Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by admin on za 13/06/2015 at 11:38:54,76. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\admin\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? ??????? Windows Live Mesh ActiveX ??? ???????? ?????????? Windows Live 7-Zip 9.20 (x64 edition) Adobe Acrobat Reader DC - Nederlands Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Alcor Micro USB Card Reader ASUS AI Recovery ASUS FaceLogon ASUS Instant Connect ASUS Instant Key ASUS LifeFrame3 ASUS Live Update ASUS Music Maker ASUS Photo Designer ASUS Photo Manager ASUS Power4Gear Hybrid ASUS Splendid Video Enhancement Technology ASUS USB Charger Plus ASUS Video Magic ASUS Virtual Camera ASUS Virtual Touch ASUS WebStorage ASUSDVD AsusScr_N6 Series_ENG AsusVibe2.0 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver ATK Package Bitdefender Antivirus Free Edition Bubbletown Control ActiveX de Windows Live Mesh para conexiones remotas Contr“le ActiveX Windows Live Mesh pour connexions … distance Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas CyberLink LabelPrint CyberLink MediaEspresso CyberLink Power2Go CyberLink PowerDirector D3DX10 Deadtime Stories Definition Update for Microsoft Office 2010 (KB3054883) 32-Bit Edition Dream Day First Home Dream Vacation Solitaire ETDWare PS/2-X64 10.5.9.0 Farm Frenzy 3 - Madagascar Fast Boot FastStone Image Viewer 5.3 Firebird SQL Server - MAGIX Edition Galapago Galeria de Fotografias do Windows Live Galer¡a fotogr fica de Windows Live Galerie de photos Windows Live Game Park Console Go Go Gourmet Chef of the Year Google Chrome Google Update Helper InfraRecorder 0.53 (x64 edition) InstantOn for NB Intel PROSet Wireless Intel(R) Manageability Engine Firmware Recovery Agent Intel(R) Management Engine Components Intel(R) OpenCL CPU Runtime Intel(R) Processor Graphics Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel(R) USB 3.0 eXtensible Host Controller Driver Intel(R) WiDi Intel(R) Wireless Display Intel© PROSet/Wireless WiFi Software Intel© Trusted Connect Service Client Java 8 Update 45 Java 8 Update 45 (64-bit) Java Auto Updater Junk Mail filter update LibreOffice 4.4.2.2 Mahjong Memoirs Malwarebytes Anti-Malware versie 2.1.6.1022 Mesh Runtime Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) myBitCast 1.0.0.3 NVIDIA 3D Vision Driver 296.16 NVIDIA Control Panel 296.16 NVIDIA Graphics Driver 296.16 NVIDIA HD Audio Driver 1.3.12.0 NVIDIA Install Application NVIDIA Optimus 1.7.12 NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.7.12 NVIDIA Update Components PDFCreator Picasa 3 Plants vs Zombies Raccolta foto di Windows Live Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4.5.2 (KB2972107) Security Update for Microsoft .NET Framework 4.5.2 (KB2972216) Security Update for Microsoft .NET Framework 4.5.2 (KB2978128) Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft Excel 2010 (KB3054845) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2863817) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3054834) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB3054835) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition Security Update for Microsoft Word 2010 (KB3054842) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SkypeT 7.4 Spotify St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se?? SUPERAntiSpyware Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Turbo Fiesta Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2965291) 32-Bit Edition Update for Microsoft Office 2010 (KB2965296) 32-Bit Edition Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition Update for Microsoft Office 2010 (KB3054875) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2965297) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3054881) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition VLC media player Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash Wireless Console 3 World of Goo ==== Running Processes ====================== C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\admin\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee SiteAdvisor Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee SiteAdvisor Service deleted successfully ==== Deleting Files \ Folders ====================== C:\Users\admin\AppData\Roaming\pdfforge deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8078 MB CPU Info: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz CPU Speed: 2342,7 MHz Sound Card: Not detected Display Adapters: | RDP Encoder Mirror Driver Monitors: 1x; Screen Resolution: 800 X 600 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Intel(R) Centrino(R) Wireless-N 2230 | Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (F: | ) F: SlimtypeDVD A DS8A8SH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 372,6GB | D: 533,6GB Hard Disks - Free: C: 286,2GB | D: 492,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/23/12 | _ASUS_ - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. N76VM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Bitdefender Antivirus Free Edition On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Bitdefender Antivirus Free Edition disabled (Outdated) Default Browser: Google Chrome 43.0.2357.124 Internet Explorer Version: 11.0.9600.17843 Google Chrome version: 43.0.2357.124 Adobe Reader version: 15.7.20033.133275 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\admin\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-06-11 07:09:35 2CA16814DA3C5B2D8C7E70DC47A45ED1 551424 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-06-11 07:09:34 FCA6EFFEE6D7D42E794F0E538297026C 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-06-11 07:09:34 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-06-11 07:09:34 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-06-11 07:09:34 EA141596564AE0C670EDD0F2636EC29C 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-06-11 07:09:34 BBABC6702529CFADAC0EC2B28168A288 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-06-11 07:09:34 A9E8F961F7FE1EDEEF8F46EEB800F2D8 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-06-11 07:09:34 9E68E1BDEBD85FC8803707370BE0FC6E 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2015-06-11 07:09:34 9A50B2567918BF7DDD600ECE5DB5ED76 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-06-11 07:09:34 8C7635292CFF4901F058269454A1D64E 1310744 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-06-11 07:09:34 7A9F94E0F53C8F6E09405351AC104A3C 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-06-11 07:09:34 6C06D2B1CF88AB83F1CFB24928F63107 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-06-11 07:09:34 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll 2015-06-11 07:09:34 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-11 07:09:34 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-06-11 07:09:34 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-11 07:09:34 5643A88C6DA8AAEC9CE2845431942650 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-06-11 07:09:34 558227F567E977D71B9182013EF03E9C 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-06-11 07:09:34 4238391DE3E3FDCD2C731C1E4E0F402C 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll 2015-06-11 07:09:34 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-06-11 07:09:34 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-06-11 07:09:34 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-06-11 07:09:34 2D23A10FBFA09DC1B61799128BBA91A2 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-06-11 07:09:33 F81920ADB15012CF4E9FF8238C85686A 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-06-11 07:09:33 F72A9953199EF5807D595AE3694B5D01 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-06-11 07:09:33 EEA17E843EE2EE50D623BEACF50BD815 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-06-11 07:09:33 EC6E5AE2ECFE7A335B370865A1158EF8 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-06-11 07:09:33 D877133532CE090502B1166B360E9516 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-06-11 07:09:33 7E7933E63BBE2BE71CC908EF140458EF 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-06-11 07:09:33 6C730482615C97B923B88C648FF554A3 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-06-11 07:09:33 619D5101114C71E1A4A585C5E68301B7 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-06-11 07:09:33 52C869A640B8169D7C8460FB1646ABF5 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-06-11 07:09:33 2E65BF3D85BB2C831669FBCBDE6C9879 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-06-11 07:09:16 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-11 07:09:16 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-06-11 07:09:15 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-11 07:09:15 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-06-11 07:09:14 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-06-11 07:09:14 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-06-11 07:09:14 7C9F8DB66A56306C5BBE97F9FC0F01EF 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-06-11 07:09:14 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-06-11 07:09:14 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-06-11 07:09:14 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-11 07:09:13 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-06-11 07:09:12 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-06-11 07:09:12 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-06-11 07:09:11 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-06-11 07:09:11 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-06-11 07:09:11 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-06-11 07:09:11 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-06-11 07:09:11 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-06-11 07:09:10 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-06-11 07:09:10 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-06-11 07:09:10 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-06-11 07:09:09 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-06-11 07:09:09 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-06-11 07:09:08 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-06-11 07:09:08 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-11 07:09:08 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-06-11 07:09:07 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-06-11 07:09:07 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-06-11 07:08:55 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll 2015-06-11 07:08:54 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll 2015-06-11 07:08:53 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2015-06-11 07:08:53 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2015-06-11 07:08:53 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2015-06-11 07:08:53 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-06-11 07:09:35 AA5319FA8602676B5D3A2B4A1355896D 1255424 ----a-w- C:\Windows\Sysnative\diagtrack.dll 2015-06-11 07:09:35 93A05407F8E53BC731C42AAD56163F80 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-06-11 07:09:35 8DCA1C70AF170C3FBCE47A4F49BFC887 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-06-11 07:09:35 6FDF03A3B110C5264F52F979335AE301 1162752 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-06-11 07:09:35 6ECD6D92F43C2DC55099F892978D5BE7 728576 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-06-11 07:09:35 4FFD08A01047EF6B58F6EB4E6D001A8D 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll 2015-06-11 07:09:34 FF9BBFAE899091C1FF0D1A3F2C587911 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-06-11 07:09:34 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe 2015-06-11 07:09:34 D68690450978D127E030FB14E9B2023B 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-06-11 07:09:34 CCB352B939B77B38983DD878C547451F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-06-11 07:09:34 AD54856A16B635720B0BE5FAF44526FC 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-06-11 07:09:34 A929B9ABA1083AF35ECE7BD63AF3E42F 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-06-11 07:09:34 A5F57F4866C2DC7F8215058D7D56BD21 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-06-11 07:09:34 9E2A2028228645DD57EF45A02CAC0CCE 5569984 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-06-11 07:09:34 9BBEA639884C0338DD78654277BD188A 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-06-11 07:09:34 996EE6571ADB880A60846DD02C8D5869 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-06-11 07:09:34 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\Windows\Sysnative\relog.exe 2015-06-11 07:09:34 7C5E375F20F639607376351A8BCC0647 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-06-11 07:09:34 6ACD3C75BE449F039E1A4E43424D5B6F 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-06-11 07:09:34 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe 2015-06-11 07:09:34 66DF73B202105406602941778792FE3D 879104 ----a-w- C:\Windows\Sysnative\tdh.dll 2015-06-11 07:09:34 5EC57AC6DC16CB8A058CA019AA2C188D 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-06-11 07:09:34 53042708C242959B3924242FBBE297B1 1728960 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-06-11 07:09:34 4F90A7A0FCBC0ED18E573917860062FF 113664 ----a-w- C:\Windows\Sysnative\sechost.dll 2015-06-11 07:09:34 48C30C54194142910FB6B86D308220ED 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-06-11 07:09:34 37DFCC91E419952772E02F2B3BBB2E2B 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-06-11 07:09:34 289D99B0879C6ED5C6D1B3A856CA6DA3 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-06-11 07:09:34 2313AF8D5A9CEB4A55400A01DD311A95 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-06-11 07:09:34 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\Windows\Sysnative\logman.exe 2015-06-11 07:09:34 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe 2015-06-11 07:09:34 17A6A9AAD04CCC6EE53290585BFC43AF 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-06-11 07:09:34 16154A6682B1552DEAB953BFA4B8E955 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-06-11 07:09:34 13DE715D959DD502CFD52DC920408B33 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-06-11 07:09:34 11D5815F0DC571CE3C72213B375860B1 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-06-11 07:09:34 03BA5D20751137F3A705B389C52DB8D6 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-06-11 07:09:33 AF557D115972A73964FC8F209300948A 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-06-11 07:09:33 8A4EB32C7C948F70EAC6F85063596A39 36864 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2015-06-11 07:09:33 837BBE4170D5A75F293BD6F294A8FE34 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-06-11 07:09:33 6E882D7CA34073890107559B5A515A24 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-06-11 07:09:33 6ACFCC28E4D60B5A931D8749332A14E2 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-06-11 07:09:33 5A17FF38EDE95B2313E428BF444126D7 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-06-11 07:09:33 20BD408AC3F8576997D6A47F48A1C5B2 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-06-11 07:09:16 9DB8E01D5A546FAFCACE95489E351186 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-06-11 07:09:16 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-06-11 07:09:14 9E2B8C0601E3D460F78F0233B509CE4F 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-06-11 07:09:14 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-06-11 07:09:14 4BD747AAF01C480901B3E777EC48826B 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-06-11 07:09:12 D202078FBA3A77B85D39669EE4110DE2 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-06-11 07:09:12 3C3E159F284F51D55DB59C3D0B843979 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-06-11 07:09:11 6ABFC5736EC920C4436F32111F5CBCEE 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-06-11 07:09:11 36F3718E67F442F54AB4A39DCDD8FD19 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-06-11 07:09:10 86FDFEA67833DB261EC01A777594EDCF 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-06-11 07:09:10 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-06-11 07:09:10 083BCA14FCE290D682D8DAC9372CBF23 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-06-11 07:09:09 FF84182188CA8F0DC28CFED06C9B7816 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-06-11 07:09:09 7F8F9AE03D1BA4354671E05F07A40F1A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-06-11 07:09:09 5F8EE9311ECF078CD9426874FFAD660C 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-06-11 07:09:08 6E295C7364DAEB151CC0E98434B6AC92 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-06-11 07:09:08 33B5F1A727FACDEA7CDA0E35FFAADDCF 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-06-11 07:09:07 AFF5C12099B87FA645F8867701729894 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-06-11 07:09:07 AE5A2843B4A2E1E558B9EE13EF62CCE5 14404096 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-06-11 07:09:07 8909A24DA8B5C426CF6595BA843B6CC5 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-06-11 07:09:07 35622F5A652C4E16774234DCA0026E74 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-06-11 07:09:07 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-06-11 07:09:06 CFA52E2FE8E623042A1EEF96EB1B9481 6026240 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-06-11 07:09:06 ACD6FE6C82B93813F023FC01A51CB940 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-06-11 07:09:06 83781DF625A4448B39410D7FA2BDC48D 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-06-11 07:09:06 4A5A84B457C72E79A64AE4036EC6BB0E 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-06-11 07:09:06 417F80E4AFBA1AA9EBBD618F1C6D9165 2426880 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-06-11 07:09:06 3854BFE1C0F14872C94501421CC40813 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-06-11 07:09:05 2BC2D3A41BB755487FD55C09938F00BC 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-06-11 07:09:05 16091938F6CDBCCCBA1CBE24600121BC 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-06-11 07:09:05 06A8CE6C3AE6B7916F026B0EFDDCAAA5 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-06-11 07:09:04 A29BAFC1543F9D2234AFFFEA9BCE76C8 24917504 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-06-11 07:08:55 9D80A82B0BB77AC3EF6A87FA0C534E20 14635008 ----a-w- C:\Windows\Sysnative\wmp.dll 2015-06-11 07:08:55 51F89CE2D0FEC66070354504E6C4C3E4 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll 2015-06-11 07:08:53 834FD7C31EA16D59CC3B2DC60F2F2620 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2015-06-11 07:08:53 51ECEE70F33601310DDEF3EEE39550D3 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2015-06-11 07:08:53 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2015-06-11 07:08:53 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll 2015-06-11 07:06:44 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-06-05 18:02:59 E87D4371B24BC9E5BAE95AEA60FFD959 193536 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-06-05 18:02:59 CFF429F2234C1D1A5993E80F46C37CFB 1119232 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-06-05 18:02:59 B23AB4C401E2DE02C47B7497D41E2318 757248 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-06-05 18:02:59 6F07FC190DBCB42C8A5319235F72F906 423424 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-06-05 18:02:59 6E2EB5A36C3CCD917F7FF9BED7C1390E 45568 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-06-05 18:02:59 587BBA3B3959144334700EC48232712F 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-06-05 18:02:59 52DEF4C743C2EABD6BD3EDC790A0E778 1021440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-06-05 18:02:59 2DCA988113A02EB9BCB98A5DC2D34E57 700416 ----a-w- C:\Windows\Sysnative\generaltel.dll ====== C:\Windows\Sysnative\drivers ===== 2015-06-11 07:09:34 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-06-11 07:09:34 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-06-11 07:08:53 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys 2015-05-25 09:33:15 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Windows\Sysnative\drivers\avchv.sys 2015-05-25 09:33:14 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Windows\Sysnative\drivers\avc3.sys 2015-05-25 09:33:14 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Windows\Sysnative\drivers\avckf.sys 2015-05-25 09:30:34 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Windows\Sysnative\drivers\gzflt.sys 2015-05-25 09:30:34 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Windows\Sysnative\drivers\trufos.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-06-13 07:36:54 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\admin\AppData\Roaming ====== 2015-06-12 20:28:12 -------- d-----w- C:\Users\admin\AppData\Local\ElevatedDiagnostics 2015-06-12 19:19:25 -------- d-----w- C:\Users\Default\AppData\Local\ASUS 2015-06-12 19:19:25 -------- d-----w- C:\Users\Default User\AppData\Local\ASUS 2015-06-01 18:06:42 -------- d-----w- C:\Users\admin\AppData\Local\GWX ====== C:\Users\admin ====== 2015-06-13 07:36:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\admin\Desktop\RSITx64.exe 2015-05-25 09:33:46 8BE8D88DE0A66E3B7374AB3C5E34C753 205449 ----a-w- C:\ProgramData\1432546217.bdinstall.bin 2015-05-25 09:33:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition 2015-05-25 09:26:36 784FF9F5E74399D16E9BD59E785F3183 2052 ----a-w- C:\ProgramData\1432545994.1028.bin 2015-05-25 09:26:34 26C2F08CE9B948019175F84C7E326304 41882 ----a-w- C:\ProgramData\1432545994.5404.bin 2015-05-25 09:26:08 81D20756D66CD7C3745D816C7D16048A 117340 ----a-w- C:\ProgramData\1432545953.6368.bin 2015-05-25 09:25:59 D84252B8FC56DD47E5BC813C7FC41791 6932 ----a-w- C:\ProgramData\1432545953.6572.bin 2015-05-25 09:25:59 273CE342D299E5E6175009F20AF95CD7 1230 ----a-w- C:\ProgramData\1432545953.6288.bin 2015-05-25 09:25:53 75427D5BBC17C6841440506FF0D33D1B 119328 ----a-w- C:\ProgramData\1432545953.6688.bin ====== C: exe-files == 2015-06-13 07:36:54 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\admin.exe 2015-06-13 07:36:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\admin\Desktop\RSITx64.exe 2015-06-11 07:09:34 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-06-11 07:09:34 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-06-11 07:09:34 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\Windows\System32\typeperf.exe 2015-06-11 07:09:34 9E2A2028228645DD57EF45A02CAC0CCE 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-06-11 07:09:34 9BBEA639884C0338DD78654277BD188A 112640 ----a-w- C:\Windows\System32\smss.exe 2015-06-11 07:09:34 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\Windows\System32\relog.exe 2015-06-11 07:09:34 6C06D2B1CF88AB83F1CFB24928F63107 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-06-11 07:09:34 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\Windows\System32\tracerpt.exe 2015-06-11 07:09:34 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-11 07:09:34 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-06-11 07:09:34 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-11 07:09:34 48C30C54194142910FB6B86D308220ED 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-06-11 07:09:34 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-06-11 07:09:34 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-06-11 07:09:34 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-06-11 07:09:34 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\Windows\System32\logman.exe 2015-06-11 07:09:34 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\Windows\System32\diskperf.exe 2015-06-11 07:09:34 17A6A9AAD04CCC6EE53290585BFC43AF 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-06-11 07:09:34 16154A6682B1552DEAB953BFA4B8E955 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-06-11 07:09:34 03BA5D20751137F3A705B389C52DB8D6 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-06-11 07:09:33 EEA17E843EE2EE50D623BEACF50BD815 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-06-11 07:09:33 EC6E5AE2ECFE7A335B370865A1158EF8 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-06-11 07:09:16 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-06-11 07:09:14 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-06-11 07:09:14 2B3CF8F7903266E2AA5C9D9850FAA8F6 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-06-11 07:09:12 8D4E75DEAA0FFBEFB5F366A4770D9644 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-06-11 07:09:12 29874C10D7D0088CD8743EC8F5DABBE4 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-06-11 07:09:11 9F45DA24EBAE4180F70D03503580E8CA 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-06-11 07:09:10 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-06-11 07:09:10 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-06-11 07:09:09 52956B4DD1899CB09BB50FB939F6E99D 490496 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-06-11 07:09:08 FF9877ABCA06D539264275321C97BB07 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-06-11 07:09:07 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-06-11 07:08:53 E39D7E7FCC5D4B77B8CBA52FEF8753DE 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe 2015-06-11 07:08:53 8D3316795ACCC0EC0DD6A844E046DA68 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2015-06-11 07:08:53 6F139F39295000E6301C0D08F7493CC6 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 2015-06-11 07:08:53 5F7B628B5F10531E8DE3E711ED73AAD7 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2015-06-11 07:08:53 44854DDB738BF2C507FC2162245361D6 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe 2015-06-11 07:08:53 3505E5A7664FD84AC8AE51FE3B545AE1 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe 2015-06-09 19:35:44 74D7DFE507EA48737061EA8E990157E8 2212944 ----a-w- C:\Program Files (x86)\Google\Update\Install\{252189A2-9A8A-4AB2-9669-F1EF2CD07B99}\43.0.2357.124_43.0.2357.81_chrome_updater.exe 2015-06-09 19:35:44 74D7DFE507EA48737061EA8E990157E8 2212944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.124\43.0.2357.124_43.0.2357.81_chrome_updater.exe 2015-06-09 19:34:15 8B303EBBC88D0BB795557DA659EE7F92 453720 ----a-w- C:\ProgramData\NVIDIA\Updatus\Download\77EB\updatus.19655412_RUNASUSER.exe 2015-06-06 15:00:31 D530C3DBD0EF94F5AA073E222B0E4304 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3441671481-3117547957-1868338228-1001\$ICU1MU2.exe 2015-06-06 15:00:29 1E8F03D85CA219B063EBD234184E59EE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3441671481-3117547957-1868338228-1001\$IX0DUZ9.exe 2015-06-06 15:00:28 9C100B6E27620A0E7E9E3393FC95F7C4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3441671481-3117547957-1868338228-1001\$IHDX7F6.exe === C: other files == 2015-06-11 07:09:34 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-06-11 07:09:34 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-06-11 07:08:53 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\System32\drivers\stream.sys 2015-06-11 07:06:44 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3441671481-3117547957-1868338228-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "BingSvc"="C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "ASUS InstantKey"="C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "BingSvc"="C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 " "BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ACMON] "command"="C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe" "hkey"="HKLM" "item"="ACMON" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AmIcoSinglun64" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ASUSWebStorage" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.108.222\\AsusWSPanel.exe /S" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bdagent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Bdagent" "hkey"="HKLM" "command"="\"C:\\Program Files\\Bitdefender\\Bitdefender 2015\\bdagent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitdefender Wallet Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Bitdefender Wallet Agent" "hkey"="HKCU" "command"="\"C:\\Program Files\\Bitdefender\\Bitdefender 2015\\bdwtxag.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl10" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Cyberlink\\PowerDVD10\\PDVD10Serv.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RTHDVCPL" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\admin\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePSTShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Cyberlink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Cyberlink\\DVD Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\AsusVibeLauncher.lnk" "backup"="C:\\Windows\\pss\\AsusVibeLauncher.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\ASUS\\AsusVibe\\ASUSVI~2.EXE /start" "item"="AsusVibeLauncher" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/04/2015 17:12] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/04/2015 17:12] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Quick Gesture" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe] "C:\Windows\SysNative\tasks\ASUS Quick Gesture (x64)" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bmkckgpgekmanipelfidlhmkfcjicion - No path found[] Google Slides - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences e":-2.2293886449264093,"www.pc-helpforum.be":-2.2293886449264093,"www.twinset.com":2.223901085741545}}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{"vip-selection.be,*":{"setting":1}},"fullscreen":{},"geolocation":{"http://www.nieuwsblad.be:80,http://www.nieuwsblad.be:80":{"setting":2},"https://www.google.be:443,https://www.google.be:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.google.be:443,https://www.google.be:443":{"geolocation":1,"last_used":{"geolocation":1430681071.512968}},"vip-selection.be,*":{"cookies":1}},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\admin\\Desktop"},"selectfile":{"last_directory":"D:\\Valerie\\Documents\\Word"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13074372560934677"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":2},"translate_last_denied_time":1430121521832.253,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} ,"icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"http://www.google.com","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"688D53B93EE372DF2FEE0614B1CC73CFD0ACCDE6843954899262A35DD385CA0E"},"default_search_provider":{"keyword":"C186B5800B019F73800696872340FFAE12C714092A4417683EAC932A3DCEDD2E","name":"0E5A6A5D7EDE8C0A62A5F40FAD875E2A383C0C878F7DA5250A7C705DC1F6BBA2","search_url":"257413591B5325DA89AEAE2AE2E107CFA12DBF42F19EED042B5B045D2ACA58C1"},"default_search_provider_data":{"template_url_data":"0235CA5EC8EAAB964CECFB1FAA4C41F4B2476D01AAF840CB07541C437C2264F8"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"B687AD18B8BA137BFF3EB623D0B2F4F02DDD51AD706F7A979CDE51BF3815A0E0","ahfgeienlihckogmohjhadlkjgocpleb":"A02EF6BC54CB65ED4AC8A9CCD7F2CF1D01FB3F4664A03E1B212CAA39CA6E2180","aohghmighlieiainnegkcijnfilokake":"A0E957A57855D44BA0661E62223419FD2416E27D443EBE3A7E1A04E9ADDC8ABC","apdfllckaahabafndbhieahigkjlhalf":"A7FFE4781A3975938AC9639401142BA0AAC86FB5B7AEB0253CC857EFE885ED40","bepbmhgboaologfdajaanbcjmnhjmhfn":"40BABB786445C1FF9270F2647D894114AC931164E5A25760C75AB010F9FC782C","blpcfgokakmgnkcojhhkbfbldkacnbeo":"87362AB8CE99B487D39A2D39165253E2A5688945DC26D6F22B72F265467CCD2D","bmkckgpgekmanipelfidlhmkfcjicion":"32EAF878D64D44D6105BC05500EFE7A43159AA04213DDD045B305E43CA159838","coobgpohoikkiipiblmjeljniedjpjpf":"0BDEE097FA11DF0EBDAC9F51D5212022B4074A86A514460C384E3724F7825346","eemcgdkfndhakfknompkggombfjjjeno":"DA0E658525E0D45909F10BC87736538C829EE3196B94BAF41CDE567D36F78F7D","ennkphjdgehloodpbhlhldgbnhmacadg":"9DFA6F698787D3F92A73E6FCFA3FA7BF016E9A7C8B59F04F56B1EDB318D0E215","fabcmochhfpldjekobfaaggijgohadih":"A43F1BFC0261C1EF241D3E88320B6EB885F58E3F58CA66762FF1C5BD726B3E68","felcaaldnbdncclmgdcncolpebgiejap":"B80639AE86BBA3623EECBEC2D9D9D6FCF24B87724851982A4580BB13CFA90C8F","gfdkimpbcpahaombhbimeihdjnejgicl":"46797261CBDBD926E9F16DC7D9535723045D88395FF09A9F5834847C3531AB1B","kmendfapggjehodndflmmgagdbamhnfd":"E4771C400DF9657677106A455DAA0DBAED892FC0E9B6F10425B52F395760BD3A","mfehgcgbbipciphmccgaenjidiccnmng":"4559CA0FBE28CA4D91CAC400F658279B16807252EEF2B75A31A9756D1E49C81A","mgndgikekgjfcpckkfioiadnlibdjbkf":"850AC271CEE08323F900CD9BD0228682BE887F1E9308A6EAA004C42332339657","mhjfbmdgcfjbbpaeojofohoefgiehjai":"2AD9513672B9D838E507DF787D5687BE3CD1F5639D586FD180C6E4BA9DDDCBD9","neajdppkdcdipfabeoofebfddakdcjhd":"42929821E1F95E66ED5FB1809138BE9D8F1E1A4DB6DDA4961FF33E791B82500E","nkeimhogjdpnpccoofpliimaahmaaome":"FFF49CB9B19BBB4BD4AFB4700D0D0C30078C3A4D5D79ADF417FC53D8585FD9B9","nmmhkkegccagdldgiimedpiccmgmieda":"15A11BF2F1AC370475EF887196ECD8A79A34A4E3AA490723BE55ADA6C3815693","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"48EB897049153E51EA45098B3526225BD6D013E12F90FCFBCD1FB1884CD1E4F6","pjkljhegncpnkpknbcohdijeoejaedia":"FF5FD3DE4E2F72942F2BE655FA5DCD13668E3FA09C2D0C1C0D7557DDD5D8A012"}},"google":{"services":{"last_username":"E4D256207E7D19289BDEFCC6BBCD252AF1402C8709A3C75238490B58937DC6BF","username":"6550B755E9B20E3433CB8003CBEB9A68A9591774CD74E691FF9B79C3FD7D7C8B"}},"homepage":"9DB24DF890457B72C36C1AB6287ED30D7C036BE60032C40530FBC9862DCEA1E2","homepage_is_newtabpage":"91B49325632D66EE63BD2F1B5E3E3C88A6CCEB1B491B35A01EFE6C30175F0B8E","pinned_tabs":"8980E40DAD0EFA9A08CE8051FE5E6E7B5E404B25C026B5B38B1F9EE4BB6299B5","prefs":{"preference_reset_time":"200E3C3592B3123A19F523B8E64D74475492C0DB03889DBF29177188F6F3398B"},"profile":{"reset_prompt_memento":"D5C8F77459E2BABED4B4108449C64F2E7CC3881700E5A30751CFE3AA52DFAC03"},"safebrowsing":{"incidents_sent":"475329059BEDAEEA44CE8D6B66FF1F39E2ABA75BE19479BC59D6B3B61EE3A72A"},"search_provider_overrides":"3882FE477F0B9D570C5AA62AE91A9548D63347044E799F81C504F7984F6FD910","session":{"restore_on_startup":"19E21BC4837071A92D508EF13071434D63E8691CA9BB7B0FC8FE49B735143B97","startup_urls":"6ED83535A11B9CBC32BF1FBD4413C3D1766F9947E052025EA7FED00519D41555"},"software_reporter":{"prompt_reason":"561760778ABB82DB15F8C3833C22141953922C6EDAB3F1527F1965179F7E3076","prompt_seed":"B12AF45FAEE7F0FF6EFEAC990BCA24C73C9A14ECF997517A4C4DAEF688A7E275","prompt_version":"988EE28B1255E3FE6FC885B934A312261DD2A12A7D2CCD23A9225E7E20B7F668"},"sync":{"remaining_rollback_tries":"4FFF68FEC18604369E03D3EE9D77876422A640C2EA7C53308D1C4077AF7D0460"}},"super_mac":"240179A14D48C75FBF8F2ED6BD5D2815C4BC31FA67BD4D9ABA7CF9FA4C086AC3"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdagent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bitdefender Wallet Agent deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [BingSvc] C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=3 2412 bytes) ==== Empty Temp Folders ====================== C:\Users\admin\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 13/06/2015 at 11:55:21,67 ======================