Zoek.exe v5.0.0.0 Updated 17-December-2014 Tool run by nightwalker on wo 17-12-2014 at 12:52:23,55. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\nightwalker\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 17-12-2014 12:54:45 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Oracle deleted successfully C:\Users\nightwalker\AppData\Roaming\Google deleted successfully C:\Users\nightwalker\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2015\avgui.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2015\avgwdsvc.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Spotnet\Spotnet\Spotnet.exe C:\Program Files\Spotnet\Spotnet\SABnzbd.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Users\nightwalker\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Windows\System32\AI_RecycleBin deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 3070 MB CPU Info: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz CPU Speed: 654,0 MHz Sound Card: Luidsprekers en Dual hoofdtelef | SPDIF (Digitaal Uit via HP Dock | Onafhankelijke Dual hoofdtelefo | Display Adapters: ATI Mobility Radeon HD 4650 | ATI Mobility Radeon HD 4650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Broadcom 802.11b/g-netwerkadapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T50L Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 48,7GB | D: 416,9GB Hard Disks - Free: C: 10,6GB | D: 34,6GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 03/23/09 | HPQOEM - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Quanta 3624 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG Internet Security 2015 disabled (Outdated) Firewall: AVG Internet Security 2015 disabled Default Browser: Google Chrome 39.0.2171.95 Internet Explorer Version: 11.0.9600.17239 Google Chrome version: 39.0.2171.95 Sun Java version: 1.7.0_71 (32-bit) Flash Player version: 15.0.0.246 Shockwave Player version: 12.1.3r153 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-12-10 12:42:39 2D1CB7022E02B05A24F30E8EF159C7BC 37141 ----a-w- C:\Windows\atiogl.xml 2014-12-10 12:00:15 2A4EA4C20FA9C6896EB51BD3A81BB1DD 1667164 ----a-w- C:\Windows\sttray.exe 2014-12-09 19:41:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ativpsrm.bin ====== C:\Users\NIGHTW~1\AppData\Local\Temp ==== ====== Java Cache ===== 2014-12-10 00:00:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\nightwalker\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-7e1f9c9c ====== C:\Windows\system32 ===== 2014-12-11 09:23:12 AB5DF6474263C63E52D1CD15BC906C14 65 ----a-w- C:\Windows\System32\lp3codec32win.dll 2014-12-10 18:04:30 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-12-10 18:04:24 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-12-10 18:04:24 279C281689A48D1CAF37338CAB312C06 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-12-10 18:04:24 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\System32\java.exe 2014-12-10 12:46:22 A9970042BE512C7981B36E689C5F3F9F 1461992 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2014-12-10 12:46:13 D4E128FAF4C678785D1774EE501180F4 1089772 ----a-w- C:\Windows\System32\oem19.inf 2014-12-10 12:44:35 9C7AB96BB3F622665B72855D4E4A7998 91488 ----a-w- C:\Windows\System32\bcmwlcoi.dll 2014-12-10 12:44:33 FC11315115CD5A6F177281DD6DA226AC 3616768 ----a-w- C:\Windows\System32\bcmihvui.dll 2014-12-10 12:44:32 88D9A98941A42DD492D8E3448D41A347 3928064 ----a-w- C:\Windows\System32\bcmihvsrv.dll 2014-12-10 12:43:10 8E4F8390AB050975FCA31A5D638E016B 204960 ----a-w- C:\Windows\System32\ativvsvl.dat 2014-12-10 12:43:10 192D37601A9C31999FA5B69B4398FBB0 157152 ----a-w- C:\Windows\System32\ativvsva.dat 2014-12-10 12:43:09 E4967563408572BA6AAFE748F7630474 600880 ----a-w- C:\Windows\System32\atiicdxx.dat 2014-12-10 12:43:02 F916F8AFC93723D619B4B7255E9ECEDE 2767808 ----a-w- C:\Windows\System32\atiumdva.cap 2014-12-10 12:43:02 27749B59F1E1C74EBE7732DAB97717DB 226504 ----a-w- C:\Windows\System32\atiapfxx.blb 2014-12-10 12:43:00 669AFE50A1F66198999759FF9BFDFD77 278528 ----a-w- C:\Windows\System32\Oemdspif.dll 2014-12-10 12:43:00 10308D3BD9E05DF0F1D01AF047AF10B4 51200 ----a-w- C:\Windows\System32\coinst.dll 2014-12-10 12:42:57 CD4829C6015B0756CEFFF439B4E2BDFC 1828864 ----a-w- C:\Windows\System32\atiumdmv.dll 2014-12-10 12:42:55 D63E708CF100B5E0969BD5EF6EB7843E 159744 ----a-w- C:\Windows\System32\atitmmxx.dll 2014-12-10 12:42:55 D304B4CBFB3BDCA74CAA40329B10192A 360448 ----a-w- C:\Windows\System32\atipdlxx.dll 2014-12-10 12:42:52 34601948115426F86BEB126785BF4016 19364864 ----a-w- C:\Windows\System32\atioglxx.dll 2014-12-10 12:42:47 BB1660BA1752B3422B7BADBAD08A66C1 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2014-12-10 12:42:47 7A5EA587B13317B01D7A7B72C8F70671 53760 ----a-w- C:\Windows\System32\atimpc32.dll 2014-12-10 12:42:47 7A5EA587B13317B01D7A7B72C8F70671 53760 ----a-w- C:\Windows\System32\amdpcom32.dll 2014-12-10 12:42:47 547D21DD66983E49601DD74AC107A81E 20992 ----a-w- C:\Windows\System32\atimuixx.dll 2014-12-10 12:42:47 09E464C7CF7767A83F8FDE08D4D19FA9 33280 ----a-w- C:\Windows\System32\atigktxx.dll 2014-12-10 12:42:45 565F64B5AD873E700704393F3BC498D7 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2014-12-10 12:42:44 2C6CB535567AE92B3F6F370D8791D6A3 46080 ----a-w- C:\Windows\System32\aticalrt.dll 2014-12-10 12:42:42 4B4F2FF217990394C0DFA99E434BEE83 11540992 ----a-w- C:\Windows\System32\aticaldd.dll 2014-12-10 12:42:41 E7F4C81EEA701081719C4D0E70427B59 44032 ----a-w- C:\Windows\System32\aticalcl.dll 2014-12-10 12:42:41 B64B5DC0205AD21FDCCF5B43112AC91C 356352 ----a-w- C:\Windows\System32\atiadlxx.dll 2014-12-10 12:42:40 3FB2B2BCCBD916838A11F7E46CF98FA6 53248 ----a-w- C:\Windows\System32\amdverag.dll 2014-12-10 12:42:40 0459111D8EC8FE772081B6CFFDB07218 43520 ----a-w- C:\Windows\System32\ati2edxx.dll 2014-12-10 12:42:39 A3CBE3C0793884559B8A4AB9F7236333 163328 ----a-w- C:\Windows\System32\atiesrxx.exe 2014-12-10 12:42:39 6D33D794C1849EA4E80F2B81D85C1127 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2014-12-10 12:42:39 0ABA2991D01B1BCAF80F543E41064B61 405504 ----a-w- C:\Windows\System32\atieclxx.exe 2014-12-10 12:02:10 F1D4AE214C5A7F3B830BBE7C6076F835 45056 ----a-w- C:\Windows\System32\ATIODCLI.exe 2014-12-10 12:02:10 749584902AE80A53EFDA4F8FA03E1713 118784 ----a-w- C:\Windows\System32\atibtmon.exe 2014-12-10 12:02:10 337E0565819A1A93D2A8AA37B5816EA2 294912 ----a-w- C:\Windows\System32\ATIODE.exe 2014-12-10 12:02:09 DFEFB7F8606A1190C24F67DD618D194F 33280 ----a-w- C:\Windows\System32\atiuxpag.dll 2014-12-10 12:02:02 5B4689F74540D2330CBF4A26280729FB 30208 ----a-w- C:\Windows\System32\atiu9pag.dll 2014-12-10 12:01:24 0742EA94E77C95144ED3BACFC85134B9 784384 ----a-w- C:\Windows\System32\aticfx32.dll 2014-12-10 12:01:00 64A0869F18560CD529120ADE00155C3E 3917 ----a-w- C:\Windows\System32\atipblag.dat 2014-12-10 12:00:56 BB9BF758D4E3428F7A32F322EA876AAF 58368 ----a-w- C:\Windows\System32\coinst_8.97.100.7.dll 2014-12-10 12:00:37 39F91F815B40787EF2139281C016E80A 84480 ----a-w- C:\Windows\System32\DelayAPO.dll 2014-12-10 12:00:22 6DC1B144C5FF0FF7DF1BC5215EDEA6C4 548352 ------w- C:\Windows\System32\stapi32.dll 2014-12-10 12:00:19 E9949823E12EAF64E1BD3BCC980C429D 380928 ----a-w- C:\Windows\System32\aestecap.dll 2014-12-10 12:00:18 50465E35588DED365E88F6397026FE9D 68192 ----a-w- C:\Windows\System32\aestaren.dll 2014-12-10 12:00:18 12EA57C66173344419321B790B423AEC 174688 ----a-w- C:\Windows\System32\aestacap.dll 2014-12-10 12:00:16 DCBADE1C40D65EFC7B95890825402221 3774 ----a-w- C:\Windows\System32\2hps.ico 2014-12-10 12:00:16 B9ED114118837CD42FAB43AB73B5E185 536576 ----a-w- C:\Windows\System32\idtmini1.exe 2014-12-10 12:00:16 4DB832701EA2D47F325ED11F012F7338 3774 ----a-w- C:\Windows\System32\bltinmic.ico 2014-12-10 12:00:16 32AED9D266AA54480A8A77C856412096 86016 ----a-w- C:\Windows\System32\AESTCom.dll 2014-12-10 12:00:16 2B2ACEEAA42B3AFA1BA86587F0191D90 17454 ----a-w- C:\Windows\System32\nbspkrs.ico 2014-12-10 12:00:15 E77A96B86F2B8EF748B2FBEF2F0A448D 6111232 ----a-w- C:\Windows\System32\stlang.dll 2014-12-10 12:00:15 CA7B1630022092864F4E26EACA9EF821 13893724 ----a-w- C:\Windows\System32\idtcpl.cpl 2014-12-10 11:58:08 F8331D3E77DE39D8A186A654718E4817 454656 ----a-w- C:\Windows\System32\stcplx.dll 2014-12-10 11:58:07 87F0E0E058C846A0C1108B98AC939509 1459712 ----a-w- C:\Windows\System32\stapo.dll 2014-12-10 11:58:05 C5795C892154F990EEE15CF71F8CEDEB 211968 ----a-w- C:\Windows\System32\st326433.dll 2014-12-10 11:57:43 C44C34DE7D1209FFC5E6EA1A98C72AF4 18752 ----a-w- C:\Windows\System32\accelerometerdll.DLL 2014-12-10 11:57:43 805525ED524689F881DC5EF59311970A 16192 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll 2014-12-10 11:57:43 361069D78E96F27647EA99A5A5789DC3 27968 ----a-w- C:\Windows\System32\hpservice.exe 2014-12-10 11:55:56 D235BAC9889B01047ABF6305BC372D73 80488 ----a-w- C:\Windows\System32\RtNicProp32.dll 2014-12-10 11:55:56 65A5BD4A43ED3C029A514E7502CD804F 100896 ----a-w- C:\Windows\System32\RTNUninst32.dll 2014-12-10 11:54:22 289BD7053FE907BD5059AEF4694D334C 203352 ----a-w- C:\Windows\System32\jmcricon.dll 2014-12-10 11:54:12 69FBB4BB4DE959F42047CA2E52BB20C3 12800 ----a-w- C:\Windows\System32\btinstall.dll 2014-12-09 19:38:17 F828DEAE2802439A91CACDE39D9B698F 245440 ----a-r- C:\Windows\System32\delnext.exe 2014-12-09 19:38:17 8AA5F65A38A56EF7B4883A5FDCE604FC 53760 ----a-r- C:\Windows\System32\cWnd.exe 2014-12-09 19:38:17 7AB1BE832AA1EE3E47071D3D1CB142E4 8192 ---ha-r- C:\Windows\System32\Thumbs.db ====== C:\Windows\system32\drivers ===== 2014-12-12 20:48:24 185ADA973B5020655CEE342059A86CBB 26840 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2014-12-10 12:46:49 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2014-12-10 12:46:23 F5ACF6DDCA0B494158C128FE15C8BF24 17408 ----a-w- C:\Windows\System32\drivers\UBSBM.sys 2014-12-10 12:46:23 EC14BD1FEA1321B415C76010DC645C45 127488 ----a-w- C:\Windows\System32\drivers\UB1394.sys 2014-12-10 12:46:23 DE56CBDF4B3FE7FDFB038D2A752328D3 116736 ----a-w- C:\Windows\System32\drivers\ubohci.sys 2014-12-10 12:46:23 5FACD5B5E27AEB194CA6F980081559E3 17032 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys 2014-12-10 12:46:23 56F06F0E7A2A75A1CB6EAA732EAD3138 46592 ----a-w- C:\Windows\System32\drivers\UBUMAPI.sys 2014-12-10 12:44:44 F2E872E66C6D5BE72C25B5312906DB02 4269160 ----a-w- C:\Windows\System32\drivers\BCMWL6.SYS 2014-12-10 12:43:02 A09A1B67047A1F19C17BAC14248D5AC6 265216 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2014-12-10 12:43:00 2345F778B172C7B2CF4FC74E9E189318 9164800 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2014-12-10 12:42:40 1C0E9EA47E076E6D1F2CF60DB2931644 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2014-12-10 12:00:38 9E65DC266E8289116790599DD7D69087 79872 ----a-w- C:\Windows\System32\drivers\AtihdW73.sys 2014-12-10 11:58:16 E2E776F435B7D0691C6FDF4B66D4032C 452096 ----a-w- C:\Windows\System32\drivers\stwrt.sys 2014-12-10 11:57:45 943297AA998EA2B4A4E9E9DAA9954729 37696 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys 2014-12-10 11:57:45 91AB80156F5DF5B1495A687E5047961B 27968 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys 2014-12-10 11:57:24 B17792EB99401D59EBCA4A07C34004F8 23136 ----a-w- C:\Windows\System32\drivers\johci.sys 2014-12-10 11:57:24 8334ED726C59F72E6FC8495479F43FA2 65360 ----a-w- C:\Windows\System32\drivers\enecir.sys 2014-12-10 11:57:06 45FC48942DCEE2D618F3ED7645F41EDF 25656 ----a-w- C:\Windows\System32\drivers\iaStorF.sys 2014-12-10 11:57:06 3B32AB8A5A5F02600F740BE016F413FC 526904 ----a-w- C:\Windows\System32\drivers\iaStorA.sys 2014-12-10 11:56:03 9AA3A8EBB12201D24211AB003612BA04 614624 ----a-w- C:\Windows\System32\drivers\Rt86win7.sys 2014-12-10 11:54:29 C4586CC52D70E9DB5D41A679C45DF0AB 148208 ----a-w- C:\Windows\System32\drivers\jmcr.sys 2014-12-10 11:54:13 A0FA6266B79CD192CABE1E2B19C1F1DF 36856 ----a-w- C:\Windows\System32\drivers\btcusb.sys ====== C:\Windows\Tasks ====== 2014-12-14 00:14:01 7AE41DA18C860A5D94AE177598D85CFA 1044 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-14 00:14:01 41B2EB788AC0649BFCE3146787EAFF24 4040 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2014-12-14 00:14:00 A388A68A1297FECFD56C341B8A864333 3788 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2014-12-14 00:14:00 00ED0824DF54129493CA4CA55FC918FE 1040 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-15 19:54:04 -------- d-----w- C:\Program Files\trend micro 2014-12-14 00:13:56 -------- d-----w- C:\Program Files\Google 2014-12-12 20:48:02 -------- d-----w- C:\Program Files\iPod 2014-12-12 20:48:01 -------- d-----w- C:\Program Files\iTunes 2014-12-12 20:47:46 -------- d-----w- C:\Program Files\Apple Software Update 2014-12-12 20:47:13 -------- d-----w- C:\Program Files\Common Files\Apple 2014-12-11 09:08:23 -------- d-----w- C:\Program Files\SuperMp3Normalizer 2014-12-10 18:04:34 -------- d-----w- C:\Program Files\Common Files\Java 2014-12-10 18:04:18 -------- d-----w- C:\Program Files\Java 2014-12-10 12:00:03 -------- d-----w- C:\Program Files\IDT 2014-12-09 23:35:12 -------- d-----w- C:\Program Files\AVG 2014-12-09 21:30:55 -------- d-----w- C:\Program Files\Spotnet 2014-12-09 19:38:17 -------- d-----w- C:\Program Files\Autoruns ======= C: ===== ====== C:\Users\nightwalker\AppData\Roaming ====== 2014-12-14 00:19:26 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Google 2014-12-14 00:13:56 -------- d-----w- C:\Users\nightwalker\AppData\Local\Google 2014-12-12 20:48:34 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\Apple Computer 2014-12-12 20:48:34 -------- d-----w- C:\Users\nightwalker\AppData\Local\Apple Computer 2014-12-12 20:47:48 -------- d-----w- C:\Users\nightwalker\AppData\Local\Apple 2014-12-12 20:47:43 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer 2014-12-10 00:00:37 -------- d-----w- C:\Users\nightwalker\AppData\Locallow\Sun 2014-12-09 23:36:28 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\AVG2015 2014-12-09 23:36:09 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2015 2014-12-09 23:35:51 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\TuneUp Software 2014-12-09 23:35:13 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2015 2014-12-09 23:23:27 -------- d-----w- C:\Users\nightwalker\AppData\Local\Avg2015 2014-12-09 23:20:55 -------- d-----w- C:\Users\nightwalker\AppData\Local\Avg2014 2014-12-09 21:38:24 -------- d-----w- C:\Users\nightwalker\AppData\Local\Spotnet 2014-12-09 21:34:52 053128E1F9BE0281A17ED09249AD4444 58016 ----a-w- C:\Users\nightwalker\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-09 21:30:48 -------- d-----w- C:\Users\nightwalker\AppData\Local\Programs 2014-12-09 21:29:49 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\Spotnet 2014-12-09 21:27:03 -------- d-s---w- C:\Users\nightwalker\AppData\Locallow\Microsoft 2014-12-09 21:27:00 -------- d-sh--w- C:\Users\nightwalker\AppData\Local\EmieUserList 2014-12-09 21:27:00 -------- d-sh--w- C:\Users\nightwalker\AppData\Local\EmieSiteList 2014-12-09 20:27:10 -------- d-----r- C:\Users\nightwalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-12-09 20:27:02 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\Identities 2014-12-09 20:26:55 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\Adobe 2014-12-09 20:26:44 -------- d-s---w- C:\Users\nightwalker\AppData\Roaming\Microsoft 2014-12-09 20:26:44 -------- d-----w- C:\Users\nightwalker\AppData\Roaming\Media Center Programs 2014-12-09 20:26:44 -------- d-----w- C:\Users\nightwalker\AppData\Local\Temp 2014-12-09 20:26:44 -------- d-----w- C:\Users\nightwalker\AppData\Local\Microsoft 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-09 19:43:30 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-09 19:38:17 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-12-09 19:38:17 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ====== C:\Users\nightwalker ====== 2014-12-16 23:25:58 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\nightwalker\Downloads\RSIT (1).exe 2014-12-15 19:52:19 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\nightwalker\Downloads\RSIT.exe 2014-12-14 00:15:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-14 00:14:38 -------- d-----w- C:\ProgramData\Google 2014-12-12 20:48:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-12-12 20:48:01 -------- d-----w- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2014-12-12 20:48:01 -------- d-----w- C:\ProgramData\Apple Computer 2014-12-12 20:47:13 -------- d-----w- C:\ProgramData\Apple 2014-12-12 20:44:44 F2950B0376EBFFB13E6A2A1EA119488A 109829936 ----a-w- C:\Users\nightwalker\Downloads\iTunesSetup.exe 2014-12-10 18:04:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-09 23:35:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-12-09 23:35:23 -------- d-----w- C:\ProgramData\AVG2015 2014-12-09 23:20:55 -------- d--h--w- C:\ProgramData\Common Files 2014-12-09 21:34:48 -------- d-----w- C:\ProgramData\Spotnet 2014-12-09 20:27:10 -------- d-----r- C:\Users\nightwalker\Searches 2014-12-09 20:27:01 -------- d-----r- C:\Users\nightwalker\Contacts 2014-12-09 20:26:45 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\nightwalker\ntuser.ini 2014-12-09 20:26:44 -------- d--h--w- C:\Users\nightwalker\AppData 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Videos 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Saved Games 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Pictures 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Music 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Links 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Favorites 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Downloads 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Documents 2014-12-09 20:26:44 -------- d-----r- C:\Users\nightwalker\Desktop ====== C: exe-files == 2014-12-17 00:04:48 AF4E42F9F50AC917B4E4564B74F66350 17928553 ----a-w- C:\Users\nightwalker\Desktop\software\Espos Kassa Software\Espos 2014\UpdateUS363-2014-04.exe 2014-12-17 00:04:46 E43997C460AD1EED42F548C7AE89FCD1 15918882 ----a-w- C:\Users\nightwalker\Desktop\software\Espos Kassa Software\Espos 2014\Demo_Detail_us.exe 2014-12-17 00:04:45 7AFFFC063200B0C2422649DAD8899DAD 8765952 ----a-w- C:\Users\nightwalker\Desktop\software\Engelmann Media Photomizer Scan 2012824\Password-Protected-PS_2.012.824\Medicine\Crack\Photomizer Scan 2.exe 2014-12-17 00:04:44 C4C2E401021F08A62837CFFDCE8B8274 14473208 ----a-w- C:\Users\nightwalker\Desktop\software\Engelmann Media Photomizer Scan 2012824\Password-Protected-PS_2.012.824\Install\photomizerscan2.exe 2014-12-16 23:54:31 7C77FFBA47E73F8BD777B6BE6549C75B 23044120 ----a-w- C:\Users\nightwalker\Desktop\software\MAGIX Video Deluxe 2014 Premium v130030\magix.2014\Video_deluxe_2014_Premium_NewBlueFX_ColorFast_INT_130816_15-37_1_0_0_0.exe 2014-12-16 23:54:26 D24B8B88846E564E06F831C7EFCAB22F 332492504 ----a-w- C:\Users\nightwalker\Desktop\software\MAGIX Video Deluxe 2014 Premium v130030\magix.2014\Video_deluxe_2014_Premium_DLV_de-DE_130823_15-38_13_0_0_30.exe 2014-12-16 23:53:47 51C17EFA65FA70A0D7E6B42592780180 518925160 ----a-w- C:\Users\nightwalker\Desktop\software\Magix Photostory 2014 Deluxe 130185\Fotos_auf_DVD_2014_Deluxe_en-II_130927_10-13_13_0_1_85.exe 2014-12-16 23:53:01 47BB6CE86D6DCEDFBDA5B3DCE69D0D6D 121564584 ----a-w- C:\Users\nightwalker\Desktop\software\MAGIX MP3 deluxe MX v1801112\8080\_15-21_18_0_1_112.exe 2014-12-16 23:52:52 9D03D4F3C37ABEB49CE46F7C2D4FDE48 2655744 ----a-w- C:\Users\nightwalker\Desktop\software\Kerio Connect 840 32 bit REPOST\Kerio_Keygen.exe 2014-12-16 23:52:51 B4ABF917F5AABB54E8CFF4B77F898344 205667952 ----a-w- C:\Users\nightwalker\Desktop\software\Kerio Connect 840 32 bit REPOST\kerio-connect-8.4.0-3525-win32.exe 2014-12-16 23:52:43 48AA8C4215E554239D8F702BEB1769DA 139264 ----a-w- C:\Users\nightwalker\Desktop\software\Kasboek & Winstbepaling\Setup.exe 2014-12-16 23:52:43 0717F2FD9320BB8DBBB111F3E1889099 2475400 ----a-w- C:\Users\nightwalker\Desktop\software\KeePass Password Safe 2220\dfpiojhgtjhiofpnjfoijhiopfgpiojehgg\KeePass-2.22-Setup.exe 2014-12-16 23:52:42 44C03FE579A7B465277DF20520F5AB8F 20310170 ----a-w- C:\Users\nightwalker\Desktop\software\KanzSoftwareSoundNormalizerv572\Setup.exe 2014-12-16 23:50:36 716DE52A52DD98037BA3DCC9F89B169D 8277261 ----a-w- C:\Users\nightwalker\Desktop\software\BPM Studio - Professionele mixer voor mp3's\Bpm Studio.exe 2014-12-16 23:48:54 2137E1B524EE547B9DC23838AD7E80DD 25855776 ----a-w- C:\Users\nightwalker\Desktop\software\Ashampoo HDD Control 30040 Corporate Edition Nederlands\Forum Citp\Setup Newzbin 1.0.4.0.exe 2014-12-16 23:48:51 8BC572523C5C580A4007D655674F3E37 18216904 ----a-w- C:\Users\nightwalker\Desktop\software\Ashampoo HDD Control 30040 Corporate Edition Nederlands\ashampoo_hdd_control_3_corporate_3.00.40_sm.exe 2014-12-16 23:48:49 2137E1B524EE547B9DC23838AD7E80DD 25855776 ----a-w- C:\Users\nightwalker\Desktop\software\84 Apps & Themes Android\Forum Citp\Setup Newzbin 1.0.4.0.exe 2014-12-15 19:54:05 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\nightwalker.exe 2014-12-14 00:19:33 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe 2014-12-14 00:19:33 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe 2014-12-14 00:19:32 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe 2014-12-14 00:19:27 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe 2014-12-14 00:19:27 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe 2014-12-14 00:19:27 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe 2014-12-14 00:19:27 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe 2014-12-14 00:19:25 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe 2014-12-14 00:15:41 205E775B4B2C165922203A390B115523 40747600 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.95\39.0.2171.95_chrome_installer.exe 2014-12-14 00:14:44 5D61BE7DB55B026A5D61A3EED09D0EAD 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2014-12-14 00:14:43 5D4BC124FAAE6730AC002CDB67BF1A1C 194032 ----a-w- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 2014-12-14 00:14:40 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 2014-12-14 00:14:40 211F96EB417FF837A70F5130E63A1A45 400840 ----a-w- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_64.exe 2014-12-14 00:14:39 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe 2014-12-14 00:14:39 4C401FCC6D0C95E1A5D989E403E18F2F 1072072 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe 2014-12-14 00:14:39 4BEAF576CB43358C4DB9F45AC7C09CDB 194032 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe 2014-12-14 00:14:39 4B78E9AE06F7C310E30EE2FA5B7EBC3C 1721296 ----a-w- C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe 2014-12-14 00:14:39 211F96EB417FF837A70F5130E63A1A45 400840 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe 2014-12-14 00:14:39 1F2AFAB903C0D48480561F3BBD4539C2 739640 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe 2014-12-14 00:14:28 5A6381E0AFB4E0B9FD318C1C76EFE9DC 5030744 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe 2014-12-14 00:13:58 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe 2014-12-11 23:27:31 DDD02649C79784124AB9B061E648A2B1 10344111 ----a-w- C:\Users\nightwalker\Desktop\software\spotnet_v1811.exe 2014-12-11 23:27:22 6CB5F66D6AC3A52DEED412B82B351238 8188082 ----a-w- C:\Users\nightwalker\Desktop\software\K-Lite Mega Codec Pack 704 UK\K-Lite Mega Codec Pack 7.0.4 UK\K-Lite Mega Codec Pack Update 7.0.4.exe 2014-12-11 23:27:20 AE9DB618DCBD96449E4E20B7B51CF5B8 20149737 ----a-w- C:\Users\nightwalker\Desktop\software\K-Lite Mega Codec Pack 704 UK\K-Lite Mega Codec Pack 7.0.4 UK\K-Lite Mega Codec Pack 7.0.0.exe 2014-12-11 23:27:18 6CB5F66D6AC3A52DEED412B82B351238 8188082 ----a-w- C:\Users\nightwalker\Desktop\software\K-Lite Mega Codec Pack 704 UK\K-Lite Mega Codec Pack 7.0.4 UK\K-Lite Mega Codec Pack Update 7.0.4_2.exe 2014-12-11 23:27:17 AE9DB618DCBD96449E4E20B7B51CF5B8 20149737 ----a-w- C:\Users\nightwalker\Desktop\software\K-Lite Mega Codec Pack 704 UK\K-Lite Mega Codec Pack 7.0.4 UK\K-Lite Mega Codec Pack 7.0.0_2.exe 2014-12-11 23:27:15 DD6050E68BE8CBA6A6203F7872331214 14744456 ----a-w- C:\Users\nightwalker\Desktop\software\K-Lite Codec Pack Full 704\K-Lite_Codec_Pack_700_Full.exe 2014-12-11 23:27:15 6CB5F66D6AC3A52DEED412B82B351238 8188082 ----a-w- C:\Users\nightwalker\Desktop\software\K-Lite Codec Pack Full 704\klcp_update_704_20110307.exe 2014-12-11 23:27:15 085374060487DA57C69560A15E842FB4 40154592 ----a-w- C:\Users\nightwalker\Desktop\software\EsetNod pack by pliek\Part 2\ESS4BUSINESS-x86-v4.2.35.0.EXE 2014-12-11 23:27:12 1EAF059CFFDB8D3C7BECE3A01B146FD0 43219525 ----a-w- C:\Users\nightwalker\Desktop\software\EsetNod pack by pliek\Part 2\ESS4BUSINESS-x64-v4.2.35.0.EXE 2014-12-11 23:27:09 475F180C2E8AADF513F275AC09C2B7CC 945504 ----a-w- C:\Users\nightwalker\Desktop\software\EsetNod pack by pliek\Part 2\ESS4-NLD-PACK.EXE 2014-12-11 23:27:09 124BB60FFD7F5016CA7EDFDECDCD7264 36749730 ----a-w- C:\Users\nightwalker\Desktop\software\EsetNod pack by pliek\Part 2\EAV4-x86-v4.2.35.0.EXE 2014-12-11 23:27:06 73AE0F53C8A823C17DAFF1D01C3C5D1D 39425453 ----a-w- C:\Users\nightwalker\Desktop\software\EsetNod pack by pliek\Part 2\EAV4-x64-v4.2.35.0.EXE 2014-12-11 23:27:04 3BBAF13E66422B20FA2A41023D30A935 945523 ----a-w- C:\Users\nightwalker\Desktop\software\EsetNod pack by pliek\Part 2\EAV4-NLD-PACK.EXE 2014-12-11 23:26:44 DD541E960ACC806A801A446F27404BA8 670720 ----a-w- C:\Users\nightwalker\Desktop\software\AVS Video Converter 713484 NL\patch\avs4you.all.products.activator.v1.3b.exe 2014-12-11 23:26:43 CB179EF2EE36668F68ACEF3A2C91B9B4 62837312 ----a-w- C:\Users\nightwalker\Desktop\software\AVS Video Converter 713484 NL\AVSVideoConverter.exe 2014-12-11 09:08:23 DFA5C231108B9EB3AC394FA070F6432A 1705005 ----a-w- C:\Program Files\SuperMp3Normalizer\SuperMp3Normalizer.EXE 2014-12-10 18:04:19 EEFD7F935D944118FED39D3041352990 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-12-10 18:04:19 EAFDA2D17FF6CC0B2AFEE21E9134EBF8 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-12-10 18:04:19 E04E87CDF6CA797BA7C8EA45228FE9E0 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-12-10 18:04:19 DD8E9CE0BDF8CE1131004673D9C5444D 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-12-10 18:04:19 DBDB1A25291B2D18C614F5CA963156A8 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-12-10 18:04:19 DB769E9AE525963168BD4B60BFBF55EB 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-12-10 18:04:19 D3BC8953C21770FC147064B0BAE78063 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-12-10 18:04:19 CBE8C6FAEDBA9A2C2577133F0321CBD8 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-12-10 18:04:19 C935769C537A94BC026BD813015DA450 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-12-10 18:04:19 BFEC01FEA21A749C43DE15F1644E7900 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-12-10 18:04:19 BDB4ABB929ADBC7B98E1087830809564 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-12-10 18:04:19 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-12-10 18:04:19 9FF29AE2E75939EFF8A390AD51F5FEFF 50088 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-12-10 18:04:19 9D9A28606B59C3D8D8FD1F7704AAAD81 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-12-10 18:04:19 93F297984DB0561694F6454A3066D542 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-12-10 18:04:19 93CFE0C1473D2220FBDA2A9C08848F34 75688 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-12-10 18:04:19 74222EDB01CF2D9865D8AC1EEE7C5B63 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-12-10 18:04:19 6DCF8B667B6C9AD851B2B5CB256521ED 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-12-10 18:04:19 6A4970A237A9FE01A36C4181E2A8C1B0 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-12-10 18:04:19 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-12-10 18:04:19 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-12-10 18:03:34 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\nightwalker\AppData\LocalLow\Sun\Java\jre1.7.0_71\lzma.exe === C: other files == 2014-12-12 20:48:24 185ADA973B5020655CEE342059A86CBB 26840 -c--a-w- C:\Windows\System32\DRVSTORE\GEARAspiWD_1E13C24EB2F28CB6915317F7F17F180ECAA0DB1E\x86\GEARAspiWDM.sys 2014-12-12 20:48:24 185ADA973B5020655CEE342059A86CBB 26840 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2014-12-10 18:04:19 EC9D939B904C3A942484AFB3293AA413 18714 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 2014-12-10 12:46:23 F5ACF6DDCA0B494158C128FE15C8BF24 17408 ----a-w- C:\Windows\System32\DriverStore\FileRepository\ub1394.inf_x86_neutral_d87de3918d02504f\WinXP\UBSBM.sys 2014-12-10 12:46:23 F5ACF6DDCA0B494158C128FE15C8BF24 17408 ----a-w- C:\Windows\System32\drivers\UBSBM.sys 2014-12-10 12:46:23 EC14BD1FEA1321B415C76010DC645C45 127488 ----a-w- C:\Windows\System32\DriverStore\FileRepository\ub1394.inf_x86_neutral_d87de3918d02504f\WinXP\UB1394.sys 2014-12-10 12:46:23 EC14BD1FEA1321B415C76010DC645C45 127488 ----a-w- C:\Windows\System32\drivers\UB1394.sys 2014-12-10 12:46:23 DE56CBDF4B3FE7FDFB038D2A752328D3 116736 ----a-w- C:\Windows\System32\DriverStore\FileRepository\ub1394.inf_x86_neutral_d87de3918d02504f\WinXP\ubohci.sys 2014-12-10 12:46:23 DE56CBDF4B3FE7FDFB038D2A752328D3 116736 ----a-w- C:\Windows\System32\drivers\ubohci.sys 2014-12-10 12:46:23 5FACD5B5E27AEB194CA6F980081559E3 17032 ----a-w- C:\Windows\System32\DriverStore\FileRepository\iusb3hcs.inf_x86_neutral_e04960cf8c173166\iusb3hcs.sys 2014-12-10 12:46:23 5FACD5B5E27AEB194CA6F980081559E3 17032 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys 2014-12-10 12:46:23 56F06F0E7A2A75A1CB6EAA732EAD3138 46592 ----a-w- C:\Windows\System32\DriverStore\FileRepository\ub1394.inf_x86_neutral_d87de3918d02504f\WinXP\UBUMAPI.sys 2014-12-10 12:46:23 56F06F0E7A2A75A1CB6EAA732EAD3138 46592 ----a-w- C:\Windows\System32\drivers\UBUMAPI.sys 2014-12-10 12:44:44 F2E872E66C6D5BE72C25B5312906DB02 4269160 ----a-w- C:\Windows\System32\DriverStore\FileRepository\bcmwl6.inf_x86_neutral_b9e2a8769ffdafbd\BCMWL6.SYS 2014-12-10 12:44:44 F2E872E66C6D5BE72C25B5312906DB02 4269160 ----a-w- C:\Windows\System32\drivers\BCMWL6.SYS 2014-12-10 12:43:02 A09A1B67047A1F19C17BAC14248D5AC6 265216 ----a-w- C:\Windows\System32\DriverStore\FileRepository\cw136791.inf_x86_neutral_876982a3a17584cd\B136182\atikmpag.sys 2014-12-10 12:43:02 A09A1B67047A1F19C17BAC14248D5AC6 265216 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2014-12-10 12:43:00 2345F778B172C7B2CF4FC74E9E189318 9164800 ----a-w- C:\Windows\System32\DriverStore\FileRepository\cw136791.inf_x86_neutral_876982a3a17584cd\B136182\atikmdag.sys 2014-12-10 12:43:00 2345F778B172C7B2CF4FC74E9E189318 9164800 ----a-w- C:\Windows\System32\drivers\atikmdag.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-27500725-2561073579-1599841725-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex" ==== Startup Folders ====================== 2014-12-09 19:38:17 3084 ----a-r- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD 2014-12-09 19:38:17 3084 ----a-r- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11-12-2014 00:17] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [14-12-2014 01:13] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [14-12-2014 01:13] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] ==== Chromium Look ====================== Google Slides - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - nightwalker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Default_Page_URL"="http://www.powerboosters.org" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{B3333E71-7C5C-434C-844D-5F3C6202438F}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" {B3333E71-7C5C-434C-844D-5F3C6202438F} Google Url="https://www.google.com/search?q={searchTerms}" ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe ==== Empty IE Cache ====================== C:\Users\nightwalker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\nightwalker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1 folders=4 77 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\nightwalker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\NIGHTW~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 17-12-2014 at 15:25:42,14 ======================