Zoek.exe v5.0.0.0 Updated 14-December-2014 Tool run by Paul on ma 15/12/2014 at 13:21:13,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Paul\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 15/12/2014 13:24:05 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\VS Revo Group deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\Users\Paul\AppData\Local\photoOptimizeHistoryDataBase deleted successfully C:\Users\Paul\AppData\Local\VirtualStore deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Adobe Speed Launcher"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Wise\Wise Care 365 not found C:\Windows\AutoKMS deleted "C:\Windows\tasks\AutoKMS.job" deleted "C:\Windows\tasks\Wise Care 365.job" deleted "C:\Windows\tasks\Wise Turbo Checker.job" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Paul\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-14 12:44:38 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2014-12-14 12:44:38 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll 2014-12-14 12:44:37 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2014-12-14 12:44:37 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2014-12-14 12:44:37 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll 2014-12-12 17:55:59 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-12 17:55:54 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-12-12 17:55:54 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-12-12 17:55:54 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-12-12 17:55:54 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-12-12 17:55:54 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-12 17:55:54 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-12 17:55:53 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-12-12 17:55:53 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-12-12 17:55:53 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-12-12 17:55:52 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-12-12 17:55:52 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-12-12 17:55:52 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-12-12 17:55:52 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-12-12 17:55:51 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-12-12 17:55:51 D90585C3BE942DAAFBDC868FDC061844 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-12 17:55:51 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-12-12 17:55:51 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-12-12 17:55:50 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-12-12 17:55:50 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-12-12 17:55:50 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-12-12 17:55:48 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-12-12 17:55:48 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-12-12 17:55:48 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-12 17:55:47 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-12-12 17:55:46 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-12-12 17:55:46 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-12 17:53:41 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-12 17:53:41 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll 2014-12-12 17:53:40 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-12 17:53:40 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-12 17:53:40 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\SysWOW64\WsmAuto.dll 2014-12-12 17:53:40 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-12 17:53:35 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-14 12:44:38 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe 2014-12-14 12:44:38 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe 2014-12-14 12:44:38 63578DB847FCC40883CB8F303E785D46 2048 ----a-w- C:\Windows\Sysnative\mferror.dll 2014-12-14 12:44:37 9797A23F773C0782A0D91BEC44054166 206848 ----a-w- C:\Windows\Sysnative\mfps.dll 2014-12-14 12:44:36 6E1DDE0E72FB8268F42F6777CE4C5036 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2014-12-12 17:56:02 985558125FEEC89AB4AD142158B066D7 830976 ----a-w- C:\Windows\Sysnative\appraiser.dll 2014-12-12 17:56:02 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2014-12-12 17:56:01 F0356290BA3940F31AFF5566501495F7 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-12-12 17:56:01 E00981CF227CEEBE7B5A8D99C76D1116 741376 ----a-w- C:\Windows\Sysnative\invagent.dll 2014-12-12 17:56:01 D257AF48934D2167BE15AA4008176381 1083392 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-12-12 17:56:00 DAF13A81A5FC895D68B1D9A72F65F4CB 413184 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-12-12 17:56:00 5CD6E919CE938A98AB25A2EA2C8C4EDA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-12-12 17:56:00 4253086737D81D7C9C160FDE6C037F44 396800 ----a-w- C:\Windows\Sysnative\devinv.dll 2014-12-12 17:55:59 A9A0BFD706B3A24C403EEFEB0790D011 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2014-12-12 17:55:54 F987718A5CA053DC23E94A531F1754A4 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-12-12 17:55:54 D471F7A428C21DB04D810445D12D68E0 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-12-12 17:55:54 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-12-12 17:55:54 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-12-12 17:55:54 077AEB068A51B396F25BBCAB0944FC3A 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-12-12 17:55:53 9F07E8FC75C5F98A783ABFD3005EFC22 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-12-12 17:55:52 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-12-12 17:55:52 5BF0BAA1E5EF724287565E97C9219254 389296 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-12-12 17:55:51 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-12-12 17:55:51 B4E481E9498CE22113628C4E9EA24427 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-12-12 17:55:50 23AE7A3B44D5C550B81347288CE3230E 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-12-12 17:55:50 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-12-12 17:55:50 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-12-12 17:55:49 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-12-12 17:55:49 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-12-12 17:55:49 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-12-12 17:55:47 DFECAE6D925FBC9078870E16F98C471F 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-12-12 17:55:47 5F24313333AB409251152CAFADA40015 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-12-12 17:55:45 F7CCA58B973FB5EAED8D1F12DD3E51F6 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-12-12 17:55:45 8EF01E2EF21D41A23FF70B28179F9ABE 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-12-12 17:55:45 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-12-12 17:55:44 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-12-12 17:55:44 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-12-12 17:55:44 7AC115968B8856004920057B2271224C 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-12-12 17:55:44 021DFF3CB0ADCD19B3AAA00A650FDEE2 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-12-12 17:55:43 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-12-12 17:55:43 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-12-12 17:55:42 89296EF4A3729A049DA25B7D67A04078 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-12-12 17:55:42 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-12-12 17:55:41 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-12-12 17:53:42 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\Sysnative\charmap.exe 2014-12-12 17:53:41 FDEB5EE2E4DB9DE9251DDAF6A5BCA070 346624 ----a-w- C:\Windows\Sysnative\WSManMigrationPlugin.dll 2014-12-12 17:53:41 D929ABD465A2DED963DA8B30946A8D5C 2020352 ----a-w- C:\Windows\Sysnative\WsmSvc.dll 2014-12-12 17:53:41 9B44CABE3536D0E3BF627176318AAFC9 181248 ----a-w- C:\Windows\Sysnative\WsmAuto.dll 2014-12-12 17:53:41 5C642B7B0365305451D579F3EFAD57D4 310272 ----a-w- C:\Windows\Sysnative\WsmWmiPl.dll 2014-12-12 17:53:41 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\Sysnative\WSManHTTPConfig.exe 2014-12-12 17:53:35 A026998E927FD2095505154CBD72F35B 2048 ----a-w- C:\Windows\Sysnative\tzres.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-14 13:50:12 435DCC78057A57965DA660A85A0922DE 135384 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-12-14 13:49:56 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-12-14 13:49:56 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-12-14 13:49:56 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-12-12 17:55:58 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-14 14:56:28 -------- d-----w- C:\Program Files\trend micro 2014-12-14 14:54:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Paul\AppData\Roaming ====== 2014-12-14 14:55:06 -------- d-----w- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com 2014-12-14 14:25:50 75F0A862E36DCE4711518A99715B72E4 144488 ----a-w- C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\Paul ====== 2014-12-14 15:24:12 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Users\Paul\Downloads\mbar-1.08.2.1001.exe 2014-12-14 14:54:57 01779B724FA5FD93377759C3549D7CBA 1812 ----a-w- C:\Users\Paul\SUPERAntiSpyware Free Edition.lnk 2014-12-14 14:54:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-12-14 14:54:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2014-12-06 12:15:25 -------- d-----w- C:\Users\Paul\PlusdansWE 2014-12-06 12:13:50 5B58C9098897EEA65D8A2CCF040C9379 379 ----a-w- C:\Users\Paul\Lexar (F) - Snelkoppeling.lnk 2014-12-05 19:30:06 -------- d-----w- C:\Users\Paul\CURSUS PLUSDANS 08 11 2014 - FILMEN in Mpeg 2014-12-05 19:29:53 -------- d-----w- C:\Users\Paul\CURSUS PLUSDANS 08 11 2014 - Muziek in MP3 2014-11-20 16:40:15 -------- d-----w- C:\Users\Paul\Dansen 2014 cursus ====== C: exe-files == 2014-12-14 15:24:12 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Users\Paul\Downloads\mbar-1.08.2.1001.exe 2014-12-14 14:56:29 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Paul.exe 2014-12-14 12:48:02 450BDEE760894CE151404E41819E964F 1097808 ----a-w- C:\Program Files (x86)\Google\Update\Install\{B4A0C5DB-A039-49E3-A54C-94273DEA7729}\39.0.2171.95_39.0.2171.71_chrome_updater.exe 2014-12-14 12:48:02 450BDEE760894CE151404E41819E964F 1097808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_39.0.2171.71_chrome_updater.exe 2014-12-14 12:44:38 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2014-12-14 12:44:38 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\System32\mfpmp.exe 2014-12-14 12:44:38 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\System32\rrinstaller.exe 2014-12-14 12:44:37 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2014-12-12 17:56:02 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\System32\aitstatic.exe 2014-12-12 17:56:02 65536EB5F53B76562BBE0DE332A8BA3C 66216 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2014-12-12 17:56:00 CCEE34CF7D700825AD839FAB298A0129 46760 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-12-12 17:56:00 A192555B09BD2A45940D7E449F311AF6 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-12-12 17:55:54 A8A8FD02E3A9264A603892DE1F522166 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-12-12 17:55:54 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-12-12 17:55:54 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-12-12 17:55:52 B7BCC767AC0E76384BCDC292184DD8C8 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-12-12 17:55:52 43CE0C99DBC0F96DB2B7259B0BE0930E 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-12-12 17:55:51 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-12-12 17:55:51 D90585C3BE942DAAFBDC868FDC061844 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-12 17:55:51 A24BFBAE8B50A6780B68FF3673FAB52F 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-12-12 17:55:49 C3D17F3199D39A2AB85956A63731F188 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-12-12 17:55:48 2A9DA9E7462EBA3F6D2036E8D18FF773 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-12-12 17:55:47 5F24313333AB409251152CAFADA40015 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-12-12 17:53:42 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\System32\charmap.exe 2014-12-12 17:53:41 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-12 17:53:41 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2014-12-12 17:53:40 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-12 17:53:35 BE8F985609BE0809B7E29960AC997511 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe === C: other files == 2014-12-14 13:50:12 435DCC78057A57965DA660A85A0922DE 135384 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-12-14 13:49:56 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-12-14 13:49:56 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-12-14 13:49:56 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-12-12 17:55:58 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3908156236-2816314991-2886261593-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "Dolby Advanced Audio v2"="C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe -autostart" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/11/2014 18:34] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/11/2014 18:34] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ASC7U_SkipUac_Paul" [C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe /SkipUac] "C:\Windows\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5 folders=1 2091 bytes) ==== EOF on ma 15/12/2014 at 13:30:29,75 ======================