Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Robbescheuten on di 27-12-2016 at 13:00:13,63. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Robbescheuten\Pictures\MP Navigator EX\Downloads 2016\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 27-12-2016 13:01:23 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Protexis deleted successfully C:\Users\Robbescheuten\AppData\Roaming\PPT2DVD deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1037555006-1929405826-4030660218-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D53ACD3-1771-43de-9C13-CC1F014DEAAD} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe C:\Windows\SysWOW64\ASGT.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Users\Robbescheuten\Pictures\MP Navigator EX\Downloads 2016\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [asComSvc] - ASUS Com Service - c:\program files (x86)\asus\axsp\1.02.00\atkexcomsvc.exe R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe R2 - [Fabs] - FABS - Helping agent for MAGIX media database - c:\program files (x86)\common files\magix services\database\bin\fabs.exe R2 - [hmpalertsvc] - HitmanPro.Alert service - c:\program files (x86)\hitmanpro.alert\hmpalert.exe R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [NvContainerLocalSystem] - NVIDIA LocalSystem Container - c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe R2 - [NVDisplay.ContainerLocalSystem] - NVIDIA Display Container LS - c:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe R2 - [NVIDIA Wireless Controller Service] - NVIDIA Wireless Controller Service - c:\program files\nvidia corporation\geforce experience service\nvwirelesscontroller.exe R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe R2 - [PSI_SVC_2_x64] - Corel License Validation Service V2 x64, Powered by arvato - c:\program files\common files\protexis\license service\psiservice_2.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FirebirdServerMAGIXInstance] - Firebird Server - MAGIX Instance - c:\program files (x86)\common files\magix services\database\bin\fbserver.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [NvContainerNetworkService] - NVIDIA NetworkService Container - c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\ROBBES~1\AppData\Roaming\Mozilla\Firefox\Profiles\euwobhpu.default-1482759459825\prefs.js: user_pref("browser.startup.homepage", "http://www.google.nl/"); Added to C:\Users\ROBBES~1\AppData\Roaming\Mozilla\Firefox\Profiles\euwobhpu.default-1482759459825\prefs.js: user_pref("browser.startup.homepage", "http://www.google.nl/"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\VIDEO DVR not found "C:\Users\Robbescheuten\AppData\Roaming\JP2K CS6-voorkeuren" deleted "C:\ProgramData\mntemp" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8135 MB CPU Info: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz CPU Speed: 3686,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | HP 2710-4 (NVIDIA High Definiti | Display Adapters: NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-224DB Ports: COM1 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 232,9GB | D: 3725,9GB Hard Disks - Free: C: 107,7GB | D: 2642,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/11/14 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. H97-PLUS Country: Nederland Language: NLD ==== System Specs (Software) ====================== AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Smart Security 9.0.408.1 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} SP: ESET Smart Security 9.0.408.1 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Persoonlijke firewall *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} Internet Explorer Version: 11.0.9600.18538 Mozilla Firefox version: 50.1.0 (x86 nl) Adobe Reader version: 15.20.20042.205528 Sun Java version: 1.8.0_111 (32-bit) Sun Java version: 1.8.0_111 (64-bit) Flash Player version: 24.0.0.186 Shockwave Player version: 12.1.6r156 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\ROBBES~1\AppData\Local\Temp ==== 2016-12-26 21:26:41 76ACA89383D1B0EE9FD71F7603DAA7B4 11581544 ----a-w- C:\Users\Robbescheuten\AppData\Local\Temp\HitmanPro_x64.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-12-26 21:26:40 623A33F94560ECD2E3B94DF22016E09A 789136 ----a-w- C:\WINDOWS\SysWOW64\hmpalert.dll 2016-12-14 21:11:29 6D38E417E193F8FE6758F1184D3D81C9 536768 ----a-w- C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2016-12-14 21:11:28 7B733D95B2D4370D47A1977B5F1E9A8D 875720 ----a-w- C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2016-12-14 21:11:02 766562B91B5312A3220142383BFD67CE 20302848 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2016-12-14 21:11:02 4739A0A6A9CDFA27594FF7CFB76FCCA5 13653504 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2016-12-14 21:11:01 F4F5123B45BFCFD2F035280FDCB5BBBE 2444800 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2016-12-14 21:11:01 D3E1C9DF5EB2FCCA4C2E7E47934CB410 1312256 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2016-12-14 21:11:01 C54E60CE4D57C30B9B239DFE0E7737D5 111104 ----a-w- C:\WINDOWS\SysWOW64\bcrypt.dll 2016-12-14 21:11:01 BC8532A1608ED5E245AA1552AF2497E6 3606528 ----a-w- C:\WINDOWS\SysWOW64\msi.dll 2016-12-14 21:11:01 A6B83F04D58CD574B61D346207CAD9D9 613632 ----a-w- C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-12-14 21:11:01 94106EEBAF6E43C7E31E26E1C378BBBA 1376768 ----a-w- C:\WINDOWS\SysWOW64\user32.dll 2016-12-14 21:11:01 93C1A4203EC715574E094967120BB7C5 1097728 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2016-12-14 21:11:01 391E0821D8FD234EF9421222277DA0CF 2463744 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2016-12-14 21:11:01 1D72AE3A2525BF5D18D130BFD9CE9BF6 4608000 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2016-12-14 21:11:01 0EBBF3AA0BE120BF981CB8FB53679D5F 663552 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2016-12-14 21:11:01 0279941B14DB16F85A744C86DA115FAD 324096 ----a-w- C:\WINDOWS\SysWOW64\certcli.dll 2016-12-14 21:11:00 A6EA4FEF58E880BAAF35BEE12DEEAA78 498688 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2016-12-14 21:11:00 84CCDA182B5C8E8A05757DF1DD40A844 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-12-14 21:11:00 74DD581657824B8F5907C114A0BC07A2 693248 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2016-12-14 21:11:00 3EFD9A07E33AAC33E7B013B402938CF9 880640 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-12-26 21:26:40 CFB61C683EF7A628F64A34A346300FA6 863888 ----a-w- C:\WINDOWS\Sysnative\hmpalert.dll 2016-12-14 21:11:29 9CD8D39AF6D47064040328E644E97554 678592 ----a-w- C:\WINDOWS\Sysnative\msvcp120_clr0400.dll 2016-12-14 21:11:28 E19A2C8A95D8ED1DAB9E6BCA0038E63A 869576 ----a-w- C:\WINDOWS\Sysnative\msvcr120_clr0400.dll 2016-12-14 21:11:03 27242553CF6CC1E4B6BD10231E43C0B8 25759744 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2016-12-14 21:11:02 D2FBCAE25B66A63B52687A17C145357E 6049280 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2016-12-14 21:11:02 B6DCB1497E2516F771A92A7659AAF238 15257088 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2016-12-14 21:11:01 FD7EBF67A3E242B06655DCFEA3223406 4169216 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2016-12-14 21:11:01 EFFAD41CB8F00BC0F40E5ECDD9DFA6CA 1033216 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2016-12-14 21:11:01 DD60F2870E1569107498A54FF78AC355 576000 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2016-12-14 21:11:01 CEFEA1EE543FF0C109A12976B11BD7DB 1380048 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2016-12-14 21:11:01 BF340EDE35941C88C86A14215270D98F 1543680 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2016-12-14 21:11:01 BE9040C350BCE65571DE0ABF50E589DB 3320320 ----a-w- C:\WINDOWS\Sysnative\msi.dll 2016-12-14 21:11:01 B6135EC4807ECAE321E3C706D1D92098 817664 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2016-12-14 21:11:01 B20916B4827A9E6417F24711120DA034 2778624 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2016-12-14 21:11:01 AAA1C0F5FC7AEA8630F4E7E6D33CE8BB 152856 ----a-w- C:\WINDOWS\Sysnative\bcrypt.dll 2016-12-14 21:11:01 5EB75C806F170A5698DD0C79F3083074 738104 ----a-w- C:\WINDOWS\Sysnative\d3d10level9.dll 2016-12-14 21:11:01 50CB53984F493C05A06CA91D521D63FB 806912 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2016-12-14 21:11:01 421B695412FE0D5B0C0DB00C51EABA1B 1541240 ----a-w- C:\WINDOWS\Sysnative\user32.dll 2016-12-14 21:11:01 2BB3D771E5AE6DCD743E00F37BA2E3C3 445440 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2016-12-14 21:11:01 105954F9BEAD700A6DF4B5B489FCCB4B 2920960 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2016-12-14 21:11:00 CA1A040202A9D836291F2D85302CC542 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-12-26 21:26:40 0E0685EC6CC55FAD8F65FB1A0BF22B24 245288 ----a-w- C:\WINDOWS\Sysnative\drivers\hmpalert.sys 2016-12-26 21:26:40 0D525BCE4D5FFD05FA37968950BE1DAC 78256 ----a-w- C:\WINDOWS\Sysnative\drivers\hmpnet.sys 2016-12-14 21:11:01 EFC79D3224D19FD926FFEA0A24729FEF 567152 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-12-14 21:11:01 C3B0566DE49265AE98405825938C20A1 401408 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2016-12-14 21:11:01 9DA497AEAF35AA7BF7710132FC2A9906 377176 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys 2016-12-05 17:29:38 1D54A108BFAD4ED568E393518769F516 46016 ----a-w- C:\WINDOWS\Sysnative\drivers\nvvad64v.sys 2016-11-28 16:19:06 76A6FDA32A21515B67633497D8FDB1E4 990040 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-11-28 16:19:06 546B88E6906EE9813EFE314DC95E3488 422744 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2016-11-28 16:19:06 53517BC5BC4DD8B1FC860300A193E992 22360 ----a-w- C:\WINDOWS\Sysnative\drivers\cmimcext.sys 2016-11-28 16:19:06 2F10C145F517419E17203632FCDA0A13 2462040 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-11-28 16:19:06 2D39BCFA4DD1081B8F282B623456B858 922968 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys 2016-11-28 16:19:06 29C251E0D71EF099682AAE641C29184D 379224 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys ====== C:\WINDOWS\Tasks ====== 2016-12-17 09:23:06 34A35DF00AC2B061F18A237A89EB0D7E 3188 ----a-w- C:\WINDOWS\Sysnative\Tasks\OneDrive Standalone Update Task v2 ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-12-23 08:30:49 -------- d-----w- C:\Program Files\Common Files\DESIGNER ======= C:\PROGRA~2 ===== 2016-12-26 15:12:50 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2016-11-28 16:25:01 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Robbescheuten\AppData\Roaming ====== 2016-12-21 22:45:16 -------- d-----w- C:\Users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Robbescheuten ====== ====== C: exe-files == 2016-12-27 11:07:12 407A5C0367B847BEA2A8E9124588755A 2420736 ----a-w- C:\Users\Robbescheuten\Pictures\MP Navigator EX\Downloads 2016\FRST64.exe 2016-12-27 06:25:35 D254032BE91838751B23050C454EA36C 4812944 ----a-w- C:\Program Files (x86)\HitmanPro.Alert\Update Files\hmpalert.exe 2016-12-26 21:26:41 76ACA89383D1B0EE9FD71F7603DAA7B4 11581544 ----a-w- C:\Users\Robbescheuten\AppData\Local\Temp\HitmanPro_x64.exe 2016-12-26 21:26:41 76ACA89383D1B0EE9FD71F7603DAA7B4 11581544 ----a-w- C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\IE\7CZKF03G\hitmanpro_x64[1].exe 2016-12-26 21:26:40 9660A9DD4D9E3B103894FAAD4FDD6CE9 4764304 ----a-w- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe 2016-12-26 15:12:50 E464A0A92E2E354D07DDA713D3E10DE4 172488 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 2016-12-26 15:12:50 7D9C8AD6D1B503AF2C63FC5BB99AE010 88670 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 2016-12-26 15:12:35 D0BA7383DCC471146F925887747D8C26 243568 ----a-w- C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\IE\FPLYGAFV\Firefox Setup Stub 50.1.0.exe 2016-12-24 20:56:28 251E7D869DF6420B18D987914D966EF9 9977736 ----a-w- C:\Users\Robbescheuten\AppData\Local\NVIDIA\NvBackend\Packages\00009a13\DAO.21508554.exe 2016-12-24 18:03:52 90E613AEA7197DFE4D38D84BA68313A3 346512 ----a-w- C:\Users\Robbescheuten\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-12-24 18:03:50 81C12D29C071CE9DD97422849872F1ED 403856 ----a-w- C:\Users\Robbescheuten\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-12-21 22:45:16 A0209DE5BCAFDB8CA729D727AE94A75C 174048 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2016-12-21 22:45:15 BC8C3896575B06303564265742142775 42096 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe 2016-12-21 22:45:15 A27E38F50285FDC68DE4AA3D12135179 25779624 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\Dropbox.exe 2016-12-21 22:45:15 5E99A4FA833190EC87654DE2542C431C 35432 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe 2016-12-21 22:45:03 8BC9AFA2DECFCEB24DD54476715B769C 74854376 ----a-w- C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\16.4.30\DropboxClient_16.4.30.exe === C: other files == 2016-12-27 06:25:35 A3EB9E4D5C4741F3D8835A3AA78AFB49 256728 ----a-w- C:\Program Files (x86)\HitmanPro.Alert\Update Files\hmpalert.sys 2016-12-27 06:25:35 8841698F16D988793A134CA02742EC58 87592 ----a-w- C:\Program Files (x86)\HitmanPro.Alert\Update Files\hmpnet.sys 2016-12-26 21:26:40 0E0685EC6CC55FAD8F65FB1A0BF22B24 245288 ----a-w- C:\Windows\System32\drivers\hmpalert.sys 2016-12-26 21:26:40 0D525BCE4D5FFD05FA37968950BE1DAC 78256 ----a-w- C:\Windows\System32\drivers\hmpnet.sys 2016-12-26 21:17:59 9F387D442A7CC33AF6583DA0C0663356 1484406503 ----a-w- C:\Users\Robbescheuten\Dropbox\Apps\Google Download Your Data\takeout-20161226T203309Z-2.zip 2016-12-21 22:45:15 BC2A3C653B42F5C7E9D4607C2C1F69C3 63592 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys 2016-12-21 22:45:15 BC2A3C653B42F5C7E9D4607C2C1F69C3 63592 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys 2016-12-21 22:45:15 BC2A3C653B42F5C7E9D4607C2C1F69C3 63592 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys 2016-12-21 22:45:15 4032C71C9CB3F6FE1B918BD9F72B9588 75888 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys 2016-12-21 22:45:15 4032C71C9CB3F6FE1B918BD9F72B9588 75888 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys 2016-12-21 22:45:15 4032C71C9CB3F6FE1B918BD9F72B9588 75888 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys 2016-12-21 21:12:04 5252D7BC56E5E0ED715AEA8FE173A455 206080 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudmdm.sys 2016-12-21 21:11:55 73BDD44A6088916964945886F9025409 108800 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudbus.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1037555006-1929405826-4030660218-1001\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Dropbox Update"="C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Dropbox Update"="C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Corel Update Helper"="c:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe /t" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" ==== Startup Folders ====================== 2015-03-02 16:13:39 1209 ----a-w- C:\Users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-12-2016 23:05] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-1037555006-1929405826-4030660218-1001Core.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-1037555006-1929405826-4030660218-1001UA.job --a-------- C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\DropboxUpdate.exe [05-11-2016 10:18] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1037555006-1929405826-4030660218-1001Core" [C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1037555006-1929405826-4030660218-1001UA" [C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe] "C:\WINDOWS\SysNative\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe] "C:\WINDOWS\SysNative\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe] "C:\WINDOWS\SysNative\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe] "C:\WINDOWS\SysNative\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe] "C:\WINDOWS\SysNative\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\START SKYDRIVE" [C:\WINDOWS\System32\SkyDrive.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{5F2E07E3-A89B-4F8F-ADA6-FF7F73323BFA}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\ASUS\ASUS Product Register Service" [C:\Program Files (x86)\ASUS\APRP\aprp.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-10-01 21:56:11 -------- d-----w- C:\PROGRA~3\Movavi ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\ROBBES~1\AppData\Roaming\Mozilla\Firefox\Profiles\euwobhpu.default-1482759459825 user_pref("browser.startup.homepage", "http://www.google.nl/"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\euwobhpu.default-1482759459825 A053CCE40B762D17E167869B7A58AB7B - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL - Microsoft Office 2016 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ AD76B0F3348914E133455E52743C839D - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll - Shockwave for Director / Shockwave for Director E8D38E8FB6EC88E7B0E0B4D9AC9B0725 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[] Google Slides - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Facebook for Chrome - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp Solitaire - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep Google Wallet - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.nl/", "startup_urls": [ "http://www.sweet-page.com/?type=hp&ts=1410635248&from=cor&uid=ST1000DM003-1CH162_Z1D2YKB5XXXXZ1D2YKB5", "http://nieuwtabblad/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com/" "Default_Page_URL"="http://www.google.com/" "Start Page"="http://www.google.com/" "Search Page"="http://www.google.com/?q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com/" "Default_Page_URL"="http://www.google.com/" "Start Page"="http://www.google.com/" "Search Page"="http://www.google.com/?q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Robbescheuten\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - Startup: Dropbox.lnk = Robbescheuten\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://help.eset.com (HKLM) O15 - ESC Trusted Zone: http://help.eset.com (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: HitmanPro.Alert service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Robbescheuten\AppData\Local\Mozilla\Firefox\Profiles\euwobhpu.default-1482759459825\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Robbescheuten\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=44 folders=46 35998934 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Robbescheuten\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\ROBBES~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 27-12-2016 at 13:19:08,16 ======================