
Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Laurens on za 25/04/2015 at 20:53:11,31.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Laurens\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2015-04-14-104109.log	36536 bytes
C:\zoek-results2015-04-14-155947.log	29425 bytes
C:\zoek-results2015-04-23-170742.log	1969 bytes

==== Hosts File Content ======================

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [a2AntiMalware] - Emsisoft Protection Service - c:\program files (x86)\emsisoft anti-malware\a2service.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
R2 - [cfWiMAXService] - ConfigFree WiMAX Service - c:\program files (x86)\toshiba\configfree\cfiwmxsvcs64.exe
R2 - [ConfigFree Service] - ConfigFree Service - c:\program files (x86)\toshiba\configfree\cfsvcs.exe
R2 - [CTDevice_Srv] - CT Device Query service - c:\program files (x86)\creative\shared files\ctdevsrv.exe
R2 - [HitmanProScheduler] - HitmanPro Scheduler - c:\program files\hitmanpro\hmpsched.exe
R2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe
R2 - [McAPExe] - McAfee AP Service - c:\program files\mcafee\msc\mcapexe.exe
R2 - [mccspsvc] - McAfee CSP Service - c:\program files\common files\mcafee\csp\1.3.374.0\mccspservicehost.exe
R2 - [mfefire] - McAfee Firewall Core Service - c:\program files\common files\mcafee\systemcore\\mfefire.exe
R2 - [mfemms] - McAfee Service Controller - c:\program files\common files\mcafee\systemcore\\mfemms.exe
R2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe
R2 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe
R2 - [RealPlayer Cloud Service] - RealPlayer Cloud Service - c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - c:\program files (x86)\real\updateservice\realplayerupdatesvc.exe
R2 - [TemproMonitoringService] - Notebook Performance Tuning Service (TEMPRO) - c:\program files (x86)\toshiba tempro\temprosvc.exe
R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - c:\windows\system32\toddsrv.exe
R2 - [TosCoSrv] - TOSHIBA Power Saver - c:\program files\toshiba\power saver\toscosrv.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [TMachInfo] - TMachInfo - c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [CTUPnPSv] - Creative Centrale Media Server - c:\program files (x86)\creative\creative centrale\ctupnpsv.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
S3 - [McODS] - McAfee Scanner - c:\program files\mcafee\virusscan\mcods.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TOSHIBA HDD SSD Alert Service] - TOSHIBA HDD SSD Alert Service - c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]


==== FireFox Fix ======================

Deleted from C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\prefs.js:

Added to C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\prefs.js:
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtab.url", "about:blank");

Added to C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default\prefs.js:

Added to C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default\prefs.js:

Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wn9dy8c0.Laurens\prefs.js:

Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wn9dy8c0.Laurens\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\windows\SysNative\Tasks\disco_games_notification_service deleted
"C:\Windows\Tasks\disco_games_notification_service.job" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Laurens\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-04-15 08:34:07	E981C27FA6C2F45C135DB4AF78D6FE1F	92672	----a-w-	C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:34:07	C7E498E41D92CF8C2EAED9995781A7F7	29696	----a-w-	C:\Windows\SysWOW64\wups.dll
2015-04-15 08:34:07	9D68CE45935C439D5082ECB56902124D	566784	----a-w-	C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:34:07	751C4859FD46A1461B3FB57252F541D8	33792	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:34:07	031C03C9639CE0D294695968C68A5775	173056	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:33:58	2B381229CCACA02AFF9D27B09073E523	311808	----a-w-	C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:33:52	B56B43F63E087649DB11288590C06B0C	14373376	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:33:50	C595472C049C342798F71BB1A28BF8E7	13767680	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:33:48	B2E4D1A446BA1BAFF74F90A97A5C7E48	1181696	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:33:48	2998832C2741DA50AECB4918A5C3D1DE	1763328	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:33:47	8E756F3DA62C1C4B27386B16350CA92C	1441280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:33:47	611E2914CA0714A7C9533488553A9453	2864640	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:33:46	FB310E1FD364B4C409F7A5777E65D266	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2015-04-15 08:33:46	FAACF20B4E1832633CAAA162F4C72B7B	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:33:45	C3B714492E2C8277C999E035442F8BB3	2055680	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:33:44	BF3C88256C698FF1C7C986BD36550F11	226816	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 08:33:44	8B3F5746480A983582449D6D42198D8A	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:33:44	69B334A984AC5504DB33F0932BCF0D7E	523776	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:33:44	4DC5C16FDDCFE474321F4A5ABE484B49	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2015-04-15 08:33:44	3BAAFA932463A79C9932CF27629C1EF7	163840	----a-w-	C:\Windows\SysWOW64\msrating.dll
2015-04-15 08:33:43	FC66B75EAB2D15551F5632B107818EC8	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2015-04-15 08:33:43	C1E3790C8A05C9FA7931A26048576F5D	357888	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:33:43	9C330289F11A575EA853DC1A66CE3036	226816	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:33:43	8CBC91467A1CA066580BF180D841C374	361984	----a-w-	C:\Windows\SysWOW64\html.iec
2015-04-15 08:33:43	89F6BFF6982FD771B72815EC669613DE	39424	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:33:43	1F44C25394222A09F77C91174259FB73	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-15 08:33:43	1D4F2706A928E0FA3230FA9E9A6DCB32	80384	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:33:43	0421DC13D11967F439BB8132914EC9C4	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2015-04-15 08:33:42	3BF02AA1121467362696867EF38613CA	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:33:41	DA5B856A037872BE089CA6967C7050C5	1237504	----a-w-	C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:33:41	78492CF3C3697FB5AF4EAABB2BAF8595	2048	----a-w-	C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:33:30	32B9FEE479FF55234ED6BCF1D7976189	1309696	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2015-04-15 08:33:30	11896E75E1A118ABFAD126BEB650A189	3920824	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 08:33:29	A6A644BFAE31F111F35F8C3C7BA2A8A0	3976632	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 08:33:29	99DE8BADC0E85C9AB4A8301A3723FFEA	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2015-04-15 08:33:28	DB7CFA08957C94F6CFAA0DBB8BE4B906	550912	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2015-04-15 08:33:28	BC09159AFF6639DB2CB28058731199F0	248832	----a-w-	C:\Windows\SysWOW64\schannel.dll
2015-04-15 08:33:27	E6A73ED322D8D0E85589894157F81940	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2015-04-15 08:33:27	A057B61F8A553F6DA38563597FA3676B	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 08:33:27	655C88135254C78E6FB66B6C2F6AC5DA	172032	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2015-04-15 08:33:27	56977F27A96383E2A6C8BACEFC17E9CA	259584	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 08:33:27	2DE438AE95C59FB33B3E4E34827C1100	221184	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 08:33:26	C2A7AEA0A0FF0E7284632902FF9BD73A	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2015-04-15 08:33:26	A169307F0105183092F2AEDA9A8BD15D	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2015-04-15 08:33:26	6F8CEB8115737D2E049804B191AE41A9	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2015-04-15 08:33:26	6A9FFEF19C4F8F2E9082A50BB07ECDF1	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2015-04-15 08:33:26	52C84F726B8B84634F2E666C49076CDE	274944	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 08:33:26	47A1F23EE40C2389FCD53E9D5CEA3430	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2015-04-15 08:33:26	0FF9EEFF3EFC725FD90AD2CDA5A96776	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2015-04-15 08:33:26	06C69684C3730E1A31DF06D4DD4042BC	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 08:33:24	FC898E44379D877DE92D869E713528CD	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2015-04-15 08:33:23	C557EB6CD735B4EE5076EA289B02CEAC	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 08:33:23	53C485BC8BBD41877F58AEB89412F5D7	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2015-04-15 08:33:22	C0693456929F40833B9CC36C9CF7E3A8	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2015-04-15 08:33:22	4B21D227B191A6305087BDD6BB19220F	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2015-04-15 08:33:22	2E0F849B7BF17969E45881FA4EB9B487	686080	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2015-04-15 08:33:02	D824C1C235349B67E652A5CA70D1AA49	58880	----a-w-	C:\Windows\SysWOW64\clfsw32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-04-21 16:17:33	36494C1443C4C1659BFC2E050EE84D56	634	----a-w-	C:\Windows\Sysnative\.crusader
2015-04-15 08:34:07	C5D90D20035928387FE27E4485EE463F	36864	----a-w-	C:\Windows\Sysnative\wuapp.exe
2015-04-15 08:34:07	AEA602B4036CF95522818E911654F52E	135168	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2015-04-15 08:34:07	95A9A336CFF6AC51B33BBFDBEA6D848B	60416	----a-w-	C:\Windows\Sysnative\WinSetupUI.dll
2015-04-15 08:34:07	6C21C983C1F83900DBEDE51DCA247B72	696320	----a-w-	C:\Windows\Sysnative\wuapi.dll
2015-04-15 08:34:07	21DF773EF8EFEF531E7E0BF477E03047	3298816	----a-w-	C:\Windows\Sysnative\wucltux.dll
2015-04-15 08:34:06	AECC03D0A794619E15FF1CB92D65EF9E	191488	----a-w-	C:\Windows\Sysnative\wuwebv.dll
2015-04-15 08:34:06	6BAC8DCC6C58755A1B9E6D3B04C28FC5	12288	----a-w-	C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-04-15 08:34:06	2ADEA6F221BBF0992FDF9A3E25BA9F59	98304	----a-w-	C:\Windows\Sysnative\wudriver.dll
2015-04-15 08:34:06	2A77BD58F0A8D3743D4299434390922E	35328	----a-w-	C:\Windows\Sysnative\wups.dll
2015-04-15 08:34:06	21CA4277E6918B019525ECCD748EF401	37376	----a-w-	C:\Windows\Sysnative\wups2.dll
2015-04-15 08:34:06	0814A74C853F50B354F08F83DDA9F7FB	2553856	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2015-04-15 08:34:01	E72C92A252EC4B230287BC6E06F24296	957952	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-04-15 08:34:01	826A7F422014E4762C700B4254F5C588	1111552	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-04-15 08:34:01	7150E809474BBD4D4AD24B13FA2454E5	1239720	----a-w-	C:\Windows\Sysnative\aitstatic.exe
2015-04-15 08:34:01	5D0A492C42A43DCF73284F2865519712	30720	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-04-15 08:34:01	3FCD3FE7F58935A85ACC33019129358E	419840	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-04-15 08:34:01	205EE22E14A9848FB2266FF035BE0C9C	192000	----a-w-	C:\Windows\Sysnative\aepic.dll
2015-04-15 08:34:01	0E0723E6D064ACD3D603BEF93EE0B950	769536	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-04-15 08:34:01	05ED759DD0821294F05A41F6A8F1E18F	726528	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-04-15 08:34:00	3F0FFBA1765470F979D57F88248070CA	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
2015-04-15 08:33:59	72098048AB8AE2CAFA4ECE35D5051D62	404480	----a-w-	C:\Windows\Sysnative\gdi32.dll
2015-04-15 08:33:55	E0AED0202A8B74D9D460B123EA426A0C	19292672	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-04-15 08:33:51	FAE80D6499ECB6A8AA90395587304338	15409152	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-04-15 08:33:48	A2CCA77B51F2EE47782FFC7032683DAB	1409024	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-04-15 08:33:48	11306EED81A8F0A48AFBB3960FFAD07E	2237952	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-04-15 08:33:47	9CA76669EFAF752C8466399B2C85EE7F	1509376	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2015-04-15 08:33:46	F124B3624629B873AF58895459D45AFA	3959296	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-04-15 08:33:46	970FF660EF8AD2226F961956EDE5995D	2656256	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-04-15 08:33:45	6622A3B2B32401D5DDF8C0AD8DE3EC62	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2015-04-15 08:33:45	4CE94E6EE991630FD55A039408265B5E	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-04-15 08:33:44	D934C9077EDA71804EBE651DE66CE34F	281600	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2015-04-15 08:33:44	AC61CF7133735CF0B515CE9CF76FFFCF	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2015-04-15 08:33:44	836CD26ADF5DA10298170E5F48007E68	600576	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-04-15 08:33:44	7F1089E6686B3B6701B938541F758ABE	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2015-04-15 08:33:44	543EBCED2F2F56FD3EB89D48990797B4	255488	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2015-04-15 08:33:44	37945B4D9C7E269805233FF059D9FEAE	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2015-04-15 08:33:43	D3F731B732ED37ADA1C4EA8C9520375D	441856	----a-w-	C:\Windows\Sysnative\html.iec
2015-04-15 08:33:43	52F2AD86F9803866CA534B223C1CFCCC	53248	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2015-04-15 08:33:43	48D9D404297B2A1413BA6BE2CA4A73CA	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2015-04-15 08:33:43	441BCB8344E15F3BF42852A9C365BF59	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2015-04-15 08:33:43	413913937E61131A39C1E7EF44619C9D	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2015-04-15 08:33:43	2B899BC489D7950AE1491D944135E09C	197120	----a-w-	C:\Windows\Sysnative\msrating.dll
2015-04-15 08:33:43	0FD08EAF7EF87E5D352937AE207C46AA	451584	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2015-04-15 08:33:43	08108FCC6B3A139B28E4AF5D24F81737	97280	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2015-04-15 08:33:42	9FDA50FEE3BE68E1626AF04D70722648	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2015-04-15 08:33:41	2AA1704C1475AD9D18560AD07BDA66DF	2048	----a-w-	C:\Windows\Sysnative\msxml3r.dll
2015-04-15 08:33:41	0B85F3551337FE233477DA31545DC45C	1882624	----a-w-	C:\Windows\Sysnative\msxml3.dll
2015-04-15 08:33:32	DCB7D8034C773ADB660FA8F1139AC0A0	5557696	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-04-15 08:33:31	96C2380819EBAC0BF592A7E8977E9E8A	1727904	----a-w-	C:\Windows\Sysnative\ntdll.dll
2015-04-15 08:33:30	E75074EFBE3C24FBC95C7C1985E08FDE	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2015-04-15 08:33:30	B47C4E8E9AF9044F9D59443196D54608	424448	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2015-04-15 08:33:29	CBEFBE487F0C09EE0F8AC5299447450E	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2015-04-15 08:33:29	5EA8A53A243ED52DA1F705D000854B2A	341504	----a-w-	C:\Windows\Sysnative\schannel.dll
2015-04-15 08:33:28	F87B5878D7621A16A0A5CF1D94BE5A53	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2015-04-15 08:33:28	B00F1AC213172C557EF84F71E4DF5EA3	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2015-04-15 08:33:28	A32CA33E8692DA882133341AF31A4C36	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2015-04-15 08:33:28	6DEDB5E0258998C01C26280DBDB2A4B9	1461760	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2015-04-15 08:33:27	F36EF8DBE5CE842B8F04515BF422DFB4	314880	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2015-04-15 08:33:27	EA32F4EA3AE06EDD122FBCD5A489E457	215040	----a-w-	C:\Windows\Sysnative\winsrv.dll
2015-04-15 08:33:27	CB33B9F21F06764DCA561FC194823199	309760	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2015-04-15 08:33:27	8E615D40A652999B224EDBBFA7B4035B	728064	----a-w-	C:\Windows\Sysnative\kerberos.dll
2015-04-15 08:33:27	799E731B83F911A6220E678722A73DDF	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2015-04-15 08:33:27	7220246418A40D3BF7470058A2DB939A	210944	----a-w-	C:\Windows\Sysnative\wdigest.dll
2015-04-15 08:33:27	5E9E31A2F213E757184EB2CA4B562E6C	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2015-04-15 08:33:27	234529666FB5BBE12343FF58380E8234	136192	----a-w-	C:\Windows\Sysnative\sspicli.dll
2015-04-15 08:33:27	0B6514A14631E41DE4D6D40D1C80BE68	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2015-04-15 08:33:26	DE328CD9E0678A55880C2189EE5BDBDC	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2015-04-15 08:33:26	CFDA43CD05B94C4853042E4A9561B156	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2015-04-15 08:33:26	CACB6D061EAAE5CEB9203A26127843AF	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2015-04-15 08:33:26	CA4FC33FB22D92368A0B221092B46374	31232	----a-w-	C:\Windows\Sysnative\lsass.exe
2015-04-15 08:33:26	C631969919195C040E135CC380018A65	29184	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2015-04-15 08:33:26	978BC01DD41125DED32AC03925A16578	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2015-04-15 08:33:26	5905040249D279F61AE988A7F5F0D241	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2015-04-15 08:33:26	2ABF1BA930E5CE0017D6197A06B03E07	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2015-04-15 08:33:26	1150C2D3C72887571581DF6D0E58540D	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2015-04-15 08:33:23	39D0217773202CF09F13C1E420CBA6CA	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2015-04-15 08:33:23	3474740668B86841E999893D9314193E	686080	----a-w-	C:\Windows\Sysnative\adtschema.dll
2015-04-15 08:33:22	88B6EDA230EFEFC780AF717AA9640CAD	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2015-04-15 08:33:22	55BF60184106FCF60B999CDEB4EACB2E	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2015-04-15 08:33:02	745DE455E02693423B1B78F448D52961	79360	----a-w-	C:\Windows\Sysnative\clfsw32.dll
2015-04-15 08:33:02	404B7DF9CA4D1CB675045AF220FF3285	367552	----a-w-	C:\Windows\Sysnative\clfs.sys
====== C:\Windows\Sysnative\drivers =====
2015-04-15 09:04:21	CA4ADE6C3929B70317BFDDF9ABBFE0CE	135800	----a-w-	C:\Windows\Sysnative\drivers\epp64.sys
2015-04-15 08:33:27	1FA627E63195BF3BF636BFEF0D7190D4	155576	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-04-15 08:33:27	063C09DB965E3DFD6F4F08416F6DB8F5	95672	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2015-04-15 08:33:03	F61634BEC53F73702A10DE69F6DCAF57	754688	----a-w-	C:\Windows\Sysnative\drivers\http.sys
2015-04-09 21:08:41	2822B2CA0A86850D3F2B851D154C8B3A	76064	----a-w-	C:\Windows\Sysnative\drivers\McPvDrv.sys
2015-04-09 21:07:34	29F981739E50305128022CBE10B3659C	197704	----a-w-	C:\Windows\Sysnative\drivers\HipShieldK.sys
2015-04-08 15:54:25	853BF373351C40334C08544167973A89	51608	----a-w-	C:\Windows\Sysnative\drivers\asd2fsm.sys
====== C:\Windows\Tasks ======
2015-04-16 17:38:06	1CF882E42C26CD22AEB20B20FD6167F9	3238	----a-w-	C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3635746246-4039717782-239317034-1004
2015-04-16 17:38:01	2020F790C7063B7512C9C65A32F7706F	3368	----a-w-	C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3635746246-4039717782-239317034-1004
2015-04-16 07:12:41	F68FD7B1CCA1A0466434F3A7BAB9F8CF	3216	----a-w-	C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3635746246-4039717782-239317034-1004
2015-04-16 07:12:31	130E2291BB60F77F013262BFEFC0F950	3346	----a-w-	C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3635746246-4039717782-239317034-1004
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-04-21 15:58:47	--------	d-----w-	C:\Program Files\HitmanPro
2015-04-13 15:34:49	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2015-04-16 07:19:53	--------	d-----w-	C:\PROGRA~2\ZHPDiag
2015-04-13 21:41:14	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
2015-04-13 21:41:13	--------	d-----r-	C:\PROGRA~2\Skype
2015-04-08 15:54:04	--------	d-----w-	C:\PROGRA~2\Anvisoft
======= C: =====
2015-04-16 07:32:09	EB9DE805FB2018B27B259B814850FE46	512	----a-w-	C:\PhysicalDisk0_MBR.bin
====== C:\Users\Laurens\AppData\Roaming ======
2015-04-16 07:19:53	--------	d-----w-	C:\Users\Laurens\AppData\Roaming\ZHP
2015-04-14 15:51:56	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-04-14 15:51:56	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-04-14 15:51:56	--------	d-----w-	C:\Users\User\AppData\Local\Temp
2015-04-14 15:51:56	--------	d-----w-	C:\Users\Laurens\AppData\Local\Temp
2015-04-14 15:51:56	--------	d-----w-	C:\Users\Gast\AppData\Local\Temp
2015-04-14 15:51:56	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-04-14 15:51:56	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-04-13 21:41:54	--------	d-----w-	C:\Users\Laurens\AppData\Local\Skype
2015-04-09 17:38:14	--------	d-----w-	C:\Users\Laurens\AppData\Roaming\LavasoftStatistics
====== C:\Users\Laurens ======
2015-04-21 16:28:48	B1C9A7DC4006569BE35507ADE1F21539	2099712	----a-w-	C:\Users\Laurens\Desktop\FRST64(1).exe
2015-04-21 15:58:48	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-21 15:37:02	--------	d-----w-	C:\ProgramData\HitmanPro
2015-04-21 15:35:45	5C80FF85C8644A630D341F27176042BA	11028616	----a-w-	C:\Users\Laurens\Desktop\HitmanPro_x64.exe
2015-04-17 12:54:31	CE3CDF346558DC74B8B38F9398A8A42E	2097664	----a-w-	C:\Users\Laurens\Downloads\FRST64.exe
2015-04-16 07:19:58	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-04-16 07:18:09	43860F92000D216C80D3B949D5930C5C	6879990	----a-w-	C:\Users\Laurens\Desktop\ZHPDiag2.exe
2015-04-14 16:04:30	0EFDC1550592DC0C4E73AFFB54B35C3E	2217984	----a-w-	C:\Users\Laurens\Downloads\adwcleaner_4.201.exe
2015-04-13 21:41:14	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-13 21:38:27	2FFBEE5B531686AA96B02F7D0DED208C	1740112	----a-w-	C:\Users\Laurens\Downloads\uTorrent(2).exe
2015-04-13 21:37:55	2FFBEE5B531686AA96B02F7D0DED208C	1740112	----a-w-	C:\Users\Laurens\Downloads\uTorrent(1).exe
2015-04-13 15:32:54	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Laurens\Desktop\RSITx64.exe
2015-04-09 19:02:36	--------	d-----w-	C:\Users\Laurens\Start Menu
2015-04-09 15:37:39	--------	d-----w-	C:\ProgramData\Avira
2015-04-08 15:58:28	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-04-08 15:54:12	--------	d-----w-	C:\ProgramData\Anvisoft

====== C: exe-files ==
2015-04-21 16:28:48	B1C9A7DC4006569BE35507ADE1F21539	2099712	----a-w-	C:\Users\Laurens\Desktop\FRST64(1).exe
2015-04-21 15:58:49	1891702D20D349F1D56DCD870DDF7827	127752	----a-w-	C:\Program Files\HitmanPro\hmpsched.exe
2015-04-21 15:58:47	5C80FF85C8644A630D341F27176042BA	11028616	----a-w-	C:\Program Files\HitmanPro\HitmanPro.exe
2015-04-21 15:35:45	5C80FF85C8644A630D341F27176042BA	11028616	----a-w-	C:\Users\Laurens\Desktop\HitmanPro_x64.exe
=== C: other files ==
2015-04-23 16:57:15	87CB12A8CCC719D9363FD211B76F127D	1204	----a-w-	C:\Users\Public\Desktop\sample_20152304_1857.zip

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmdd5682.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wn9dy8c0.Laurens
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [25/04/2015 20:19]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{9D2AA73B-6049-4799-B8AC-925723370070}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [09/10/2014 19:25]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tfx7kexd.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- English Australian Dictionary - %ProfilePath%\extensions\en-AU@dictionaries.addons.mozilla.org
- New Zealand English Dictionary - %ProfilePath%\extensions\en-NZ@dictionaries.addons.mozilla.org
- Dictionnaires franais - %ProfilePath%\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
- Add-on Compatibility Reporter - %ProfilePath%\extensions\compatibility@addons.mozilla.org.xpi

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wn9dy8c0.Laurens
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kic4cxak.default-1428649081503
20AF900395CA5AD66A9134CF032B0435	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -	RealPlayer Video Downloader for HTML5  (32-bit)
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash
D2B5242013356AF422A42B9FAA4056C2	- C:\Users\Laurens\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll -	VASCO Card Reader Plugin
FD63DE29FE0A7E738BD81CA0EDDD8020	- C:\Users\Laurens\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll -	VASCO Card Reader Plugin


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== C:\zoek_backup content ======================

C:\zoek_backup (files=1413 folders=251 76411246 bytes)

==== EOF on za 25/04/2015 at 21:24:26,40 ======================