Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Eigenaar on za 25-07-2015 at 14:11:24,99. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: E:\Scan programma's\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 25-7-2015 14:14:42 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\2462c312-01da-478d-993d-b91a52e47a07 deleted successfully C:\PROGRA~2\LightningDownloader deleted successfully C:\PROGRA~2\Malwarebytes Anti-Malware deleted successfully C:\PROGRA~2\ProcessRunner deleted successfully C:\PROGRA~2\Rad Rater deleted successfully C:\PROGRA~2\WinZip Registry Optimizer deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\SUPERAntiSpyware deleted successfully C:\PROGRA~3\7caff85e00003fe9 deleted successfully C:\PROGRA~3\EpsanDrive deleted successfully C:\PROGRA~3\Solid State Networks deleted successfully C:\PROGRA~3\Symantec deleted successfully C:\Users\Eigenaar\AppData\Roaming\Bold Trust deleted successfully C:\Users\Eigenaar\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Eigenaar\AppData\Roaming\WarThunder deleted successfully C:\Users\Eigenaar\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Eigenaar\AppData\Local\EmieSiteList deleted successfully C:\Users\Eigenaar\AppData\Local\EmieUserList deleted successfully C:\Users\Eigenaar\AppData\Local\ICSharpCode.net deleted successfully C:\Users\Eigenaar\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C5BBFCDD-408C-4361-ABD8-4228610C45A8} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C5BBFCDD-408C-4361-ABD8-4228610C45A8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C5BBFCDD-408C-4361-ABD8-4228610C45A8} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C5BBFCDD-408C-4361-ABD8-4228610C45A8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BBFCDD-408C-4361-ABD8-4228610C45A8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BBFCDD-408C-4361-ABD8-4228610C45A8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BBFCDD-408C-4361-ABD8-4228610C45A8}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\ProgramData\7caff85e00003fe9 not found C:\Program Files (x86)\cheap4uall deleted C:\Program Files (x86)\Popcorn Time deleted C:\Program Files (x86)\Cinem Plus 2.4cV12.06 deleted c:\programdata\{9a01433a-a62e-6d47-9a01-1433aa620cea} deleted C:\Program Files (x86)\globalUpdate deleted c:\programdata\{2cfecf9e-661c-f95d-2cfe-ecf9e6613e79} deleted C:\Program Files (x86)\Awesome Widget ANTP deleted C:\Program Files (x86)\Topface Meeting is easy deleted C:\Program Files (x86)\browseaonndshhoPe deleted C:\Program Files (x86)\broWWseandshop deleted C:\Program Files (x86)\bruowseandshop deleted C:\Program Files (x86)\DeaolExpress deleted C:\Program Files (x86)\DealExpreass deleted "C:\WINDOWS\tasks\3f565ed8-ee47-4c4a-8ca3-ea7a595dab9c-10_user.job" deleted "C:\WINDOWS\tasks\3f565ed8-ee47-4c4a-8ca3-ea7a595dab9c-3.job" deleted "C:\WINDOWS\tasks\3f565ed8-ee47-4c4a-8ca3-ea7a595dab9c-6.job" deleted "C:\WINDOWS\tasks\3f565ed8-ee47-4c4a-8ca3-ea7a595dab9c-7.job" deleted "C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job" deleted "C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job" deleted "C:\WINDOWS\tasks\GreenLiving.job" deleted "c:\programdata\{d3a672bb-cb1c-4671-d3a6-672bbcb1caef}\6d4fbc2b3dbd6e61" deleted "c:\programdata\{d3a672bb-cb1c-4671-d3a6-672bbcb1caef}\a0b21a7e1a6989b5" deleted "c:\programdata\{d3a672bb-cb1c-4671-d3a6-672bbcb1caef}\hqghumeaylnlf.exe" deleted "C:\ProgramData\{fd5226d2-9e7c-1b28-fd52-226d29e79b4a}\3339657186907870792e.exe" deleted "c:\programdata\{d3a672bb-cb1c-4671-d3a6-672bbcb1caef}" deleted "C:\ProgramData\{fd5226d2-9e7c-1b28-fd52-226d29e79b4a}" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Eigenaar\AppData\Local\Temp ==== 2015-07-25 11:38:09 49EB08277F677F0BC17FAAE498FE71CD 43008 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkdo4z.dll 2015-07-21 09:45:23 0111F3B90D97F32AA60DE9B25E23108C 227840 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\9550\temp\3197631017438919389e.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-07-15 20:15:50 2BC0B2D0D19A65FF74E27BC9C6BEC393 367104 ----a-w- C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2015-07-15 20:15:47 F07E7EF7DC9FF275853A164AC02AA006 19734960 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2015-07-15 20:15:46 00E077C85F64897F5A4B093DD45CDE93 2706432 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2015-07-15 20:15:40 5D3EADE2F3C9F79F8ED40E724CBBB5EC 811008 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2015-07-15 20:15:30 FFFFA05A3C67F715D91978351F84D254 2460160 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2015-07-15 20:15:30 C68E1EC5B40FA3BAEF5088F15A687BA3 3607552 ----a-w- C:\WINDOWS\SysWOW64\msi.dll 2015-07-15 20:15:29 052FBC5525FA2975FC08EBD130BC0209 59904 ----a-w- C:\WINDOWS\SysWOW64\msiexec.exe 2015-07-15 20:15:25 780F3D4149BB3F98F1B5C97C74CCA527 332120 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll 2015-07-15 20:15:25 51A403F76D38BBA81E52AACB4CF858A1 802816 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2015-07-15 20:15:25 16170A51A9C84F364E5CBF0F6C7A25A8 747520 ----a-w- C:\WINDOWS\SysWOW64\rpcrt4.dll 2015-07-15 20:15:24 20E1183B113478AD3223DE56EF27B017 324096 ----a-w- C:\WINDOWS\SysWOW64\certcli.dll 2015-07-15 20:15:01 EB7494B829EB4252538AFFA534BBEC73 301056 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll 2015-07-15 20:15:01 B2B0FAC1B6684C1B066095DA63FDD821 35840 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll 2015-07-15 20:14:58 BE2E7F60FE2D64346530A31E60F41505 4520448 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-07-15 20:14:53 6125B69B76160B3B7D07653EE8034272 27136 ----a-w- C:\WINDOWS\SysWOW64\wups.dll 2015-07-15 20:14:53 00AFDE50445AE39F2B6DE0FAC937D7DF 721920 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2015-07-15 20:14:52 DE3A47073AE1D0554C6BC8209EAA61D6 81920 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2015-07-15 20:14:52 9F8E5FF86AD54E60537158E30230A4FD 29696 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2015-07-15 20:14:52 73C97B94FDCA957A2BEF94EEF66B9D82 124928 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2015-07-15 20:14:01 116F506573B59B85CD0DC18527E9951A 19877376 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-07-15 20:13:40 AFAEB9E4269846C64DC9721B1BFA5CEC 12855296 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-07-15 20:13:37 8EDF7B6D3A563DAA06DD87053C734168 2279424 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-07-15 20:13:37 05CA106A1B68770BDABB9AA7AEAE516A 1310720 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2015-07-15 20:12:27 E2B8238F0A0D1ADBA3AE4A6D6F0EC756 1951232 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-07-15 20:12:26 100C1CE9CD6B071C257CF01BC8862FC2 1048576 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll 2015-07-15 20:12:25 FBAB9BC4D37919C1FF3ABC8EF7B6519A 73216 ----a-w- C:\WINDOWS\SysWOW64\tdc.ocx 2015-07-15 20:12:25 D8BF6D6A53F01F994FD1E418214A6A3F 689152 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2015-07-15 20:12:25 A4CDF35747C0023EAA346A602398B21A 504320 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-07-15 20:12:25 77A44634B72E71572EDBBA68CF3396EF 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-07-15 20:12:25 6163462E9F2F2252C1923F00B0156324 64000 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-07-15 20:12:25 23EFF186B887412CC057F49091D6AFCC 478208 ----a-w- C:\WINDOWS\SysWOW64\ieui.dll 2015-07-15 20:12:24 BC8215B25C42E741A80BC4B264427070 880128 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2015-07-15 20:12:24 7D28B19A2238BBC853A10134C1D6F8EB 2052608 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-07-15 20:12:24 56F69242999ADD150DDBE8F20B27873D 168960 ----a-w- C:\WINDOWS\SysWOW64\msrating.dll 2015-07-15 20:12:24 3BFAB08093416CB6B9215183BA7D4197 285696 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2015-07-15 20:12:23 E521E979CD0E965A98B62DD97179455B 327168 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-07-15 20:12:23 C9C47A696BFB186CE23E7AD9421520F6 664064 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-07-15 20:12:23 6D7282F5A10E4A99F990FC19C6DF8010 230400 ----a-w- C:\WINDOWS\SysWOW64\webcheck.dll 2015-07-15 20:12:23 52C0648A543920034213337C2BC3E7F7 128000 ----a-w- C:\WINDOWS\SysWOW64\iepeers.dll 2015-07-15 20:12:23 1E89000637EC1481143FAED744BB3BA1 76288 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2015-07-15 20:12:13 A7AF3885B327D574682693E4E71CDD68 1097216 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2015-07-15 20:12:13 7F99D7C779056615EA4F110AB11D0BE5 1212248 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll 2015-07-15 20:12:13 4321AD4636F0E8E11A7B06B346D44AF0 513480 ----a-w- C:\WINDOWS\SysWOW64\locale.nls 2015-07-15 20:12:12 00DDCA458B06F9FDBD94B0245011D108 2471424 ----a-w- C:\WINDOWS\SysWOW64\msftedit.dll 2015-07-15 20:12:01 910003CCC721F96A7C7017D53A3AB4A6 5264384 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2015-07-15 18:45:54 7A90616C7D520E7FEAB28317F1FDA814 8015969 ----a-w- C:\WINDOWS\SysWOW64\1.exe ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-07-15 20:15:56 6D8BE0E262EE5D45DE47B772F9D6C3F3 1145856 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2015-07-15 20:15:56 4310B66A618A71B48BA092C4A514B8A5 1084928 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2015-07-15 20:15:56 195770B066EBA124F9363A8A3E5E51C6 726528 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2015-07-15 20:15:55 F91793E2D348FB3D1C8EAD70ECBB3F49 764928 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2015-07-15 20:15:55 C20BFFEA714E9F71FC7BCDCFB2502396 433152 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2015-07-15 20:15:55 B96E8ECF192F2549A30F6A6E5548191D 67584 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-07-15 20:15:55 7C20B163DE8138A311537C65B9E58EC0 26288 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe 2015-07-15 20:15:54 F368216A5F98B92AD02E7F61229B1B5B 227328 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2015-07-15 20:15:52 ABF88BB697E853B29915EE72CEF0382F 130048 ----a-w- C:\WINDOWS\Sysnative\WiFiDisplay.dll 2015-07-15 20:15:51 C8D39A07CAD9EF1C86BD5D7CAC98DA54 227328 ----a-w- C:\WINDOWS\Sysnative\profsvc.dll 2015-07-15 20:15:50 8B9F3796EC1762CF255BDB324E5529C8 522240 ----a-w- C:\WINDOWS\Sysnative\GeofenceMonitorService.dll 2015-07-15 20:15:49 E2428B9CCECB17A3D42E985099BF621B 22292672 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2015-07-15 20:15:46 711D110F426EF6C2E705AE1E749F8F02 3109376 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll 2015-07-15 20:15:45 DD3D37B54CFB348BA23D174CF1EF1F47 4177920 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2015-07-15 20:15:40 35A4955E1D2646FC01EDC70C6738E3B2 971776 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2015-07-15 20:15:30 A7E6931FBB62F18C5DAE52E9AC379C05 3320320 ----a-w- C:\WINDOWS\Sysnative\msi.dll 2015-07-15 20:15:30 4043D5D64F57F86DE757ACD07FB500DB 2774528 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2015-07-15 20:15:29 2403EA62E45389F353E507A4EDA94F5D 65024 ----a-w- C:\WINDOWS\Sysnative\msiexec.exe 2015-07-15 20:15:25 B01F3377CB949F72366D0B014FF060B9 442712 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll 2015-07-15 20:15:25 63040C9A508532F90F6D0BF57E556B82 989184 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2015-07-15 20:15:25 2F802C0E8B7714268C788D0625E6FBE2 1311960 ----a-w- C:\WINDOWS\Sysnative\rpcrt4.dll 2015-07-15 20:15:24 415862B5FF298A751D775AC49730D04C 1441792 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2015-07-15 20:15:24 14AADFF241A96629D64DD7F015976E82 445440 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2015-07-15 20:15:03 C6264DEDF8FE95FAB9AFC47C3F95A6A8 37888 ----a-w- C:\WINDOWS\Sysnative\werdiagcontroller.dll 2015-07-15 20:15:03 431FE56F5A2F5937994CB2DA330B47DB 230400 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll 2015-07-15 20:15:03 0F03CC00645D7F841879A048787D6AC7 911360 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2015-07-15 20:15:01 3914465775345215CCD1C5D073DC5897 44032 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll 2015-07-15 20:15:01 2C98F0971126E7530A6FA1EF572F2129 358912 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll 2015-07-15 20:15:00 EEACF91E8C44AEA612030418DDAA7EC9 5923840 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-07-15 20:14:53 DE5203BE4C45434F1EE6FB3FB451F9F8 891904 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2015-07-15 20:14:53 AEE0035F389ED7EFE23E01253BFA382E 35840 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe 2015-07-15 20:14:53 6AFBB018517367B69076CC84ABF9CA80 136904 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2015-07-15 20:14:53 50CEC061C6D6FD2B9C89BECD08991CCB 3701760 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-07-15 20:14:52 F8B153D04E96D5E24C4F482133B99753 140288 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2015-07-15 20:14:52 B137687B02C877047CCD4873D2925814 359936 ----a-w- C:\WINDOWS\Sysnative\WinSetupUI.dll 2015-07-15 20:14:52 97A706C00A1ADCF8C5875BC29BB9DBA3 95744 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2015-07-15 20:14:52 89DCA2C3E77CDAC198A395DB73617CCF 409088 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2015-07-15 20:14:52 27BF17D45CEBD10D0096038C5B38D288 2229248 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2015-07-15 20:14:51 B50599B542623B6C3A731F15A8C0D5AB 66048 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2015-07-15 20:14:51 2DF64AE63F4A95252E9AA626C5C65740 52224 ----a-w- C:\WINDOWS\Sysnative\wups2.dll 2015-07-15 20:14:03 D74E2BE157B8A2A9CF29BEBB052B8A42 25193984 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-07-15 20:13:42 6A70888EEC05B45C8990E8977C480019 14453248 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-07-15 20:13:38 41D59904967A4033FB4497DCED7320AD 2885632 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-07-15 20:13:37 78E4D3781E5632BA88E5153510BEB625 1545728 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-07-15 20:13:00 1259148E2B17FA7717E4550F58568BC8 2880000 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll 2015-07-15 20:12:46 98C6A46E9E2822BF83196C2EAE43DBD4 2427392 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-07-15 20:12:25 CF84C52C84418075D1663C376DB04C18 88064 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll 2015-07-15 20:12:25 A21CB1630BD6D07CB9B83195F6269E63 633856 ----a-w- C:\WINDOWS\Sysnative\ieui.dll 2015-07-15 20:12:25 9EB977926D63823082883F35C9774C94 2125824 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2015-07-15 20:12:25 9889590CA1A0F95F310A9616FA87B6FD 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2015-07-15 20:12:25 0E1D68E6691BBC62AF4CDF7F7A12C598 584192 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-07-15 20:12:24 C0CB840274D41027E51A81F9DE2CC4C1 199680 ----a-w- C:\WINDOWS\Sysnative\msrating.dll 2015-07-15 20:12:24 9C989DC61ABFB3479607DABF16BBF300 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-07-15 20:12:24 66D75C8BDA2467A21793F2FCED29B723 92160 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2015-07-15 20:12:23 ECFE64A113A2DFEF26442EA91AC7E9BF 87552 ----a-w- C:\WINDOWS\Sysnative\tdc.ocx 2015-07-15 20:12:23 C1DC2E63FBBC734BB9B11FF7FDAF30D6 816640 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-07-15 20:12:23 A82A658C7120E513A44EC477D7AE7A52 145408 ----a-w- C:\WINDOWS\Sysnative\iepeers.dll 2015-07-15 20:12:23 90E6E79D624D86CC4F4AF7C57EB91396 262144 ----a-w- C:\WINDOWS\Sysnative\webcheck.dll 2015-07-15 20:12:23 6B56CD995655081863FFB663EA519DBA 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2015-07-15 20:12:23 404A75D7815A7202753453FF9391D2D8 316928 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2015-07-15 20:12:14 04659158548DB53FFFC51ADC5CBE3858 1380600 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2015-07-15 20:12:13 4321AD4636F0E8E11A7B06B346D44AF0 513480 ----a-w- C:\WINDOWS\Sysnative\locale.nls 2015-07-15 20:12:13 2B13658119199E4F06ED32E6C266DF85 332800 ----a-w- C:\WINDOWS\Sysnative\fhcpl.dll 2015-07-15 20:12:13 171705D0C4E4442241C6098D4FF1C059 1661576 ----a-w- C:\WINDOWS\Sysnative\ole32.dll 2015-07-15 20:12:12 30BAC398731D69A658BE751C74CFDD31 3084288 ----a-w- C:\WINDOWS\Sysnative\msftedit.dll 2015-07-15 20:12:11 6306792367F832DE7738D11049335CF6 564224 ----a-w- C:\WINDOWS\Sysnative\apphelp.dll 2015-07-15 20:12:07 D73DBBB96CEE90C2856164AAD8543425 294912 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll 2015-07-15 20:12:07 0547AC2CA333162E928351B1DF3144F3 410739 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2015-07-15 20:12:01 201A0988DB1113FE506781AC77BBCC3F 7784448 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-07-15 20:15:43 0CC00ADC1B84C93FB46E1A0974E956E1 1201664 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2015-07-15 20:15:42 312BB35275EB15145F4B6D1FFCE56C50 20992 ----a-w- C:\WINDOWS\Sysnative\drivers\usb8023.sys 2015-07-15 20:15:28 7D123389FCD97D84881BA9C07012BA0C 67584 ----a-w- C:\WINDOWS\Sysnative\drivers\storvsp.sys 2015-07-15 20:15:25 BCBD64220AD85C26823453FF1DC3EFBD 284672 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2015-07-15 20:15:25 6FBDF2B1B025A8E6E069234362FFFFB7 401408 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2015-07-15 20:15:25 57C2473D501331211D6885FD59F3E44B 202240 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2015-07-15 20:15:24 46711F40D0F9E63F786ED23F9BD5215E 178008 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys ====== C:\WINDOWS\Tasks ====== 2015-07-20 21:45:07 A0DBA3669A2588536D0767698F56B720 3266 ----a-w- C:\WINDOWS\Sysnative\Tasks\MemoryExpander 2015-07-20 21:45:06 C33E2815ADECFE37D437A9474713CF5A 374 ----a-w- C:\WINDOWS\Tasks\MemoryExpander.job 2015-07-08 18:23:52 000E5E9245ECE630801FA3C8EF13249C 5054 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for Laptop-Eigenaar Laptop ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-07-25 11:23:42 -------- d-----w- C:\PROGRA~2\trend micro 2015-07-15 18:46:00 -------- d-----w- C:\PROGRA~2\Flat Spread ======= C: ===== ====== C:\Users\Eigenaar\AppData\Roaming ====== 2015-07-25 11:37:33 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-09 18:35:22 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Popcorn-Time 2015-07-09 18:33:06 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-07-09 18:32:01 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Popcorn Time ====== C:\Users\Eigenaar ====== 2015-07-10 21:13:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-07-09 14:25:35 8A6C5C1EE2A811A3CB12FC85C447CDC9 468 --sha-r- C:\ProgramData\ntuser.pol 2015-07-07 17:53:38 -------- d-----r- C:\Users\Eigenaar\Dropbox ====== C: exe-files == 2015-07-25 11:30:55 FD73CE6356B85AD817E1F3F45DFA2F09 1461408 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\appvcleaner.exe 2015-07-25 11:30:55 7BBC2EA60D211D8A92AACFB58A20409E 866536 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\integratedoffice.exe 2015-07-25 11:30:55 565CAD57216625CC2570EF931B41FF6F 914120 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\officec2rclient.exe 2015-07-25 11:30:55 39AD82B006786799438123A983AC795C 2753720 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\officeclicktorun.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-21-3550189732-4237687313-608669744-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Eigenaar\AppData\Local\Akamai\netsession_win.exe" "Google Update"="C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "HP Officejet 4630 series (NET)"="C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe -deviceID CN4CA594F705Y0:NW -scfn HP Officejet 4630 series (NET) -AutoStart 1" "uTorrent"="C:\Users\Ivar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Dropbox Update"="C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Eigenaar\AppData\Local\Akamai\netsession_win.exe" "Google Update"="C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "HP Officejet 4630 series (NET)"="C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe -deviceID CN4CA594F705Y0:NW -scfn HP Officejet 4630 series (NET) -AutoStart 1" "uTorrent"="C:\Users\Ivar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Dropbox Update"="C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2015-03-08 16:53:41 1196 ----a-w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-07-07 23:28:39 1133 ----a-w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk 2015-04-29 10:00:55 2123 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Bidaily Synchronize Task[74c7].job --a-------- C:\programdata\d3a672bb-cb1c-4671-d3a6-672bbcb1caef\hqghumeaylnlf.exe [] C:\WINDOWS\tasks\Bidaily Synchronize Task[973b].job --a-------- C:\programdata\9a01433a-a62e-6d47-9a01-1433aa620cea\download minecraft 1.7.2 cracked full game free for windows.exe [] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001Core.job --a-------- C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18-06-2015 08:53] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001UA.job --a-------- C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18-06-2015 08:53] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001Core.job --a-------- C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [29-12-2013 18:04] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001UA.job --a-------- C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [29-12-2013 18:04] C:\WINDOWS\tasks\MemoryExpander.job --a-------- C:\programdata\fd5226d2-9e7c-1b28-fd52-226d29e79b4a\3339657186907870792e.exe [] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [13-09-2012 11:11] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Bidaily Synchronize Task[74c7]" [c:\programdata\{d3a672bb-cb1c-4671-d3a6-672bbcb1caef}\hqghumeaylnlf.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001Core" [C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001UA" [C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001Core" [C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3550189732-4237687313-608669744-1001UA" [C:\Users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\MemoryExpander" [c:\programdata\{fd5226d2-9e7c-1b28-fd52-226d29e79b4a}\3339657186907870792e.exe] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{1DA0CD16-0639-450B-83DF-20E75710D496}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3A5329EF-3E32-48C0-9471-5C75750FAF3A}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Firefox Proxy Settings ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\jilvp4tp.default user_pref("network.proxy.type", 5); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "url_advisor@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com" [25-10-2014 12:08] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\jilvp4tp.default - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com - Undetermined - %ProfilePath%\extensions\staged AppDir: C:\Program Files (x86)\Mozilla Firefox - Firefox Helper - %AppDir%\distribution\bundles\26c8690aab4ced3e0b7a9f3397823e7d ==== Firefox Plugins ====================== Profilepath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\jilvp4tp.default 6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Eigenaar\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Eigenaar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin E37EAD09D28AE19D8A39B6A95F47513A - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director 99E2145307150EB8AB78F4F888F97DBE - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll - Nexon Game Controller 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3550189732-4237687313-608669744-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{d4da7309-b89a-45ec-8ebb-cfb2ae13618b} deleted successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1125 folders=146 195198823 bytes) ==== EOF on za 25-07-2015 at 14:24:46,36 ======================