Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Esther on vr 05/08/2016 at 18:10:37,97. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Esther\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 5/08/2016 18:15:26 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\McAfee deleted successfully C:\Program Files\Common Files\AV deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Administrator\AppData\LocalLow deleted successfully C:\Users\Esther\AppData\Local\ActiveSync deleted successfully C:\Users\Esther\AppData\Local\EmieSiteList deleted successfully C:\Users\Esther\AppData\Local\EmieUserList deleted successfully C:\Users\Esther\AppData\Local\NetworkTiles deleted successfully C:\Users\Esther\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully ==== Installed Programs ====================== Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Refresh Manager Adobe Shockwave Player 12.1 Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update Ashampoo AppLauncher (Medion) v.1.0.0 AVG AVG 2016 AVG Protection AVG Zen Bonjour Brawlhalla Camtasia Studio 8 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CyberLink Home Cinema 10 CyberLink LabelPrint 2.5 CyberLink MediaEspresso 6.5 CyberLink PhotoDirector 4 CyberLink Power2Go 8 CyberLink PowerDirector 11 CyberLink PowerDVD 10 CyberLink PowerDVD Copy 1.5 CyberLink PowerRecover CyberLink YouCam 5 D3DX10 Dolby Digital Plus Advanced Audio Electronic Arts Product Registration eMindMaps FMW 1 Fotogalerie Fotogalerija Fotogalleri Fotogalleriet Fotograf Galerisi Fot˘t r Galeria de Fotografias Galerˇa de fotos Galeria fotografii Galerie de photos GeoGebra 5 Google Chrome Google Update Helper Harry Potter II Intel(R) Processor Graphics Intel(R) Trusted Execution Engine Intel(R) Trusted Execution Engine Driver iTunes Java 8 Update 101 Java Auto Updater K-Lite Codec Pack 11.2.0 Full McAfee SiteAdvisor Microsoft Application Error Reporting Microsoft Office Professional Plus 2013 - nl-nl Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Movie Maker Mozilla Firefox 38.0.5 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component PaintTool SAI version 1.2.0 PewDiePie: Legend of the Brofist PHotkey Photo Common Photo Gallery Podstawowe programy Windows Live Popcorn Time CE YIFY Raccolta foto REALTEK Bluetooth Driver Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver REALTEK Wireless LAN Driver S?????? f?t???af??? Screen Recorder Launcher Skype Click to Call SkypeT 7.25 Spotify Steam swMSM Synaptics Pointing Device Driver Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TeamViewer 11 Valokuvavalikoima Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Liven peruspaketti ==== Running Processes ====================== C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\PHotkey\PHotkey.exe C:\Program Files (x86)\PHotkey\HCSynApi.exe C:\Program Files (x86)\PHotkey\POSD.exe C:\Program Files (x86)\PHotkey\GPMTray.exe C:\Users\Esther\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Esther\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Steam\bin\steamwebhelper.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\ProgramData\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe C:\ProgramData\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe C:\Users\Esther\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\McAfee not found C:\ProgramData\Avg_Update_0816tb deleted C:\windows\SysNative\Tasks\AVG-SSU_0516piz deleted C:\windows\SysNative\Tasks\AVG-SSU_0516piz_DELETE deleted C:\windows\SysNative\Tasks\AVG-SSU_0516piz_RML deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\PROGRA~3\Avg_Update_0516tb deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\Package Cache deleted C:\Users\Administrator\AppData\Local\BTServer.log deleted C:\Users\Esther\AppData\Local\BTServer.log deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Esther\AppData\LocalLow\DataMngr deleted "C:\PROGRA~3\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe" deleted "C:\PROGRA~3\Avg_Update_0516piz" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3987 MB CPU Info: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz CPU Speed: 1836,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC | Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GU90N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 403,3GB | D: 60,0GB Hard Disks - Free: C: 338,9GB | D: 42,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Medion Akoya E7226 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Default Browser: Google Chrome 52.0.2743.116 Internet Explorer Version: 11.494.10586.0 Mozilla Firefox version: 38.0.5 (x86 nl) Google Chrome version: 52.0.2743.116 Adobe Reader version: 15.17.20050.192152 Sun Java version: 1.8.0_101 (32-bit) Sun Java version: 1.8.0_101 (64-bit) Shockwave Player version: 12.1.8r158 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-07-12 22:53:43 E396258CFD8F84E8F2C24930E6D88C67 4515256 ----a-w- C:\WINDOWS\explorer.exe 2016-07-12 22:51:17 430DE1635CE173440D34ABA1676113D7 994816 ----a-w- C:\WINDOWS\HelpPane.exe ====== C:\Users\Esther\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-08-05 16:04:42 9CD922338DC8C35973D4C88A0D1E21CA 111016 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-08-05 16:11:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\Sysnative\REN3806.tmp ====== C:\WINDOWS\Sysnative\drivers ===== 2016-07-20 06:46:16 B6F34BE914F7CF7D8B7203AB6241AC8B 313088 ----a-w- C:\WINDOWS\Sysnative\drivers\avgwfpa.sys 2016-07-19 10:27:12 A1E22774E01EDB88EC9620EF017B3ABE 261888 ----a-w- C:\WINDOWS\Sysnative\drivers\avgmfx64.sys 2016-07-13 08:17:32 97BFC3BD9F910B24EB956FF3387C71CF 1987936 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-07-12 22:55:05 91A2D07C017068FD2F11414E8D676EC5 577376 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-07-12 22:54:22 66FDDD2004332EED0A8262E9762EB457 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-07-12 22:53:40 5DFF4CF4DF7FD11AE5A1DAD8C67619D2 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-07-12 22:53:39 EF94E21C3220AE3F8539542EC0B3FF06 331616 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-07-12 22:53:39 309E3CFC5309CECD9317A69990716A87 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-07-12 22:53:13 33110D78697A1B771E1B30675B39CE46 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\bthenum.sys 2016-07-12 22:53:11 B32316BCF974882E715A3459C953AD56 84992 ----a-w- C:\WINDOWS\Sysnative\drivers\BTHUSB.SYS 2016-07-12 22:53:10 549DFD8240CF20BFBD88AD9D89325DBF 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2016-07-12 22:50:54 2D54FE808BAF96666D0CE9B05B8C768F 954368 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-07-12 22:49:08 CF63BF6AAEDF721E37F9E216FD321B8E 2403168 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-07-12 22:48:42 1CDA6D0A2345AA589949AE9C83853913 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys ====== C:\WINDOWS\Tasks ====== 2016-08-05 16:11:59 B582AFEB3DCF3A438FA6805D3047BB7C 4194 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{4E193C5E-6FFD-42B6-8EDB-7150426EB35E} 2016-08-01 09:27:33 FD96E5A115BF9079D4677133CEC3E59A 3916 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-08-04 20:28:26 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-08-05 16:05:52 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-08-05 15:57:34 -------- d-----w- C:\PROGRA~2\TeamViewer ======= C: ===== ====== C:\Users\Esther\AppData\Roaming ====== 2016-08-05 15:51:01 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\AvgSetupLog 2016-08-05 15:50:42 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg 2016-08-05 15:49:28 -------- d-----w- C:\Users\Esther\AppData\Local\AvgSetupLog ====== C:\Users\Esther ====== 2016-08-05 16:04:57 -------- d-----w- C:\Users\Esther\.oracle_jre_usage 2016-08-05 16:02:36 0AF64B59269F6F5C7DF5B97DF8C0E0AB 739904 ----a-w- C:\Users\Esther\Downloads\JavaSetup8u101 (2).exe 2016-08-05 15:56:59 856BCB47B35E875BC66AC3FE9CCDB61F 11203928 ----a-w- C:\Users\Esther\Downloads\TeamViewer_Setup.exe 2016-08-05 15:55:21 0AF64B59269F6F5C7DF5B97DF8C0E0AB 739904 ----a-w- C:\Users\Esther\Downloads\JavaSetup8u101 (1).exe 2016-08-05 15:53:34 0AF64B59269F6F5C7DF5B97DF8C0E0AB 739904 ----a-w- C:\Users\Esther\Downloads\JavaSetup8u101.exe 2016-08-05 15:51:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-08-05 15:49:33 -------- d-----w- C:\ProgramData\Avg 2016-08-04 20:27:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Esther\Downloads\RSITx64.exe ====== C: exe-files == 2016-08-04 20:28:26 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Esther.exe 2016-08-01 09:31:20 7FCD648CCDA7FD08C663A4A73C2B4F7A 25740480 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excel.exe 2016-08-01 09:31:16 F8E2D5F1753C68CF69C9EC41BB03EAE0 920264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe 2016-08-01 09:31:13 D18EE4659381AB0F13EBF3B54CB504CB 1163552 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe 2016-08-01 09:31:13 95EB666E3C5C7044CA345AA473871A91 851728 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe 2016-08-01 09:31:13 6FC544FC8B66A6048EDDA22FD8FB292C 559848 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe 2016-08-01 09:31:13 6590DDF5C60AA43B671A57E1386E7BA6 48848 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe 2016-08-01 09:31:12 0DA5E5E0E5E16D9506BF35594B30AE94 5862696 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe 2016-08-01 09:31:11 7B9F03DE263B8EAF2F2A1714FFA3E85C 537856 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe 2016-08-01 09:31:11 4F775EB3DE46D06962E793A2A0940350 94048 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe 2016-08-01 09:31:10 7C7A8797B3EE44BCF8A9556984C4AB63 483656 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe 2016-08-01 09:31:10 64D3FCDF2B726BA1A207D3D2E5AB9177 8022312 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe 2016-08-01 09:31:05 F4135C6B6F60FFE91E71D182CE150E65 59680 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\setlang.exe 2016-08-01 09:31:05 579A2B884BE174B0A1A8FE968E48ADAE 1932472 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\winword.exe 2016-08-01 09:31:01 3E9FBC3D835319F3E4D331DECD443A33 19135688 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\outlook.exe 2016-08-01 09:30:59 3041648E6A72124AEDC39EA19D8A74AD 490272 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe 2016-08-01 09:30:58 64DE1229E21B498B7CCA563C3C2CA77A 883928 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe 2016-08-01 09:30:58 214C953DBB733A76924D5DDD546A5BD1 999104 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\firstrun.exe 2016-08-01 09:30:57 610FB199B0806A46ED978FD971E549B1 42696 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\appsharinghookcontroller.exe 2016-08-01 09:30:57 24F5D3048E0121890EA0226237BFCDE6 4531456 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\graph.exe 2016-08-01 09:30:57 15CBDF2B6B3643531A98B25B2547C9C2 578912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\orgchart.exe 2016-08-01 09:30:56 010BD3513762C4FBD908CE1F187BD85A 1793736 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\infopath.exe 2016-08-01 09:30:53 F80D336BD2CD70F124C58A1504F09CC7 43216 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msoev.exe 2016-08-01 09:30:53 2FF2910D2C576ECB10F630DD46019EB2 1553704 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ocpubmgr.exe 2016-08-01 09:30:51 F7024EC2912591BEE2557D86B6493561 10769104 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\mspub.exe 2016-08-01 09:30:51 F32E224F46D34F6E20ABD09C8F6A0D84 709304 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msqry32.exe 2016-08-01 09:30:49 BAA1F6D6B233EEED1C1B497C538DDBAA 24094408 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lync.exe 2016-08-01 09:30:48 7B1CA60DEE7244250A8EC48878B8DE71 15529152 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msaccess.exe 2016-08-01 09:30:46 DF34FAAA69610A4F4AF505C3A167054C 43240 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msotd.exe 2016-08-01 09:30:45 942F2A654DA2D5813BAC992BD183EA16 458496 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msosync.exe 2016-08-01 09:30:45 8FBEAE90575B808058838AAC1691F132 508152 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msouc.exe 2016-08-01 09:30:45 24DF79F91C13272E69D0B441474779F5 6748864 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe 2016-08-01 09:30:44 92F510544F7204A93B56F3DFF0E9FC3B 526672 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe 2016-08-01 09:30:44 5F24E8D65581EA385AF9D61C39BD2677 8844544 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\groove.exe 2016-08-01 09:30:41 CA3D41ACD4F350D355C6D6DA49E0EA81 21955264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2016-08-01 09:30:38 9E53CC59D970C0713057644FC1D66A56 238328 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\clview.exe 2016-08-01 09:30:36 597C6D1353A006C4D093C7BE3FBF8DC7 642336 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\integrator.exe === C: other files == 2016-08-05 16:04:24 91052ADB799AEF68EA76931997C40CE4 14156 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\lib\deploy\ffjcext.zip 2016-08-03 12:28:06 067ECBC5531E29933CC18300C1A7BFFA 2302 ----a-w- C:\Program Files (x86)\AVG\Zen\rules.zip 2016-08-03 12:26:54 8AE5601BA60374CD3F5234EBA5A85320 74760 ----a-w- C:\Program Files (x86)\AVG\Zen\add.zip 2016-08-03 12:26:24 FBC0E980EC9DEB80D1CCBA8EE0062C06 178 ----a-w- C:\Program Files (x86)\AVG\Zen\cfg.zip 2016-08-03 12:25:18 30B798135AD9CD4D689C0B82D924E14F 2537718 ----a-w- C:\Program Files (x86)\AVG\Zen\html.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Esther\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "OneDrive"="C:\Users\Esther\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify"="C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" "AppLauncher"="C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe" [HKEY_USERS\S-1-5-21-3890035145-223695785-3344413635-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe" "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Esther\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "OneDrive"="C:\Users\Esther\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify"="C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/06/2015 12:20] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/06/2015 12:20] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{4E193C5E-6FFD-42B6-8EDB-7150426EB35E}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Google Slides - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Matthew Williamson - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhneppoibdckggbphlddbkdfnipiklp Google Docs - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Pinterest Save Button - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic Chrome Web Store Payments - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_edu.degreesfinder.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_edu.degreesfinder.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adinariversloveschool.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adinariversloveschool.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adirondack-demo.squarespace.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adirondack-demo.squarespace.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adversary-demo.squarespace.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adversary-demo.squarespace.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.shoefitr.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.shoefitr.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d33w8z5rfgj4vc.cloudfront.net_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d33w8z5rfgj4vc.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage deleted successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com/?cid={679C155C-AA14-4E5B-9FA7-602126DD6798}&mid=c561a49e0a1447cda13a856e581b9feb-58dc8f41ae8062c68923a2d3c4163c92b9e5e62a&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-06-18 14:40:06&v=4.1.5.143&pid=wtu&sg=&sap=hp" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{A0E44E83-5090-4D54-8A20-B12D0EF7FDDF} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB ==== Reset Google Chrome ====================== C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Esther\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [OneDrive] "C:\Users\Esther\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Spotify] "C:\Users\Esther\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3890035145-223695785-3344413635-500\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Administrator') O4 - HKUS\S-1-5-21-3890035145-223695785-3344413635-500\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'Administrator') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfwsa.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: PGFNEX Service (PGFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\IE\1Q56YELJ will be deleted at reboot C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\IE\I9HF1T6B will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=47 folders=14 16399018 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Esther\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\Avg_Update_0516piz" not found "C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\IE\1Q56YELJ" not found "C:\Users\Esther\AppData\Local\Microsoft\Windows\INetCache\IE\I9HF1T6B" not found ==== EOF on vr 05/08/2016 at 19:19:36,16 ======================