Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by ErikD on do 28/07/2016 at 11:58:03,39. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\ErikD\Documents\Mijn ontvangen bestanden\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 28/07/2016 11:59:58 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Kaseya deleted successfully C:\Users\erik\AppData\Local\PackageAware deleted successfully C:\Users\erik\AppData\Local\YLMnFQVD deleted successfully C:\Users\ErikD\AppData\Local\CrashDumps deleted successfully C:\Users\ErikD\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\ErikD\AppData\Local\EmieSiteList deleted successfully C:\Users\ErikD\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 22 ActiveX Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Webcam Sharing Manager ATI Catalyst Install Manager Auslogics Disk Defrag Belgium e-ID middleware 4.1.13 (build 1717) Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help English CCleaner Definition Update for Microsoft Office 2010 (KB3115247) 32-Bit Edition Facebook Video Calling 1.2.0.287 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HP 3D DriveGuard HP HotKey Support HP Webcam Driver IDT Audio Intel© Matrix Storage Manager iTunes Java 8 Update 45 Java Auto Updater LSI HDA Modem Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.1 (Nederlands) Microsoft .NET Framework 4.6.1 (NLD) Microsoft Office 2010 voor Thuisgebruik en Zakelijke toepassingen Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD Nero 8 Essentials Ralink Motorola BC4 Bluetooth 3.0+HS Adapter Ralink RT3090 802.11b/g/n WiFi Adapter Realtek Ethernet Controller All-In-One Windows Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4.6.1 (KB3122661) Security Update for Microsoft .NET Framework 4.6.1 (KB3127233) Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2) Security Update for Microsoft .NET Framework 4.6.1 (KB3142037) Security Update for Microsoft .NET Framework 4.6.1 (KB3143693) Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition Security Update for Microsoft Excel 2010 (KB3115130) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3054984) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2817478) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB3114872) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2999465) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition Security Update for Microsoft Word 2010 (KB3115243) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shareaza 2.5.3.0 SharePort Plus SoundTouch Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5) swMSM Synaptics Pointing Device Driver Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD Trend Micro Worry-Free Business Security Agent Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2881030) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition Update for Microsoft Office 2010 (KB3054977) 32-Bit Edition Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition Update for Microsoft Office 2010 (KB3114750) 32-Bit Edition Update for Microsoft Office 2010 (KB3114989) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft OneNote 2010 (KB3114410) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3115127) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB3114867) 32-Bit Edition Validity Fingerprint Driver VASCO Card Reader Plug-In (32-Bit) VASCO Smart Card Reader Plug-In (User) VLC media player WMV9/VC-1 Video Playback ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\vcsFPService.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe C:\Windows\system32\uArcCapture.exe C:\Program Files\Motorola\Bluetooth\obexsrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\GWX\GWX.exe C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Trend Micro\Security Agent\PccNTMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Motorola\Bluetooth\audiosrv.exe C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\fsquirt.exe C:\Users\ErikD\Documents\Mijn ontvangen bestanden\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k utcsvc C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\Kaseya not found C:\PROGRA~2\27115 deleted C:\Program Files\Shareaza deleted C:\PROGRA~2\Package Cache deleted C:\Users\ErikD\AppData\Local\mbt-actwiz.log deleted C:\Windows\System32\SET51E9.tmp deleted ==== System Specs ====================== Operating System: Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 32-bits Manufacturer: Hewlett-Packard - Model: HP ProBook 4520s Install Date: 3/12/2010 16:08:10 Last Boot: 28/07/2016 20:18:32 Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Number of Processors: 4 Work Station Bootmode: Normal boot Total RAM: 3055 MB (free 1854 MB - 60) Computername: KWPLT002 Domain: kwp.local User: ErikD (Non-Administrator account) Local Disk: C:\ - NTFS - 297 GB (free 223 GB) CD \ DVD Drive: D:\ Bootdevice: \Device\HarddiskVolume1 Windows update: 2016-07-04 08:20:21 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Trend Micro Security Agent On-access scanning disabled (Outdated) Anti-Spyware: Trend Micro Security Agent Anti-spyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Trend Micro Personal Firewall disabled Default Browser: Google Chrome 52.0.2743.82 Internet Explorer Version: 11.0.9600.18349 Google Chrome version: 52.0.2743.82 Adobe Reader version: 11.0.12.18 Sun Java version: 1.8.0_45 (32-bit) Shockwave Player version: 11.6.4r634 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ErikD\AppData\Local\Temp ==== 2016-07-27 19:55:47 71B4C3E213BEA679A7D10BC3359B428E 172032 ----a-w- C:\Users\ErikD\AppData\Local\Temp\kasA6EA.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2016-07-27 19:55:22 3DBEC167F6AE1DB1EC23627D05E7235D 3208 ----a-w- C:\Windows\system32\Tasks\{7EA92B44-9877-4496-845A-B85848C28A5F} 2016-07-26 21:48:37 4797F1B9C1ADADC0710E5A2D4058A9D9 3240 ----a-w- C:\Windows\system32\Tasks\{6CE4912D-99CC-4B3A-959A-812EC6F6A26D} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\ErikD\AppData\Roaming ====== ====== C:\Users\ErikD ====== ====== C: exe-files == 2016-07-27 19:55:47 71B4C3E213BEA679A7D10BC3359B428E 172032 ----a-w- C:\Users\ErikD\AppData\Local\Temp\kasA6EA.exe 2016-07-27 18:48:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\ErikD.exe 2016-07-27 18:46:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\ErikD\Documents\Mijn ontvangen bestanden\RSIT.exe 2016-07-26 22:32:49 5096826AAA1181F8607244E37FA0BABF 3712064 ----a-w- C:\Users\ErikD\Documents\Mijn ontvangen bestanden\adwcleaner_5.201.exe 2016-07-26 22:18:31 47587BF1E05157BD711F878442B86787 1262408 ----a-w- C:\Windows\Temp\CR_A663F.tmp\setup.exe 2016-07-26 22:18:29 B37F9072709A70A54E401964C52F3266 7312984 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\52.0.2743.82\52.0.2743.82_51.0.2704.103_chrome_updater.exe 2016-07-26 21:47:43 4B94FB369F9EC67715EE4DB46872BC4F 3732608 ----a-w- C:\Users\ErikD\Documents\Mijn ontvangen bestanden\SA_Uninstall_1384.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files\Motorola\Bluetooth\btmshell.dll,TrayApp" "QLBController"="C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Security Agent\pccntmon.exe -HideWindow" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SoundTouch Music Server"="C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\erik\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Malwarebytes Anti-Malware" "hkey"="HKLM" "command"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" ==== Startup Folders ====================== 2013-08-06 18:19:42 1225 ----a-w- C:\Users\erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/07/2016 07:10] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2887273296-2875358591-704918418-1153Core.job --a------ C:\Users\erik\AppData\Local\Facebook\Update\FacebookUpdate.exe [17/07/2013 23:52] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2887273296-2875358591-704918418-1153UA.job --a------ C:\Users\erik\AppData\Local\Facebook\Update\FacebookUpdate.exe [17/07/2013 23:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/08/2015 10:01] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/08/2015 10:01] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2887273296-2875358591-704918418-1153Core" [C:\Users\erik\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2887273296-2875358591-704918418-1153UA" [C:\Users\erik\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{C0B736CB-C524-45F9-B4F0-B6AF35ACFC80}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{52d08c03-d98f-40ed-bd1c-e4ee1d7b9bdd}"="C:\Program Files\Trend Micro\Security Agent\FirefoxExtension" [18/01/2016 16:07] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Google Docs - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Invite All (for Facebook) - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih Google Docs Offline - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}&rlz=1I7ADSA_nlBE481" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\Security Agent\CCSF\module\BES\TmBpIe32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SoundTouch Music Server] "C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kwp.local O17 - HKLM\Software\..\Telephony: DomainName = kwp.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kwp.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kwp.local O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\Security Agent\CCSF\module\BES\TmBpIe32.dll O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe O23 - Service: D-Link SharePort Plus Helper - Unknown owner - C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Trend Micro Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Common Client Solution Framework (TmCCSF) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\CCSF\TmCCSF.exe O23 - Service: Trend Micro Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe O23 - Service: Trend Micro Security Agent NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\TmProxy.exe O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\system32\uArcCapture.exe O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe ==== Empty IE Cache ====================== C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bnsadmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\erik\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ErikD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ErikD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\ErikD\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=394 folders=29 31823209 bytes) ==== Empty Temp Folders ====================== C:\Users\administrator\AppData\Local\Temp emptied successfully C:\Users\bnsadmin\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\erik\AppData\Local\Temp emptied successfully C:\Users\ErikD\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ErikD\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 28/07/2016 at 21:43:08,86 ======================