Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Sien on di 17-01-17 at 16:52:17,83. Microsoft Windows 10 Pro 10.0.14393 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sien\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-12-15-215514.log 38481 bytes C:\zoek-results2016-10-23-091601.log 45789 bytes ==== Empty Folders Check ====================== C:\PROGRA~3\SoftwareDistribution deleted successfully C:\PROGRA~3\Validity deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\Sien\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1122481129-159117629-3988577116-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1122481129-159117629-3988577116-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully HKEY_USERS\S-1-5-21-1122481129-159117629-3988577116-1000\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} deleted successfully ==== Installed Programs ====================== ActivInspire Core Resources (NLD) v1 ActivInspire Help (NLD) v1 ActivInspire HWR Resources (NLD) v1 ActivInspire v2 Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Flash Player 11 Plugin Adobe Refresh Manager Adobe Shockwave Player 11.6 Akamai NetSession Interface Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update Arcades R‚seau Interactif 2 ArcSoft MediaImpression HD Edition Auslogics DiskDefrag Belgium e-ID middleware 4.1.16 (build 1723) Bonjour BS.Player FREE CCleaner CDBurnerXP Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) D3DX10 DAEMON Tools Lite Dropbox Google Chrome Google Photos Backup Google+ Auto Backup HP 3D DriveGuard HP Deskjet 3050A J611 series Basissoftware van het apparaat HP Deskjet 3050A J611 series Haelp HP HD Webcam Driver HP Hotkey Support HP Update HPDiagnosticAlert iCloud IDT Audio ImgBurn Intel(R) Management Engine Components Intel(R) OpenCL CPU Runtime Intel(R) Processor Graphics Intel(R) USB 3.0 eXtensible Host Controller Driver Intel© Trusted Connect Service Client iTunes Java 8 Update 111 Java Auto Updater JMicron Flash Media Controller Driver Malwarebytes Anti-Malware versie 2.2.1.1043 Microsoft .NET Framework 4.5.2 (NLD) Microsoft .NET Framework 4.6.1 Microsoft Application Error Reporting Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) Microsoft Office 365 ProPlus - nl-nl Microsoft Office File Validation Add-In Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Movie Maker Mozilla Firefox 49.0.2 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT110 MSVCRT110_amd64 Office 16 Click-to-Run Extensibility Component Office 16 Click-to-Run Licensing Component Office 16 Click-to-Run Localization Component OKI Network Extension Online Plug-in Oracle VM VirtualBox 4.3.6 Panda Antivirus Pro 2013 Panda Endpoint Agent Panda Endpoint Protection ParticiPoll Password Depot 6 - Panda Secure Vault Edition PDFCreator Photo Common Photo Gallery Picasa 3 Realtek Ethernet Controller All-In-One Windows Driver Revo Uninstaller 1.95 Self-service Plug-in Shockwave Flash SkypeT 7.0 Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5) Stuurprogrammapakket voor Windows - Fedict SmartCard (09/23/2013 4.0.6.0) swMSM Synaptics Pointing Device Driver Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TeamViewer 10 TeraCopy 2.27 Typ-Top 3.0 Unchecky v1.0.1 Validity Fingerprint Sensor Driver Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.0.3 WinDirStat 1.1.2 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (64-bit) ==== Running Processes ====================== C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\SysWOW64\MIHDBG.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Sien\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\WINDOWS\Syswow64\GroupPolicy\Machine deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3980 MB CPU Info: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz CPU Speed: 2444,2 MHz Sound Card: Luidsprekers / HP (IDT High Def | Communicatie-hoofdtelefoons (ID | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Hosted Network Virtual Adapter CD / DVD Drives: 2x (E: | F: | ) E: DTSOFT BDROM | F: hp DVDRAM GT50N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 96,9GB | D: 200,1GB Hard Disks - Free: C: 52,2GB | D: 183,8GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 10/31/11 | HPQOEM - f Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 17F6 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Default Browser: Google Chrome 55.0.2883.87 Internet Explorer Version: 11.576.14393.0 Mozilla Firefox version: 49.0.2 (x86 nl) Adobe Reader version: 15.23.20053.211670 Sun Java version: 1.8.0_111 (32-bit) Sun Java version: 1.8.0_111 (64-bit) Flash Player version: 11.4.402.287 Shockwave Player version: 11.6.7r637 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Sien\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2017-01-11 16:04:33 E9A61066D8433692073FB7A71B76BF4F 223232 ----a-w- C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-01-11 16:04:33 79079788BFF24158D1F1E945D1AC092D 557568 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-01-11 16:04:33 2A046635F3515975AEFBB855CB4E9559 180224 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-01-11 16:04:32 6C79DD2C43E95A38FBB567D83DACDC52 263472 ----a-w- C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2017-01-11 16:04:29 BC95B9B72F50130CE7D87093E9F04110 253952 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2017-01-11 16:04:29 AF1CD431B9B08CBFB62F3B97C614951F 213504 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll 2017-01-11 16:04:29 593B33D87F2EB6BA09D583D782EC5922 285184 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-01-11 16:04:29 1220BEFEC4639175792FC0462DD52F3A 866816 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2017-01-11 16:04:28 E88811CA8FD0847E359D14C96C5DAE8C 218976 ----a-w- C:\WINDOWS\SysWOW64\offlinesam.dll 2017-01-11 16:04:27 677A1A604EA11CEEE78CD62AC0A79972 2206496 ----a-w- C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2017-01-11 16:04:26 FB8657C99B33C9E3AD5197D4AD6B229F 5398016 ----a-w- C:\WINDOWS\SysWOW64\aclui.dll 2017-01-11 16:04:25 DEF44B761300AF3C2CF2955273325093 20969928 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2017-01-11 16:04:23 E8866BF59BEBEE221459E82453642290 755712 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2017-01-11 16:04:23 C03354B15AB4B40A3D626EEA4BD6AFBB 74752 ----a-w- C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-01-11 16:04:22 D6BC9443751A6307D6DED2C94438BF9E 1155072 ----a-w- C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2017-01-11 16:04:21 1DD77E7ED258C57103D1FF1B0571D3FD 553984 ----a-w- C:\WINDOWS\SysWOW64\cryptui.dll 2017-01-11 16:04:21 16BD10FB0F72B9C844234C07C3130E04 167424 ----a-w- C:\WINDOWS\SysWOW64\WinSCard.dll 2017-01-11 16:04:20 E507716406282DED993ED67B192E4B93 382784 ----a-w- C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2017-01-11 16:04:19 DC195E020B6173087BC61E5694199E7C 198656 ----a-w- C:\WINDOWS\SysWOW64\indexeddbserver.dll 2017-01-11 16:04:19 4F3F93808E5D84E014A417DD7F5ADD90 1631232 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-01-11 16:04:19 1375FA26B9483F8C2D607E1741F3A440 822784 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-01-11 16:04:19 0C3C22395BBA6B4F6AF5075A0FFADA86 484584 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll 2017-01-11 16:04:18 037C1DD70B4A895EA4B80B3E25D095C8 19417600 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2017-01-11 16:04:16 65F4FD7E19758FF07BB5203D65A1C8AA 13869056 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-01-11 16:04:15 D32B01BB5724B3600528CFFFB2BAE948 1255936 ----a-w- C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-01-11 16:04:15 66E893992BE9048429451B026F85E6C6 6044160 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2017-01-11 16:04:15 2C61DF542F945F12A4FE28FD9C83AC9A 19413504 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2017-01-11 16:04:13 B78C83C57A50A6F32B3A73023F0BCC14 6474752 ----a-w- C:\WINDOWS\SysWOW64\mspaint.exe 2017-01-11 16:04:12 4ABEA64DBFF541F8EFF80CE488D1E2A6 7626752 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2017-01-11 16:04:10 5521425D404C71B95CFDCBB06455FB97 1557808 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll 2017-01-11 16:04:02 0484DE6C56F366D01C9C57616E74AF9C 231936 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-01-11 16:03:59 899A18BA61C0D1242A0E6A92752B7329 34304 ----a-w- C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2017-01-11 16:03:59 4C10A7F62FD74CC8D7CA096F77997E0A 2748416 ----a-w- C:\WINDOWS\SysWOW64\rdpcore.dll 2017-01-11 16:03:58 94A7B28F9433289C2447B7F701D8AB4A 76984 ----a-w- C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2017-01-11 16:03:56 E0D6916E8A0B269D22231BA00E8630FC 318976 ----a-w- C:\WINDOWS\SysWOW64\rdpencom.dll 2017-01-11 16:03:56 827F77A3D43A0B349919C2F66BBCFC4A 7469056 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2017-01-11 16:03:56 01E2B9E7C8443F43B0222890A1173E78 237056 ----a-w- C:\WINDOWS\SysWOW64\SyncSettings.dll 2017-01-11 16:03:55 A522BCEB7132DD667AB8EC9E076BF53E 231424 ----a-w- C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2017-01-11 16:03:55 1B6A591492D31591458C7A732830D739 1300480 ----a-w- C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-01-11 16:03:54 509C9E1A9DA6CAA6E405DEA9345AC7B3 497152 ----a-w- C:\WINDOWS\SysWOW64\LogonController.dll 2017-01-11 16:03:54 3032268EA235CE27FD2E9E946E3BCFAB 4612608 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-01-11 16:03:53 78B393E8F4C1990F7A3E2ECD40A48DF3 3892864 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2017-01-11 16:03:52 50E24324A257CBD80B8E57A96FCAA9B6 1852720 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-01-11 16:03:50 7FBDC2558247BBDC8935FEF194D0C1E8 1360464 ----a-w- C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-01-11 16:03:49 DCBAA27489EE9D25E3ED7D727260F876 1277344 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-01-11 16:03:48 6F8A2A1B1411B91B836034457CD797B3 712192 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2017-01-11 16:03:47 FA5384E6FBF90FC1BB7009279F6BDB5F 980832 ----a-w- C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-01-11 16:03:47 CC18742F62612E2C7FEE377C4746B3D3 136544 ----a-w- C:\WINDOWS\SysWOW64\mqmigplugin.dll 2017-01-11 16:03:46 E9CA8EAECA4785A9798056A321C4AD21 1201872 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-01-11 16:03:46 26401C08D6407D11FEE6514FD6786B90 640000 ----a-w- C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-01-11 16:03:34 D1A551B0B7AB57490179E5ED5C4B24DA 2998272 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys 2017-01-11 16:03:32 D9CCC54D17C28BC96DEA313DACA9CE96 509792 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-01-11 16:03:32 D9A7E46105EF2A77055B6A8E62094DA9 886272 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll 2017-01-11 16:03:32 975BAA926F998BD296FACF0102D1B4F5 860672 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2017-01-11 16:03:32 86F3DD8105EA18131BAD4A145F31B668 5061120 ----a-w- C:\WINDOWS\SysWOW64\d2d1.dll 2017-01-11 16:03:29 8705CA9066BEEE2A05C90FABB6929A28 1469792 ----a-w- C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-01-11 16:03:28 19F7122EC19F1EDA724D13BF54ABB180 147968 ----a-w- C:\WINDOWS\SysWOW64\win32k.sys 2017-01-11 16:03:27 BBFB3487BC2BA17DD45311D3B764C771 341344 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll 2017-01-11 16:03:27 7CCEAACEF7840EA15EEF6EC2A098DB72 3733504 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-01-11 16:03:22 B827440852CDBF8724A38E698FA0AA2D 806400 ----a-w- C:\WINDOWS\SysWOW64\D3D12.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2017-01-11 16:04:38 74FCE9C9854C94C264AF7639A5F46FF6 1631232 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.Resources.dll 2017-01-11 16:04:37 9EF92B1669413DF478D4A8DCDE201F4C 17188864 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2017-01-11 16:04:35 6586E0291CD53DA7794CD988366AED58 6285312 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2017-01-11 16:04:34 181C169AE98C74A1CC4B9AA0B4A22EA4 4130440 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2017-01-11 16:04:34 0EC298CD8F21F9AC04FEC57505B9150D 1988560 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2017-01-11 16:04:33 F139D4F13DBBB417B33A193258660611 1454504 ----a-w- C:\WINDOWS\Sysnative\mfnetsrc.dll 2017-01-11 16:04:33 0969BCCDE7E838227140F64382EF64AE 5611008 ----a-w- C:\WINDOWS\Sysnative\d2d1.dll 2017-01-11 16:04:32 980FB14885AE2404726EE45F8AABB586 4474368 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_47.dll 2017-01-11 16:04:32 3E3F64B5A629BDF6DC8C4CFAE77C8E4E 1300600 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll 2017-01-11 16:04:31 E56AF91E9346979B4AA060D42D8F0A94 1702392 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll 2017-01-11 16:04:31 A71B83E91B8850F7DC1A691E227BF1F6 1071736 ----a-w- C:\WINDOWS\Sysnative\mfnetcore.dll 2017-01-11 16:04:31 848A3CF59AAE081532C22F7C9A8DAAEC 3134976 ----a-w- C:\WINDOWS\Sysnative\rdpcore.dll 2017-01-11 16:04:31 783B7FCD68D9C42EC4779140ED55E542 1235296 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2017-01-11 16:04:30 E35794C871B70206F8DA6C48ABA003DC 360448 ----a-w- C:\WINDOWS\Sysnative\rdpencom.dll 2017-01-11 16:04:30 7DDF10FC2C70EA83BAC2BB934DF03CAD 936960 ----a-w- C:\WINDOWS\Sysnative\MCRecvSrc.dll 2017-01-11 16:04:30 4DE2027EC9EB53F11BE46DE27D1B1A72 8075776 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2017-01-11 16:04:28 DDB7E452A99E0E5244105C6D2CF4BC9E 2317824 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2017-01-11 16:04:28 B7EF5FF80CC9C0723ADA31B4355B9C13 883712 ----a-w- C:\WINDOWS\Sysnative\samsrv.dll 2017-01-11 16:04:28 917F081E2AB667C44F7D96DE1D16DFAE 673792 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2017-01-11 16:04:28 916B789655832BDF681FCE3070AFABB8 1600632 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll 2017-01-11 16:04:28 8B3D8DF2574E9EAA7FC5A93066AA9260 1005568 ----a-w- C:\WINDOWS\Sysnative\D3D12.dll 2017-01-11 16:04:28 82A72D1FE11ADE12D7213228F27C2351 391168 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll 2017-01-11 16:04:27 92156481488CDD143B4FC5AAEF94F85C 1490432 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2017-01-11 16:04:27 13D5AFBE138BADC93960102A4F187DE1 245600 ----a-w- C:\WINDOWS\Sysnative\offlinesam.dll 2017-01-11 16:04:26 CF03DB835BD053C5DF1020B08149334F 22224480 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2017-01-11 16:04:23 E61548BAF8C7B573C40175C28132D51A 869888 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2017-01-11 16:04:23 CE793530EC8C3669D9521B01E5EBBD46 136032 ----a-w- C:\WINDOWS\Sysnative\ImplatSetup.dll 2017-01-11 16:04:23 B7B0337702015FE3D8F1B1ABD07C1301 932864 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2017-01-11 16:04:23 2F7824EC4540A5FED80D605BC0AD6B39 404832 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll 2017-01-11 16:04:22 C4D85EB020B7A610354F94CFAAFAE448 319288 ----a-w- C:\WINDOWS\Sysnative\wow64.dll 2017-01-11 16:04:22 70888F2C61E34DA8C7BC476119375955 90112 ----a-w- C:\WINDOWS\Sysnative\updatepolicy.dll 2017-01-11 16:04:22 2F0111384FB522FE6B62EF1ECC60373A 236544 ----a-w- C:\WINDOWS\Sysnative\WinSCard.dll 2017-01-11 16:04:22 0A9D8B84C895E51D61F85F7AE4E639ED 600576 ----a-w- C:\WINDOWS\Sysnative\cryptui.dll 2017-01-11 16:04:21 C1B5EE58E759C53F9939581709DC70BB 193536 ----a-w- C:\WINDOWS\Sysnative\certprop.dll 2017-01-11 16:04:21 5E8ECCE130A72107B6DFDBE26185A7FB 201728 ----a-w- C:\WINDOWS\Sysnative\ScDeviceEnum.dll 2017-01-11 16:04:16 BD19B0A85E7F7D70543A77C61CE21054 324608 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll 2017-01-11 16:04:14 A8D1EF5E96E2F4FB513D83040B22FF31 1908224 ----a-w- C:\WINDOWS\Sysnative\AzureSettingSyncProvider.dll 2017-01-11 16:04:13 123D03C4DCE989FAEAB11B69EBE021AF 8129536 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2017-01-11 16:04:12 BB22F3FE6B6FA52E6A1A0270530C0607 1513472 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2017-01-11 16:04:11 BBCA1BF191B6F20FF549E51FB80A2868 6664192 ----a-w- C:\WINDOWS\Sysnative\mspaint.exe 2017-01-11 16:04:11 08D9755DADCA7A0FA9C093EC09C84AE0 4749312 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2017-01-11 16:04:10 F4886590FE0DF86EB9426A298B81C6B6 23678464 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2017-01-11 16:04:10 939B177EDD2B38D3E8BD994FF05EE27C 261632 ----a-w- C:\WINDOWS\Sysnative\indexeddbserver.dll 2017-01-11 16:04:10 3EFA8AE16B279E0C7C84CD8739ADEAC4 2482280 ----a-w- C:\WINDOWS\Sysnative\msmpeg2vdec.dll 2017-01-11 16:04:09 C9B67DBC82FBBB5688CF8E8293495937 9131008 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2017-01-11 16:04:08 23C699902D38FB40220B9DCC6A5961E7 328008 ----a-w- C:\WINDOWS\Sysnative\Windows.Storage.ApplicationData.dll 2017-01-11 16:04:08 164B90D40F4D459A32008762504CD6DC 425984 ----a-w- C:\WINDOWS\Sysnative\aadcloudap.dll 2017-01-11 16:04:08 0F08A4AA40A0F3663149B182954BA7CA 1694712 ----a-w- C:\WINDOWS\Sysnative\winmde.dll 2017-01-11 16:04:07 1B135C7D7C2930F967C40FEF9D0A6BE2 22563840 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2017-01-11 16:04:05 E481F29B8CCA13ED638BCC626D8BC613 1121280 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll 2017-01-11 16:04:03 7ECDB81C6F0F8089D3027C8319CFC966 1400160 ----a-w- C:\WINDOWS\Sysnative\AppVEntSubsystemController.dll 2017-01-11 16:04:03 7BA4E976F904AA6CD237A7A1555385AB 2169184 ----a-w- C:\WINDOWS\Sysnative\AppVEntSubsystems64.dll 2017-01-11 16:04:02 99CA3E622070FDBD7B75EB7E86B2DE40 822624 ----a-w- C:\WINDOWS\Sysnative\AppVClient.exe 2017-01-11 16:04:02 52F502271B9B779E8D630EE9F910F9A0 752992 ----a-w- C:\WINDOWS\Sysnative\AppVOrchestration.dll 2017-01-11 16:04:01 EBF9E40845362DBE2AD0DB3077269488 539648 ----a-w- C:\WINDOWS\Sysnative\usocore.dll 2017-01-11 16:04:01 B20202D8FA469630F21802EB460B43A3 696160 ----a-w- C:\WINDOWS\Sysnative\AppVPublishing.dll 2017-01-11 16:04:01 A01596A65A36416DE9DB3D5A0476EF9A 1669984 ----a-w- C:\WINDOWS\Sysnative\AppVIntegration.dll 2017-01-11 16:04:01 283B67D6DB413AD1F90F234F72945C84 571744 ----a-w- C:\WINDOWS\Sysnative\AppVCatalog.dll 2017-01-11 16:04:01 21A12249A5D06DBD8C40CF186E9DF6C7 4149248 ----a-w- C:\WINDOWS\Sysnative\rdpcorets.dll 2017-01-11 16:04:01 13F38871E8AF34DCCB041D1B5BCEE465 43008 ----a-w- C:\WINDOWS\Sysnative\LaunchWinApp.exe 2017-01-11 16:04:00 E33446727BBCC402913AFF2B440C7DB3 779616 ----a-w- C:\WINDOWS\Sysnative\AppVReporting.dll 2017-01-11 16:04:00 9D9A803170E3DA9051F0B4B6C95B64E2 406368 ----a-w- C:\WINDOWS\Sysnative\AppVScripting.dll 2017-01-11 16:04:00 556D38A47240BAF62EE4E41A0EA12BF2 704352 ----a-w- C:\WINDOWS\Sysnative\AppVEntVirtualization.dll 2017-01-11 16:04:00 03A3AA14BD6567BD17F973239773C2A9 992096 ----a-w- C:\WINDOWS\Sysnative\AppVManifest.dll 2017-01-11 16:03:59 E9543E74CC957BBD36D537BE9BCD075B 813408 ----a-w- C:\WINDOWS\Sysnative\AppVEntStreamingManager.dll 2017-01-11 16:03:59 CAD92D19FF3674F36C778D0E79C40772 290816 ----a-w- C:\WINDOWS\Sysnative\updatehandlers.dll 2017-01-11 16:03:59 3F38768BF36874A4E649FAD5F94009AE 513376 ----a-w- C:\WINDOWS\Sysnative\TransportDSA.dll 2017-01-11 16:03:58 FA26C660CD221A53EFF56D7E0533A129 947712 ----a-w- C:\WINDOWS\Sysnative\MSVP9DEC.dll 2017-01-11 16:03:57 ACF2C3CAB1FDC4B25ACB12EB60FA174E 1054048 ----a-w- C:\WINDOWS\Sysnative\AppVPolicy.dll 2017-01-11 16:03:57 8795108A09CCDE6E6D25B1427FD7B593 289792 ----a-w- C:\WINDOWS\Sysnative\DeveloperOptionsSettingsHandlers.dll 2017-01-11 16:03:57 813A5AEC1D548506B98084E916CF4D5F 241504 ----a-w- C:\WINDOWS\Sysnative\AppVShNotify.exe 2017-01-11 16:03:57 62B1292F90D98574FDA94C15455DBE54 92512 ----a-w- C:\WINDOWS\Sysnative\rdpudd.dll 2017-01-11 16:03:57 113124C7ED0B942AD954DD4E81C3B93B 190816 ----a-w- C:\WINDOWS\Sysnative\AppVDllSurrogate.exe 2017-01-11 16:03:55 87067444E515E123F712F564E5668DAB 368640 ----a-w- C:\WINDOWS\Sysnative\OneBackupHandler.dll 2017-01-11 16:03:55 74159E9FFFE9325BC7729A4E3719875D 49152 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll 2017-01-11 16:03:54 CB69C94BC348A8435541453D1C1D7F0D 206848 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2017-01-11 16:03:54 3C31E12CEA4F72AAC79ECB89512D7089 3616768 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2017-01-11 16:03:53 26569D6A2BCBC0058340145C4C79488A 1002496 ----a-w- C:\WINDOWS\Sysnative\SRH.dll 2017-01-11 16:03:53 0C968E9C3B514AAA634339ADFDBE5C04 2009600 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll 2017-01-11 16:03:52 C1AD9597ADC4770E221A25B8BEB7271C 418952 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll 2017-01-11 16:03:52 47A61ECCDD1EC29E66EEAB90416B2064 5511680 ----a-w- C:\WINDOWS\Sysnative\aclui.dll 2017-01-11 16:03:52 466F6475D5161FD26F144967C84FA30F 324096 ----a-w- C:\WINDOWS\Sysnative\domgmt.dll 2017-01-11 16:03:52 1EB7C2F34EFD0B1AAE841F0272531106 1231872 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll 2017-01-11 16:03:51 D4BEF92AFE4C1BBF3216D159E2B9B0F7 1356864 ----a-w- C:\WINDOWS\Sysnative\ClipUp.exe 2017-01-11 16:03:51 C9F62A3544BCEBACAF17E3EA22B0F5A2 590960 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll 2017-01-11 16:03:51 AD09DD001BFF1562665F5670F1E76259 1062912 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll 2017-01-11 16:03:51 82F99FCA5931BB62B465F5B6B1D420DD 534096 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll 2017-01-11 16:03:51 7B993290E7691C446C16A56A431669BA 942080 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2017-01-11 16:03:51 38B1A32D777CAEBE248FB608023701D2 584544 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe 2017-01-11 16:03:51 2DC3D53FFA0D10EB8C911AE2DB7BF4CF 337920 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2017-01-11 16:03:50 FB04124C2D2F68BBF3B9D31950B78222 211968 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe 2017-01-11 16:03:50 ED63AA851858968B968BD5C144361075 748544 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll 2017-01-11 16:03:50 9F69F9CF2D6D337D41824E2F2B3921DB 260608 ----a-w- C:\WINDOWS\Sysnative\InstallAgentUserBroker.exe 2017-01-11 16:03:49 FBF28125556F3A32518DA015497353F4 223744 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2017-01-11 16:03:49 8C521D161445C3E1F38A494E7649E70D 837632 ----a-w- C:\WINDOWS\Sysnative\wbiosrvc.dll 2017-01-11 16:03:48 F77CC6A4AD680477252538615B4F6863 257024 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.CredDialogController.dll 2017-01-11 16:03:48 A707CE085972BBDBA1F6780B444F6D3C 89416 ----a-w- C:\WINDOWS\Sysnative\remoteaudioendpoint.dll 2017-01-11 16:03:47 EA04A11C1EB00AD374595D4CDD84F815 153952 ----a-w- C:\WINDOWS\Sysnative\mqcmiplugin.dll 2017-01-11 16:03:47 C608AF956CE1F99F5B00B9D2AB6C8F4C 352768 ----a-w- C:\WINDOWS\Sysnative\cloudAP.dll 2017-01-11 16:03:46 70703DDFF5F20685B09ED4392139B03D 418304 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.BlockedShutdown.dll 2017-01-11 16:03:46 4CA3CFEA3483EDEFFD27A3A3EC92391C 363520 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.BioFeedback.dll 2017-01-11 16:03:46 4BF211AAECBBE524D1F141135241C5CE 310784 ----a-w- C:\WINDOWS\Sysnative\SyncSettings.dll 2017-01-11 16:03:46 0D9A63B965E6871809EE83B56697E0B3 462336 ----a-w- C:\WINDOWS\Sysnative\fhsettingsprovider.dll 2017-01-11 16:03:45 6DFED1399CF52D877E6C91D470A29916 440320 ----a-w- C:\WINDOWS\Sysnative\fhcfg.dll 2017-01-11 16:03:45 4C08BF958476A137C78B62B22B5F90A4 147456 ----a-w- C:\WINDOWS\Sysnative\winsrv.dll 2017-01-11 16:03:45 42AFA15DE8FE204B74B3C8D2E2E12B0D 295424 ----a-w- C:\WINDOWS\Sysnative\CloudBackupSettings.dll 2017-01-11 16:03:44 6B4BFAC812452A7DFB04B79266068333 7816032 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2017-01-11 16:03:44 4B1302F2DDF5B7F19520B20B380FBE39 455520 ----a-w- C:\WINDOWS\Sysnative\securekernel.exe 2017-01-11 16:03:36 A1D181D6D7D14F4EB36675D0D62CE817 1692672 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.onecore.dll 2017-01-11 16:03:35 D70B1453ADA82A92E76EAE72D936A0F6 2275840 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2017-01-11 16:03:32 6A767EA4AB61E6CD23E21299FF2EB045 707584 ----a-w- C:\WINDOWS\Sysnative\LogonController.dll 2017-01-11 16:03:30 BFBCD0C204BFFFB1CC17FE8A8B734A8B 266752 ----a-w- C:\WINDOWS\Sysnative\ConsoleLogon.dll 2017-01-11 16:03:30 391C0A1E168E6E66D9136DDA4FA2743E 241504 ----a-w- C:\WINDOWS\Sysnative\CloudExperienceHost.dll 2017-01-11 16:03:28 7730E5E104B739368AECE9C00E7C1531 1292288 ----a-w- C:\WINDOWS\Sysnative\MSVPXENC.dll 2017-01-11 16:03:25 639EB29D9311C212A3C35D44A56B1766 349184 ----a-w- C:\WINDOWS\Sysnative\provengine.dll 2017-01-11 16:03:23 EFA5FFD923DB1FF8C0A8E0BE95DF34DA 234496 ----a-w- C:\WINDOWS\Sysnative\KnobsCore.dll 2017-01-11 16:03:23 1188528BD42005037F57A1F7EB9FFEA2 83968 ----a-w- C:\WINDOWS\Sysnative\ProvPluginEng.dll 2017-01-11 16:03:23 0BF189620AE82619BA12C2D0659E719A 119808 ----a-w- C:\WINDOWS\Sysnative\KnobsCsp.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2017-01-11 16:04:24 90C07EB909C42316982E753BDAA7860D 624048 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2017-01-11 16:03:48 3BB8D153A9A514EC9FFCB586251A1925 715104 ----a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys 2017-01-11 16:03:44 29AF16726F4DD84376ECA85AB6AFF2C6 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-12-28 07:59:51 -------- d---a-w- C:\PROGRA~2\COMMON~1\DESIGNER ======= C: ===== ====== C:\Users\Sien\AppData\Roaming ====== 2017-01-14 12:52:24 -------- d-----w- C:\Users\Sien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Sien ====== 2017-01-15 11:44:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sien\Desktop\RSITx64.exe 2017-01-15 11:40:05 E05BC40301AB39A2DFC1E03B9B117A99 3988944 ----a-w- C:\Users\Sien\Desktop\adwcleaner_6.042.exe ====== C: exe-files == 2017-01-15 17:05:43 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Sien\AppData\Local\Temp\58963A6A-A031-4FDF-B917-23E3E863C182\DismHost.exe 2017-01-15 11:44:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sien\Desktop\RSITx64.exe 2017-01-15 11:40:05 E05BC40301AB39A2DFC1E03B9B117A99 3988944 ----a-w- C:\Users\Sien\Desktop\adwcleaner_6.042.exe 2017-01-14 16:59:29 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Sien\AppData\Local\Temp\AC06D43E-83A6-47A2-A5D0-648974AB919A\DismHost.exe 2017-01-14 16:32:48 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Sien\AppData\Local\Temp\4765227E-C427-4C94-9425-2B6CB4FE960F\DismHost.exe 2017-01-14 12:52:09 E072C89E36A1CCE358DFC825A68E71F4 174072 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2017-01-14 12:52:09 D9D8DAFA1062025C66D8C3906FC1C262 26287016 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\Dropbox.exe 2017-01-14 12:52:09 97C84088ABAC51837A8DE190607A009C 44848 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe 2017-01-14 12:52:09 92DC74466983762D0976DCA6CF3183B1 51504 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe 2017-01-14 12:50:56 8196554E8EB50CD6D6D0E89786696082 75550440 ----a-w- C:\Users\Sien\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\17.4.33\DropboxClient_17.4.33.exe 2017-01-11 17:46:37 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Sien\AppData\Local\Temp\1CAE6A4F-2B1E-4993-82F1-DBAB051E42BF\DismHost.exe 2017-01-11 17:37:40 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Sien\AppData\Local\Temp\C811BEFF-B983-42E1-A40D-7181D8A388E8\DismHost.exe 2017-01-11 17:24:34 418299F70B35752CB048ED773C59002E 145088 ----a-w- C:\Users\Sien\AppData\Local\Temp\E355C7DD-21B4-4F61-8DAC-8FCB9639F315\DismHost.exe === C: other files == 2017-01-14 12:52:09 BC2A3C653B42F5C7E9D4607C2C1F69C3 63592 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys 2017-01-14 12:52:09 BC2A3C653B42F5C7E9D4607C2C1F69C3 63592 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys 2017-01-14 12:52:09 BC2A3C653B42F5C7E9D4607C2C1F69C3 63592 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys 2017-01-14 12:52:08 4032C71C9CB3F6FE1B918BD9F72B9588 75888 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys 2017-01-14 12:52:08 4032C71C9CB3F6FE1B918BD9F72B9588 75888 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys 2017-01-14 12:52:08 4032C71C9CB3F6FE1B918BD9F72B9588 75888 ----a-w- C:\Users\Sien\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys 2017-01-11 16:04:24 90C07EB909C42316982E753BDAA7860D 624048 ----a-w- C:\Windows\System32\drivers\cng.sys 2017-01-11 16:04:12 BB22F3FE6B6FA52E6A1A0270530C0607 1513472 ----a-w- C:\Windows\System32\win32kbase.sys 2017-01-11 16:03:54 CB69C94BC348A8435541453D1C1D7F0D 206848 ----a-w- C:\Windows\System32\win32k.sys 2017-01-11 16:03:54 3C31E12CEA4F72AAC79ECB89512D7089 3616768 ----a-w- C:\Windows\System32\win32kfull.sys 2017-01-11 16:03:48 3BB8D153A9A514EC9FFCB586251A1925 715104 ----a-w- C:\Windows\System32\drivers\vhdmp.sys 2017-01-11 16:03:44 29AF16726F4DD84376ECA85AB6AFF2C6 335712 ----a-w- C:\Windows\System32\drivers\pci.sys 2017-01-11 16:03:34 D1A551B0B7AB57490179E5ED5C4B24DA 2998272 ----a-w- C:\Windows\SysWOW64\win32kfull.sys 2017-01-11 16:03:28 19F7122EC19F1EDA724D13BF54ABB180 147968 ----a-w- C:\Windows\SysWOW64\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1122481129-159117629-3988577116-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Sien\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe" "OneDrive"="C:\Users\Sien\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN34K1CK1C05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "Dropbox Update"="C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "MIHDBG"="C:\WINDOWS\system32\MIHDBG.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "PSUAMain"="C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe /LaunchSysTray" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Sien\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe" "OneDrive"="C:\Users\Sien\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -deviceID CN34K1CK1C05WK:NW -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" "Dropbox Update"="C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Akamai NetSession Interface" "hkey"="HKCU" "command"="\"C:\\Users\\Sien\\AppData\\Local\\Akamai\\netsession_win.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /AUTO" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Cisco AnyConnect Secure Mobility Agent for Windows" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Cisco\\Cisco AnyConnect Secure Mobility Client\\vpnui.exe\" -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ConnectionCenter" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dropbox Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dropbox Update" "hkey"="HKCU" "command"="\"C:\\Users\\Sien\\AppData\\Local\\Dropbox\\Update\\DropboxUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Photos Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Photos Backup" "hkey"="HKCU" "command"="\"C:\\Users\\Sien\\AppData\\Local\\Programs\\Google\\Google Photos Backup\\Google Photos Backup.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Sien\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Redirector] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Redirector" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\redirector.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sien^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\Sien\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Sien\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sien^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series (netwerk).lnk] "item"="Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series (netwerk)" "path"="C:\\Users\\Sien\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series (netwerk).lnk" "backup"="C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series (netwerk).lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Windows\\system32\\RunDll32.exe" ==== Startup Folders ====================== 2016-01-13 16:26:25 1686 --sha-w- C:\Users\Sien\AppData\Roaming\Microsoft\LastFlashConfig.wfc ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-10-12 22:14] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000Core1d23b378432ad92.job --a-------- C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe [10-11-16 10:47] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA1d23b3784679fb1.job --a-------- C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe [10-11-16 10:47] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000Core.job --a-------- C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe [02-09-15 10:45] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA.job --a-------- C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe [02-09-15 10:45] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA1d1eb6045af0cec.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000Core1d23b378432ad92" [C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA1d23b3784679fb1" [C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000Core" [C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000Core1d2593267f0e3b" [C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA" [C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA1d1eb6045af0cec" [C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1122481129-159117629-3988577116-1000UA1d259326a5348b" [C:\Users\Sien\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Trigger KMS Activation" ["C:\Users\Sien\Downloads\LaNanov16.1\TriggerKMS.exe"] "C:\WINDOWS\SysNative\tasks\{78F09FE8-97B1-4F49-AAEB-71377AD08591}" ["c:\users\sien\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{A84D721E-8116-47C8-A558-0BF2FBE92F90}" ["c:\users\sien\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{D86E6E73-7C26-4A1B-BFA3-D87E7426EA2C}" ["c:\users\sien\appdata\local\google\chrome\application\chrome.exe"] "C:\WINDOWS\SysNative\tasks\{E52500B0-6FE7-4FAB-B517-66AA7BC8F244}" ["c:\users\sien\appdata\local\google\chrome\application\chrome.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Sien\AppData\Roaming\Mozilla\Firefox\Profiles\in81efym.default user_pref("browser.newtab.url", ""); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [21-10-16 21:55] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Sien\AppData\Roaming\Mozilla\Firefox\Profiles\in81efym.default 1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director E7BC792810EC02DD1F7ED25D830E9324 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions chfdnecihphmhljaaejmgoiahnihplgn - No path found[] AVG Web TuneUp - Sien\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn Whitelisted domains - Sien\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Web Store Payments - Sien\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - Sien\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Startpages ====================== C:\Users\Sien\AppData\Local\Google\Chrome\User Data\Default\Preferences 047012580"}}},"session":{"restore_on_startup":4,"startup_urls":["https://www.google.be/"]}} ==== Chromium Fix ====================== C:\Users\Sien\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully C:\Users\Sien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [MIHDBG] C:\WINDOWS\system32\MIHDBG.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] C:\Users\Sien\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Sien\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN34K1CK1C05WK:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Sien\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Sien\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @oem2.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: Panda Cloud Office Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: Panda Endpoint Administration Agent (WAHost) - Unknown owner - C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sien\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sien\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Sien\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=69 folders=45 88505186 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Sien\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 17-01-17 at 17:52:46,76 ======================