a-w- C:\WINDOWS\Sysnative\MBAPO64.dll 2016-06-27 16:50:11 0B5EF50E26CFD1E7BF01E32E053532B2 434960 ----a-w- C:\WINDOWS\Sysnative\R4EED64A.dll 2016-06-27 16:50:11 09D9D2C960A14D3857B6E5B1AB6F4D0E 60504 ----a-w- C:\WINDOWS\Sysnative\MBPPCn64.dll 2016-06-27 16:50:11 03625A179B27362D3A90E3331AEBE95E 7164176 ----a-w- C:\WINDOWS\Sysnative\R4EEP64A.dll 2016-06-27 16:50:11 01096663377134C41D618AF0E53A953E 75024 ----a-w- C:\WINDOWS\Sysnative\R4EEG64A.dll 2016-06-27 16:50:10 E93ADE8C38CA41442FE60E844DED92AC 2041432 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioEQ64.dll 2016-06-27 16:50:10 D364ED2E8CA42D79EDFE8B3BB878E22D 194816 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioVienna264.dll 2016-06-27 16:50:10 A0DEEB5F93530A3C67E913F2EAE7AF7C 1145264 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioAPO4064.dll 2016-06-27 16:50:10 7C0186E421B1B5FC5824837D5078B4C1 1192368 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioAPO5064.dll 2016-06-27 16:50:10 75616F8DB5C092A8A50AFEC273859DD7 318808 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioAPO20.dll 2016-06-27 16:50:10 4EC891B6EAC2E5532350F30784B10F60 1374640 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioAPO6064.dll 2016-06-27 16:50:10 4209912F4FC493FCB0816771448F9E8E 980400 ----a-w- C:\WINDOWS\Sysnative\MaxxVoiceAPO2064.dll 2016-06-27 16:50:10 25F178F2F5FEC36272D76FC009A97B8F 12997552 ----a-w- C:\WINDOWS\Sysnative\MaxxVoiceAPO3064.dll 2016-06-27 16:50:10 06080807E61471A18AD99F3E6FF3C9B5 663296 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioAPO30.dll 2016-06-27 16:50:10 030B0E978BEE347E9A671A7BEA4501FE 3691608 ----a-w- C:\WINDOWS\Sysnative\MaxxAudioMeters64.exe 2016-06-27 16:50:07 F7C357462077156DC211AC2112FC8C53 1568360 ----a-w- C:\WINDOWS\Sysnative\DTSS2HeadphoneDLL64.dll 2016-06-27 16:50:07 F132C08BD8C58579B400DFAA71F34CFB 1756264 ----a-w- C:\WINDOWS\Sysnative\DTSS2SpeakerDLL64.dll 2016-06-27 16:50:07 E3057F69217B864F022DCF3A9DABB8E2 3195416 ----a-w- C:\WINDOWS\Sysnative\FMAPO64.dll 2016-06-27 16:50:07 DE32448E6B40141C80DAABFF6FBE1744 693352 ----a-w- C:\WINDOWS\Sysnative\DTSVoiceClarityDLL64.dll 2016-06-27 16:50:07 BC0474E5476E5EA0D0E1AA5AC41E2061 242792 ----a-w- C:\WINDOWS\Sysnative\DTSGFXAPO64.dll 2016-06-27 16:50:07 B3977C8BA77559F4F8752AE8EB724C87 242792 ----a-w- C:\WINDOWS\Sysnative\DTSLFXAPO64.dll 2016-06-27 16:50:07 9948969B2C1987B1D64789EFEB284A84 712296 ----a-w- C:\WINDOWS\Sysnative\DTSSymmetryDLL64.dll 2016-06-27 16:50:07 3B8FB5376F5431C0101747D5138BCB9B 241768 ----a-w- C:\WINDOWS\Sysnative\DTSGFXAPONS64.dll 2016-06-27 16:50:07 2EF5442E8E7ED20F7634EEFB09640C8F 491112 ----a-w- C:\WINDOWS\Sysnative\DTSNeoPCDLL64.dll 2016-06-27 16:50:07 192A03A21636D3775CEE4C049C3BEB2A 432744 ----a-w- C:\WINDOWS\Sysnative\DTSLimiterDLL64.dll 2016-06-27 16:50:06 FF31A2F57AAAB58DB78FCC961A58B206 428648 ----a-w- C:\WINDOWS\Sysnative\DTSGainCompensatorDLL64.dll 2016-06-27 16:50:06 DE67ADEAC731C1ED3BD76527AB530BA5 315736 ----a-w- C:\WINDOWS\Sysnative\DDPO64A.dll 2016-06-27 16:50:06 CAC823DDBB6E785DB76906BFCCFE55AF 261464 ----a-w- C:\WINDOWS\Sysnative\DDPA64.dll 2016-06-27 16:50:06 C71D1DAFA22B5D3B71853783E5AA09D2 7087448 ----a-w- C:\WINDOWS\Sysnative\DDPP64A.dll 2016-06-27 16:50:06 B9B73E9AF77BC79C46E499A1D3B09D67 560328 ----a-w- C:\WINDOWS\Sysnative\AERTAC64.dll 2016-06-27 16:50:06 B3E9EA31E37EDCC1D54CE20504549ABE 108640 ----a-w- C:\WINDOWS\Sysnative\AERTAR64.dll 2016-06-27 16:50:06 8B5A737AD11EF45D9B1AEB4ED6884968 728680 ----a-w- C:\WINDOWS\Sysnative\DTSBassEnhancementDLL64.dll 2016-06-27 16:50:06 6E14F444A2506049EEC25CB5EDFE0905 113576 ----a-w- C:\WINDOWS\Sysnative\CONEQMSAPOGUILibrary.dll 2016-06-27 16:50:06 21B38D4D86A87909491F690883AE6D1E 1486952 ----a-w- C:\WINDOWS\Sysnative\DTSBoostDLL64.dll 2016-06-27 16:50:06 018EFD4A9BF6FDA0F1AA3A6DE5712CD9 1939800 ----a-w- C:\WINDOWS\Sysnative\DDPD64A.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-06-27 16:50:12 98AD42113CF4E0FF70FF125BBDFD37E0 36778882 ----a-w- C:\WINDOWS\Sysnative\drivers\RTAIODAT.DAT 2016-06-20 07:12:44 3996DF4D52FD6273750C7033D1447C0A 31744 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsdport.sys 2016-06-20 07:12:37 8B83335B6A86F39785FC7C9DE5F5B29F 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-06-20 07:12:33 C03E926B0E7D66D68994067231DC3246 278528 ----a-w- C:\WINDOWS\Sysnative\drivers\netbt.sys 2016-06-20 07:12:33 2568B86F6A50D254324CB89022CA9EFC 690176 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2016-06-20 07:12:32 CF78AF126B00C1B0A6FF45BD838E8EFE 331616 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-06-20 07:12:30 BE88248427A6AA548A904FD867667F70 406528 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys 2016-06-20 07:12:30 3F7C80D9F16B94367646CBF8B8C052F4 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-06-20 07:12:28 8E9E48E4BC6EACB811FE6066ADACC7A5 577376 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-06-20 07:12:27 87B9ABB965F7AF987D52791F0DD1663D 211296 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2016-06-20 07:12:27 425CFD45BDF5B9F8B790BEB20E0A8721 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-06-20 07:12:25 6E520D6B16EA8AE23D1F81C1194F00C8 237056 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2016-06-20 07:12:24 D330D74B5F99309B5CCA30AE41C57CDE 118624 ----a-w- C:\WINDOWS\Sysnative\drivers\partmgr.sys 2016-06-20 07:12:21 05DD22294A4F3F89E52351C7721E6D2C 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys 2016-06-20 07:12:19 883A36E2FF7FA3E1281CB575579FE3AF 124928 ----a-w- C:\WINDOWS\Sysnative\drivers\Ndu.sys 2016-06-20 07:12:18 FFB773E4AA55E4F5FBBB084B41D7A86F 954368 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-06-20 07:12:18 020F3FD207AFEDAC8E05E4C567547A78 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-06-20 07:12:14 BE265ABFB467BBAC8C73A55AD94F4216 84992 ----a-w- C:\WINDOWS\Sysnative\drivers\BTHUSB.SYS 2016-06-20 07:12:13 3C7DE7B7CAD633CD2DA07710BC17361C 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\bthenum.sys ====== C:\WINDOWS\Tasks ====== 2016-06-27 16:51:35 0D70A0093C3229655C7905C65814FA01 3218 ----a-w- C:\WINDOWS\Sysnative\Tasks\RtHDVBg_PushButton ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-06-27 16:51:44 -------- d-----w- C:\Program Files\Waves ======= C:\PROGRA~2 ===== 2016-07-04 18:59:25 -------- d-----w- C:\PROGRA~2\trend micro 2016-06-27 16:50:04 -------- d--h--w- C:\PROGRA~2\Temp ======= C: ===== ====== C:\Users\Sofie\AppData\Roaming ====== ====== C:\Users\Sofie ====== 2016-07-04 18:59:03 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Sofie\Downloads\RSIT.exe 2016-06-27 16:52:32 -------- d-----w- C:\ProgramData\0d233ffc-1e81-4f60-b5c0-000acb147af4 2016-06-27 16:52:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio ====== C: exe-files == 2016-07-04 18:59:25 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\Sofie.exe 2016-07-04 18:59:03 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Sofie\Downloads\RSIT.exe 2016-07-03 18:01:46 23FA5B4230E3A9A96ED2E9E94FEA686D 85832 ----a-w- C:\Users\Sofie\AppData\Local\Microsoft\Windows\INetCache\IE\L73T1S22\SetupAdmin[1].exe 2016-07-03 17:57:49 23FA5B4230E3A9A96ED2E9E94FEA686D 85832 ----a-w- C:\Users\Sofie\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe 2016-07-03 17:57:49 13202A5A51F8796F1D9D722CB64BCBE9 83768 ----a-w- C:\Users\Sofie\AppData\Local\Microsoft\Windows\INetCache\IE\8HGTMJ69\SetupAdmin[1].exe 2016-06-29 16:20:00 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Sofie\AppData\Local\Temp\1E78C19F-006E-4FB8-B450-FFBE6FDDECF9\DismHost.exe 2016-06-29 15:41:14 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Sofie\AppData\Local\Temp\CA5E403C-D643-4645-BCA0-4484B08776C0\DismHost.exe 2016-06-29 15:28:54 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Sofie\AppData\Local\Temp\4C82A635-CC76-45A2-87B2-AE85871809A7\DismHost.exe 2016-06-29 15:22:06 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Sofie\AppData\Local\Temp\F9AA6C65-571A-4000-A90F-F1E617DE270E\DismHost.exe 2016-06-29 13:43:53 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Sofie\AppData\Local\Temp\A19DC48E-56C6-4406-994E-F21660B8A5FD\DismHost.exe 2016-06-29 13:10:30 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Sofie\AppData\Local\Temp\9307A20F-82AA-41F2-95BA-65FE2D7BB2DC\DismHost.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1346342557-3094049871-1797930786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "Spotify Web Helper"="C:\Users\Sofie\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "DAEMON Tools Ultra Agent"="C:\Program Files\DAEMON Tools Ultra\DTAgent.exe -autorun" "OneDrive"="C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "iCloudPhotos"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-1346342557-3094049871-1797930786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "Spotify Web Helper"="C:\Users\Sofie\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "DAEMON Tools Ultra Agent"="C:\Program Files\DAEMON Tools Ultra\DTAgent.exe -autorun" "OneDrive"="C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "iCloudPhotos"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC" "QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "WavesSvc"="C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [28-05-2016 07:05] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-08-2015 19:49] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-08-2015 19:49] C:\WINDOWS\tasks\RunDFS.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [09-01-2015 17:17] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\PCDDataUploadTask" ["uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"] "C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\Dell\SupportAssist\uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\RtHDVBg_PushButton" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" [C:\WINDOWS\TEMP\DeleteFolderTask.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{45BC21F4-3006-4126-B3A7-1410DDBBA202}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Dell\Dell Product Registration" [C:\Program Files (x86)\Dell Product Registration\prodreg.exe] "C:\WINDOWS\SysNative\tasks\Dell\Dell Product Registration Update" [C:\Program Files (x86)\Dell Product Registration\prodreg.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-02-28 18:23:30 -------- d-----w- C:\PROGRA~3\Skype 2016-03-26 10:55:34 -------- d-----w- C:\PROGRA~3\PC-Doctor for Windows 2016-06-27 16:52:32 -------- d-----w- C:\PROGRA~3\0d233ffc-1e81-4f60-b5c0-000acb147af4 ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25-07-2015 18:32] Google Slides - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf eID Chrome Extension - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbdaodnaecdijpajecpncpdomgcoakc YouTube - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Cast - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd selector is not a valid CSS selector - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{534638F3-8109-44F9-931E-A504A72F039A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sofie\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun O4 - HKCU\..\Run: [OneDrive] "C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sofie\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Ultra Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: Windows Index Services - Unknown owner - c:\windows\system32\dcomx32.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sofie\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sofie\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sofie\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Sofie\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5035 folders=133 55280069 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Sofie\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 05-07-2016 at 18:33:28,89 ======================