Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by User1 on za 29/08/2015 at 13:01:19,47.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDQZDTB9\zoek[1].exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

29/08/2015 13:04:06 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\User1\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\User1\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

AVG 2015  
D3DX10  
Junk Mail filter update  
Malwarebytes Anti-Malware versie 2.1.8.1057  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Client Profile NLD Language Pack  
Microsoft Application Error Reporting  
Microsoft SQL Server 2005 Compact Edition [ENU]  
MSVCRT  
MSVCRT_amd64  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Visual Studio 2012 x64 Redistributables  
Visual Studio 2012 x86 Redistributables  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Mail  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  

==== Running Processes ======================

C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDQZDTB9\zoek[1].exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"DriverMax_RESTART"=- 

==== Deleting Files \ Folders ======================

C:\Program Files\Reimage deleted
C:\Program Files\AVAST Software deleted
C:\Program Files\Microsoft Security Client deleted
C:\Users\User1\Downloads\ReimageRepair (1).exe deleted
C:\Users\User1\Downloads\ReimageRepair (2).exe deleted
C:\Users\User1\Downloads\ReimageRepair.exe deleted
C:\Windows\Reimage.ini deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3894 MB
CPU Info: Intel(R) Core(TM) i3 CPU       M 330  @ 2.13GHz
CPU Speed: 2106,2 MHz
Sound Card: Luidsprekers (High Definition A | 
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Broadcom 802.11n-netwerkadapter | Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
CD / DVD Drives: 1x (F: | ) F: hp      CDDVDW TS-L633N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Mouse Present
Hard Disks: C:  449,8GB | D:  15,6GB | E:  99,0MB
Hard Disks - Free: C:  396,9GB | D:  11,9GB | E:  99,0MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 11/09/11 | DELL   - 1
Time Zone: Romance (standaardtijd)
Motherboard *: Hewlett-Packard 143A
Country: Belgi‰ 
Language: NLB 

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Google Chrome	40.0.2214.91
Internet Explorer version: 8.0.7601.17514 

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-08-23 17:28:20	B32189BDFF6E577A92BAA61AD49264E6	193536	----a-w-	C:\Windows\notepad.exe
====== C:\Users\User1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-08-29 07:12:18	8B01FB723F3B30AB3DEBDDBF97CFE577	515416	----a-w-	C:\Windows\SysWOW64\XAudio2_5.dll
2015-08-29 07:12:18	30686ECE80545E06D78D156EB9F7D463	69464	----a-w-	C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-08-29 07:12:16	501AC862517C5445742BEE8A2B88414E	453456	----a-w-	C:\Windows\SysWOW64\d3dx10_42.dll
2015-08-29 07:11:03	26AF232140C88B42D92A88F2198EDF6A	3426072	----a-w-	C:\Windows\SysWOW64\d3dx9_32.dll
2015-08-24 19:39:12	3B9E2AB1F3ABC53D4A423E699EB625C8	419936	----a-w-	C:\Windows\SysWOW64\locale.nls
2015-08-24 12:01:35	6B003E11CDBDA3B45A3D16E5A9D3F73B	82432	----a-w-	C:\Windows\SysWOW64\davclnt.dll
2015-08-24 12:01:35	55C70654420DBF429604FD567E6F3CD3	206848	----a-w-	C:\Windows\SysWOW64\WebClnt.dll
2015-08-24 12:01:33	EA1BE72A8CD5CEA7B6E6649D1FD78BA1	1241088	----a-w-	C:\Windows\SysWOW64\msxml3.dll
2015-08-24 12:01:33	121E2E789BE080EB86DA71F95B611DF2	1390592	----a-w-	C:\Windows\SysWOW64\msxml6.dll
2015-08-24 12:01:32	B6F9E4CDA3069B03F654B650A5379E60	2048	----a-w-	C:\Windows\SysWOW64\msxml3r.dll
2015-08-24 12:01:32	127EE7F36CEA127ECCA55BECBC230398	2048	----a-w-	C:\Windows\SysWOW64\msxml6r.dll
2015-08-24 12:01:26	FDDBC680BDA6E502736BDBC692571B91	2088448	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-08-24 12:01:26	9416705320EA2DE0807E0F58231B0DA2	1267712	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-08-24 12:01:24	D2767D6F3AA393A653402079D9B6C566	428544	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-08-24 12:01:24	A627A4EB5DBB8A7007BF1A06D2B9663B	195072	----a-w-	C:\Windows\SysWOW64\msrating.dll
2015-08-24 12:01:24	1BEA6C668F1C4F451EC2E90F7E17B1CB	981504	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-08-24 12:01:23	6ABDA50F76CFF38549D10C93921DC094	48128	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2015-08-24 04:41:20	4FA66A573E9A45D05AD5A25B1E76A35D	103120	----a-w-	C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-23 18:01:59	DC18FFFF3175376ABD38E6D48309F7F9	3934656	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-23 18:01:59	6C95D6264810F816E92780E7DB81F7B1	3989952	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-23 18:01:58	FC85BC746818EE9B5181EA0B1C882778	552960	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2015-08-23 18:01:57	FE748FEAA8A5A7677DA1C2C6CE405ADE	248832	----a-w-	C:\Windows\SysWOW64\schannel.dll
2015-08-23 18:01:57	5792E7C663FAA39335D4F787B9499490	1311768	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2015-08-23 18:01:57	37CE74C8094AD7D1D3B79A8D2849803E	665088	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2015-08-23 18:01:57	15400F593C9023CDC1D144C30BBDA47A	259584	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2015-08-23 18:01:56	A38E10B4143A19F32D64517B6A1FCB98	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2015-08-23 18:01:56	1EA1328207A915C9EB10AA1D102C0B52	686080	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2015-08-23 18:01:55	650B603F5C040727788F19AD0B8D09BC	221184	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2015-08-23 18:01:55	51C161D5638465251857B2207BD535CB	172032	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2015-08-23 18:01:55	4C2D57F3DDBC07D3CC59160CDC400AC0	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2015-08-23 18:01:55	0A4CE9AAA18F9DE7414C1E7BE572F5FA	274944	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2015-08-23 18:01:54	E70054ADA6AAB84659AB20D137747ACF	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2015-08-23 18:01:54	A2C5FAE51BC43B29525AAA5BF0B31259	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2015-08-23 18:01:54	8A82C9C4A205266DC22BB1C8F2E1AB2D	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2015-08-23 18:01:54	75706C0F199BC7658A98BEE452964587	36864	----a-w-	C:\Windows\SysWOW64\cryptbase.dll
2015-08-23 18:01:54	3982911B4C4F42B156D7347C1543CF9F	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2015-08-23 18:01:54	2506A1507B7CBFE069BC0289349786ED	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2015-08-23 18:01:54	086A1544FACAA91CD6F95FC4CDE16913	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2015-08-23 18:01:53	DD8BCBBC1C383F38F284E25CE39C136C	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2015-08-23 18:01:53	9E94CD7C6CBDC2C9B6A87AD9D5E4EF80	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2015-08-23 18:01:53	832494A551C2B2CCB616B2BE13A696A1	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2015-08-23 18:01:53	008BDC16E15B3B6EFB6E8B6684022F36	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2015-08-23 18:01:52	D5F9C627C221A3B4B6944EDBE90D642C	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2015-08-23 18:01:52	C899E7E3A4F42B802DA1E97F9908BD26	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2015-08-23 18:01:52	03A179385219FD37CDFB3E603F912CA7	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2015-08-23 17:33:21	DDE994E9159497D0D5AB2CDF66D1EAD6	76800	----a-w-	C:\Windows\SysWOW64\wdi.dll
2015-08-23 17:32:36	A98E8F79C738CAF23C152DBCABD978FE	11411456	----a-w-	C:\Windows\SysWOW64\wmp.dll
2015-08-23 17:32:35	DA27A4EA7B7C77FAFDB3F94D83E310C1	12625408	----a-w-	C:\Windows\SysWOW64\wmploc.DLL
2015-08-23 17:32:35	605E9B2CFA3445ED7716D0B345EE21EC	8192	----a-w-	C:\Windows\SysWOW64\spwmp.dll
2015-08-23 17:32:35	2401379E0610D15FAB78A4B1646F5B8D	4096	----a-w-	C:\Windows\SysWOW64\msdxm.ocx
2015-08-23 17:32:35	2401379E0610D15FAB78A4B1646F5B8D	4096	----a-w-	C:\Windows\SysWOW64\dxmasf.dll
2015-08-23 17:32:29	8D28FCB0502B9E0871AF42257091EE3E	36864	----a-w-	C:\Windows\SysWOW64\tsgqec.dll
2015-08-23 17:32:29	67AF92E4BEF45CA8CC99996D96D51688	131584	----a-w-	C:\Windows\SysWOW64\aaclient.dll
2015-08-23 17:32:29	136AA5B5E93C0C9B426D6AD68343CEE8	3221504	----a-w-	C:\Windows\SysWOW64\mstscax.dll
2015-08-23 17:32:09	4238391DE3E3FDCD2C731C1E4E0F402C	635392	----a-w-	C:\Windows\SysWOW64\tdh.dll
2015-08-23 17:32:08	9E68E1BDEBD85FC8803707370BE0FC6E	641536	----a-w-	C:\Windows\SysWOW64\advapi32.dll
2015-08-23 17:32:08	65A5E27C2217D606E212B6088CCD6104	92160	----a-w-	C:\Windows\SysWOW64\sechost.dll
2015-08-23 17:32:08	629AD3FDA168D82D459164044A29F9BB	40448	----a-w-	C:\Windows\SysWOW64\typeperf.exe
2015-08-23 17:32:08	3C1BE79C3CE6EB378108B11D94CA1072	364544	----a-w-	C:\Windows\SysWOW64\tracerpt.exe
2015-08-23 17:32:08	3B5DA649BF7B7D07510C06DE0AEEB4EB	82944	----a-w-	C:\Windows\SysWOW64\logman.exe
2015-08-23 17:32:07	FB224B0A63B8F58E91FE8A314AD295AD	17408	----a-w-	C:\Windows\SysWOW64\diskperf.exe
2015-08-23 17:32:07	3E6731BF36A7D6C62D09671B427B6B67	37888	----a-w-	C:\Windows\SysWOW64\relog.exe
2015-08-23 17:31:45	5B0C6247027FCF5A2E2F150E298D2FFA	3209728	----a-w-	C:\Windows\SysWOW64\mf.dll
2015-08-23 17:31:37	96DB6A923DEDB58FC7CBBF5CFF73314D	1329664	----a-w-	C:\Windows\SysWOW64\quartz.dll
2015-08-23 17:31:36	DCC148408770F2D55B201F8FC26438A1	988160	----a-w-	C:\Windows\SysWOW64\drmv2clt.dll
2015-08-23 17:31:35	B7D2BB84C590F0AE9DA51DBB065A780E	1005056	----a-w-	C:\Windows\SysWOW64\cryptui.dll
2015-08-23 17:31:35	98C1191C862B44567FCF3C18BAEE859E	519680	----a-w-	C:\Windows\SysWOW64\qdvd.dll
2015-08-23 17:31:35	003C51B9FE38287BA4E0E58D3AE080BD	744960	----a-w-	C:\Windows\SysWOW64\blackbox.dll
2015-08-23 17:31:34	CFFA0572410840DED2954B3C50EBEE23	2135040	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-08-23 17:31:34	833FCABCB5D95B1911BA6E62FC82AC04	617984	----a-w-	C:\Windows\SysWOW64\wmdrmsdk.dll
2015-08-23 17:31:33	C5667EE72D7364BE81516C0707FEF724	354816	----a-w-	C:\Windows\SysWOW64\mfplat.dll
2015-08-23 17:31:33	BB73C907D1BD437B6C30F2C23BB089FC	406016	----a-w-	C:\Windows\SysWOW64\drmmgrtn.dll
2015-08-23 17:31:33	320A8699369C43CF53B2DB4538D17C52	504320	----a-w-	C:\Windows\SysWOW64\msscp.dll
2015-08-23 17:31:33	2D4814D567E5A85C473228BA772A7AFB	489984	----a-w-	C:\Windows\SysWOW64\evr.dll
2015-08-23 17:31:32	70E96EBE87A38857619671FCB9C8EC7B	265216	----a-w-	C:\Windows\SysWOW64\msnetobj.dll
2015-08-23 17:31:31	AF47EAA4ADDA9AA221FB7647EE22BF53	103424	----a-w-	C:\Windows\SysWOW64\mfps.dll
2015-08-23 17:31:31	A56F4029FDCF4F817E78953CDA953E28	442880	----a-w-	C:\Windows\SysWOW64\AUDIOKSE.dll
2015-08-23 17:31:31	2D21189858856316D55EAD55DF4964C2	374784	----a-w-	C:\Windows\SysWOW64\AudioEng.dll
2015-08-23 17:31:31	08FF727297A97907AADED4BA86CF44E9	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2015-08-23 17:31:30	E0AB9CA912398BE1AAD14FF7AD75C397	50688	----a-w-	C:\Windows\SysWOW64\appidapi.dll
2015-08-23 17:31:29	B54FD1991E659FD61EF1D34EC27AAECD	81408	----a-w-	C:\Windows\SysWOW64\cryptsp.dll
2015-08-23 17:31:29	50B8937A81360D16A5C772302BD32CFE	195584	----a-w-	C:\Windows\SysWOW64\AudioSes.dll
2015-08-23 17:31:29	49F4EE8DF752CFA159B99046CD1FDD2B	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2015-08-23 17:31:19	2F3CE58D8C276570EEB69C99CFBAFD58	2048	----a-w-	C:\Windows\SysWOW64\mferror.dll
2015-08-23 17:30:54	418AEC0CE89A13200F2820079B9CDFD9	216064	----a-w-	C:\Windows\SysWOW64\InkEd.dll
2015-08-23 17:29:51	B804EAA9E037580F96C22537C2ECB62A	171520	----a-w-	C:\Windows\SysWOW64\ubpm.dll
2015-08-23 17:29:45	744AB3C1A73A57DEED49D631F1BDEA1D	2311168	----a-w-	C:\Windows\SysWOW64\wpdshext.dll
2015-08-23 17:29:37	143046AC227C193B5B2E0E20BC0CF1DD	312320	----a-w-	C:\Windows\SysWOW64\gdi32.dll
2015-08-23 17:29:30	58788565442368B0615DDAF1D452B843	530432	----a-w-	C:\Windows\SysWOW64\comctl32.dll
2015-08-23 17:29:21	4548507ED3C17DB4739DBBEAF6378004	1414656	----a-w-	C:\Windows\SysWOW64\ole32.dll
2015-08-23 17:29:10	F4AFDB5ABEA0C9079E8193E24D1DB21D	1174528	----a-w-	C:\Windows\SysWOW64\crypt32.dll
2015-08-23 17:29:10	33F67BBCC3C0499D3F3382473114CFA8	143872	----a-w-	C:\Windows\SysWOW64\cryptsvc.dll
2015-08-23 17:29:09	D864C283FFD7C080FDC25FD4C798FF8D	103936	----a-w-	C:\Windows\SysWOW64\cryptnet.dll
2015-08-23 17:29:09	588D52C2D0E60EE71FD5A64407865B10	179200	----a-w-	C:\Windows\SysWOW64\wintrust.dll
2015-08-23 17:28:39	D7C4ABB0F1FFA371928EED0C7A6E24DC	2364416	----a-w-	C:\Windows\SysWOW64\msi.dll
2015-08-23 17:28:39	7B4277F9E9F48D5D8E6AEA341F8048E8	1805824	----a-w-	C:\Windows\SysWOW64\authui.dll
2015-08-23 17:28:38	F61A069A5517F85662ED9A6C5AD5445A	73216	----a-w-	C:\Windows\SysWOW64\msiexec.exe
2015-08-23 17:28:38	C08582E7F8EA706A2D4A3C7BD5AC35C1	337408	----a-w-	C:\Windows\SysWOW64\msihnd.dll
2015-08-23 17:28:38	A344B1EFA7DB86AE1407039CD596FB1E	25088	----a-w-	C:\Windows\SysWOW64\msimsg.dll
2015-08-23 17:28:25	680D463893C9846CC6A1DA6012DD0FE5	299520	----a-w-	C:\Windows\SysWOW64\atmfd.dll
2015-08-23 17:28:24	1ABDC936A761FCF44A47600819783607	1081856	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2015-08-23 17:28:22	9E2F12744DD9810961031C56FBB691F4	25600	----a-w-	C:\Windows\SysWOW64\lpk.dll
2015-08-23 17:28:22	7983F3481E89B96074FAE9AFCC24079C	70656	----a-w-	C:\Windows\SysWOW64\fontsub.dll
2015-08-23 17:28:22	556C2554154D20B57800F40D28AA2386	1171456	----a-w-	C:\Windows\SysWOW64\d3d10warp.dll
2015-08-23 17:28:22	520AEC6C64AF2CFD74B469DB98611D4A	10240	----a-w-	C:\Windows\SysWOW64\dciman32.dll
2015-08-23 17:28:22	400C20D6967A83EA69D6953EBB8D3FA3	34304	----a-w-	C:\Windows\SysWOW64\atmlib.dll
2015-08-23 17:28:20	A4F6DF0E33E644E802C8798ED94D80EA	179712	----a-w-	C:\Windows\SysWOW64\notepad.exe
2015-08-23 17:28:17	A208DAC2932649CFF82A6A684D8BB1F6	571904	----a-w-	C:\Windows\SysWOW64\oleaut32.dll
2015-08-23 17:28:13	C489D8B4D8C64F20CC75A93F541F7D91	123904	----a-w-	C:\Windows\SysWOW64\poqexec.exe
2015-08-23 17:28:10	84B460BB65567ED42DD605FA044DB370	828928	----a-w-	C:\Windows\SysWOW64\msctf.dll
2015-08-23 17:28:08	60FB8F30D1C910631CCC0AFB3DB23598	1011200	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2015-08-23 17:28:03	DCA2C6E7990771209CDD8E9DA90ED0E2	5120	----a-w-	C:\Windows\SysWOW64\shimeng.dll
2015-08-23 17:28:03	D3E8C7FADB758E5D222C639CC65790AD	295936	----a-w-	C:\Windows\SysWOW64\apphelp.dll
2015-08-23 17:28:03	715C060150D969B0DE5DD5B365A712AF	20992	----a-w-	C:\Windows\SysWOW64\sdbinst.exe
2015-08-23 17:28:02	B3BC38B886CA53C92D52EF724A9F0D45	308224	----a-w-	C:\Windows\SysWOW64\scesrv.dll
2015-08-23 17:27:33	D0CA74BE380498A0111A73EB9C76CF8F	342016	----a-w-	C:\Windows\SysWOW64\certcli.dll
2015-08-23 17:26:40	4478348E3942AD9EED9AB263AFE7CD83	12875776	----a-w-	C:\Windows\SysWOW64\shell32.dll
2015-08-23 17:16:28	D824C1C235349B67E652A5CA70D1AA49	58880	----a-w-	C:\Windows\SysWOW64\clfsw32.dll
2015-08-23 17:15:53	AA68E88A5CEC6AE30CBD24941DD8FE5E	318464	----a-w-	C:\Windows\SysWOW64\WMPhoto.dll
2015-08-23 17:07:06	6E91F67335D57DDFFE798C815444B0E3	210432	----a-w-	C:\Windows\SysWOW64\cewmdm.dll
2015-08-23 17:04:46	FBECE2B32A3658AEB609DC5A1021100F	30208	----a-w-	C:\Windows\SysWOW64\wups.dll
2015-08-23 17:04:46	E96D0EEAAE0446F664EE15703BB32A34	93184	----a-w-	C:\Windows\SysWOW64\wudriver.dll
2015-08-23 17:04:46	A02515B58D318F427FBA64437FB0EDDF	566784	----a-w-	C:\Windows\SysWOW64\wuapi.dll
2015-08-23 17:04:46	742AC3EF3C7C30F0EBF628D6D03BB399	34816	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2015-08-23 17:04:46	4447FD20A6B48D05E8392B6E18A194A8	173056	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-08-29 07:12:16	B739C423276AE62D7AC91773226EC13B	523088	----a-w-	C:\Windows\Sysnative\d3dx10_42.dll
2015-08-29 07:11:03	A4DDFE5DC4E73D1FED9B1B3A3D885612	4398360	----a-w-	C:\Windows\Sysnative\d3dx9_32.dll
2015-08-24 19:39:12	3B9E2AB1F3ABC53D4A423E699EB625C8	419936	----a-w-	C:\Windows\Sysnative\locale.nls
2015-08-24 12:01:35	4E89FC53493704BF835F0300DC201C34	260096	----a-w-	C:\Windows\Sysnative\WebClnt.dll
2015-08-24 12:01:35	16FD9A0F6EDEF091A72D7D3B77574008	102912	----a-w-	C:\Windows\Sysnative\davclnt.dll
2015-08-24 12:01:33	40EA064E91C6A63FDBC83259FC5BD4F8	2004992	----a-w-	C:\Windows\Sysnative\msxml6.dll
2015-08-24 12:01:33	32A74A5BC52EF569BC65252AF6F28578	1887232	----a-w-	C:\Windows\Sysnative\msxml3.dll
2015-08-24 12:01:32	99119778A8E44F077E46B0870B8DD6A8	2048	----a-w-	C:\Windows\Sysnative\msxml3r.dll
2015-08-24 12:01:32	22DC6C17443DECC9EBE258220906DCAC	2048	----a-w-	C:\Windows\Sysnative\msxml6r.dll
2015-08-24 12:01:27	D1C9551CDA01DE4CE58C2EC216D562E0	2470912	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-08-24 12:01:26	C9DAA7774DE50664676585B1992E2A07	610816	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-08-24 12:01:26	6B09887FE31C92CD67A08B6FCE131E11	1539584	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-08-24 12:01:25	5CFAB9F8E847372D809426AF436B9DCC	1188864	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-08-24 12:01:24	9CF639524D43D344316220B33C629D1F	241152	----a-w-	C:\Windows\Sysnative\msrating.dll
2015-08-24 12:01:23	992288405CCAB472B88EA2B102CDDC40	64512	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2015-08-24 04:41:20	52ED64BF80D360B0EA2B6E5F1504CDFF	124624	----a-w-	C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-08-23 18:02:01	B9A07A9807A4BAC067498CC8D77F3D4D	5568960	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-08-23 18:02:00	AF249D7461E228EBBD1C7E98D99B3B12	1461760	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2015-08-23 18:02:00	A0502BF52867F00FD9C67D1C355F6C91	1216512	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2015-08-23 18:02:00	3F63C62D9183235792A46C0B66EAAD04	1730496	----a-w-	C:\Windows\Sysnative\ntdll.dll
2015-08-23 18:01:58	6DC249682EA708DA1C4B5CBD9C016F21	729088	----a-w-	C:\Windows\Sysnative\kerberos.dll
2015-08-23 18:01:58	46041293D887F4D89979874015F26B30	342016	----a-w-	C:\Windows\Sysnative\schannel.dll
2015-08-23 18:01:57	B892459EC8441FFB9E045CCE73862868	424960	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2015-08-23 18:01:57	77E88D36E88FDC825DCCBF269F81ED3E	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2015-08-23 18:01:57	72585BDAF2EC5237EBD71D540657D6A2	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2015-08-23 18:01:57	6518A42BE5B157EF3DC3ED4F8BE4CA46	315392	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2015-08-23 18:01:56	E80CA72FA43BF258E72C408CEF9839BE	215040	----a-w-	C:\Windows\Sysnative\winsrv.dll
2015-08-23 18:01:56	DAF50D708FF79AC4AE0A1C256A9BEE33	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2015-08-23 18:01:56	7245C8C33397B90E376B9BB54E2A96C8	309760	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2015-08-23 18:01:56	2E730941CC5BF6200A4F56D1E9C24AAD	1743360	----a-w-	C:\Windows\Sysnative\sysmain.dll
2015-08-23 18:01:56	25AADF664F576D1C264F8AC27B4838DF	686080	----a-w-	C:\Windows\Sysnative\adtschema.dll
2015-08-23 18:01:55	D6431591DEED9D47E9266890FB2BFBBC	210944	----a-w-	C:\Windows\Sysnative\wdigest.dll
2015-08-23 18:01:55	61024C6DE4EEBC6BCC92422F0AE3CE94	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2015-08-23 18:01:55	35766EDA62E3FA02B897182219EEDF8A	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2015-08-23 18:01:55	354D59027DE2BFB3A63E8E7DBAF081D8	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2015-08-23 18:01:54	FFAD95FF2FE4B14F91E437E03D1F68BA	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2015-08-23 18:01:54	EBB9C6638109A3486EBA51D28837495C	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2015-08-23 18:01:54	E6D24098FDB4A9C29007696B79389DB9	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2015-08-23 18:01:54	E615E2FF68D64B52CEFDCD24332D61F5	136192	----a-w-	C:\Windows\Sysnative\sspicli.dll
2015-08-23 18:01:54	99D1FAA337A4EF3C33E256C79DC708F8	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2015-08-23 18:01:54	98AFEF63F857FA67FA1BDD3969F40366	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2015-08-23 18:01:54	98432481E11B9EDB54A2B069E465D1CB	44032	----a-w-	C:\Windows\Sysnative\cryptbase.dll
2015-08-23 18:01:54	7ADF0CB99051D1E0DB7F65DA1D8099F1	11264	----a-w-	C:\Windows\Sysnative\msmmsp.dll
2015-08-23 18:01:54	55C48343919A72B0C8F5C42E4C798FCA	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2015-08-23 18:01:54	53632BBEFB00BDA1DCFC9E155E0C6B53	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2015-08-23 18:01:54	219DF0B319E46EA2601D90101C4C330A	29184	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2015-08-23 18:01:54	1BE3823E3206785F2BA8F26B2FAD3FBE	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2015-08-23 18:01:54	0D48E93C6BE3143C0198CB252B992D16	31232	----a-w-	C:\Windows\Sysnative\lsass.exe
2015-08-23 18:01:54	0797A4FDBA2766B88FB563BBB7646FCE	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2015-08-23 18:01:53	BD6BDB13F5D8FA13166CF8B3CBD6976A	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2015-08-23 18:01:52	BC48CD24D35FA0E18D66A97E502BFAE2	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2015-08-23 18:01:52	46CB68A774B67187B722FA1156672A23	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2015-08-23 17:33:21	D713D6446DDBB474D801F361B4B186EA	950272	----a-w-	C:\Windows\Sysnative\perftrack.dll
2015-08-23 17:33:21	C6F7473B55510F0B93961DA03D8E3B38	91136	----a-w-	C:\Windows\Sysnative\wdi.dll
2015-08-23 17:33:21	AA7079AD52B8BFBAE94167D54C32F84F	29696	----a-w-	C:\Windows\Sysnative\powertracker.dll
2015-08-23 17:32:46	EC9178A8037D3EF938F38B6793EAF990	774656	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-08-23 17:32:46	E99A30142A108B11381C47B0A30283B0	17344	----a-w-	C:\Windows\Sysnative\CompatTelRunner.exe
2015-08-23 17:32:46	E87D4371B24BC9E5BAE95AEA60FFD959	193536	----a-w-	C:\Windows\Sysnative\aepic.dll
2015-08-23 17:32:46	DD91D9EAAA415B26EB30EC9CF768BF03	743424	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-08-23 17:32:46	A3D0A038A6C03E368E80CDDEFC473140	1148416	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-08-23 17:32:46	7150E809474BBD4D4AD24B13FA2454E5	1239720	----a-w-	C:\Windows\Sysnative\aitstatic.exe
2015-08-23 17:32:46	4FEB4397B066DEEDDDED0D1CEDA1C887	69120	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-08-23 17:32:46	400E0B72AEB663360E1A3AB33DDD6A87	1116672	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-08-23 17:32:46	36DA2E5BD218764CB48B8A13CF0B091F	437760	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-08-23 17:32:45	EEAFBC5A31C68438AF67531C52410A3D	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
2015-08-23 17:32:44	71C85477DF9347FE8E7BC55768473FCA	328704	----a-w-	C:\Windows\Sysnative\services.exe
2015-08-23 17:32:38	9D80A82B0BB77AC3EF6A87FA0C534E20	14635008	----a-w-	C:\Windows\Sysnative\wmp.dll
2015-08-23 17:32:35	834FD7C31EA16D59CC3B2DC60F2F2620	9728	----a-w-	C:\Windows\Sysnative\spwmp.dll
2015-08-23 17:32:35	1A8C5D4BE449E4A9D8667A341E535E22	5120	----a-w-	C:\Windows\Sysnative\msdxm.ocx
2015-08-23 17:32:35	1A8C5D4BE449E4A9D8667A341E535E22	5120	----a-w-	C:\Windows\Sysnative\dxmasf.dll
2015-08-23 17:32:34	51ECEE70F33601310DDEF3EEE39550D3	12625920	----a-w-	C:\Windows\Sysnative\wmploc.DLL
2015-08-23 17:32:30	6390B8C0F8FEBCE0C38BF3070ABD13F6	3722752	----a-w-	C:\Windows\Sysnative\mstscax.dll
2015-08-23 17:32:29	FD61A5C38FFD7D8D797319209A6632E0	158720	----a-w-	C:\Windows\Sysnative\aaclient.dll
2015-08-23 17:32:29	D11620533175884EB3491E1ED770C86A	44032	----a-w-	C:\Windows\Sysnative\tsgqec.dll
2015-08-23 17:32:12	AA5319FA8602676B5D3A2B4A1355896D	1255424	----a-w-	C:\Windows\Sysnative\diagtrack.dll
2015-08-23 17:32:12	8A4EB32C7C948F70EAC6F85063596A39	36864	----a-w-	C:\Windows\Sysnative\UtcResources.dll
2015-08-23 17:32:09	66DF73B202105406602941778792FE3D	879104	----a-w-	C:\Windows\Sysnative\tdh.dll
2015-08-23 17:32:09	4FFD08A01047EF6B58F6EB4E6D001A8D	879104	----a-w-	C:\Windows\Sysnative\advapi32.dll
2015-08-23 17:32:08	E20BF3FA89DE67B00ED713B5254C0BF0	47104	----a-w-	C:\Windows\Sysnative\typeperf.exe
2015-08-23 17:32:08	858F04B3C39239972959E9EE97CACAE4	43008	----a-w-	C:\Windows\Sysnative\relog.exe
2015-08-23 17:32:08	6703266C1E56157B5965F9AC868A20AC	404992	----a-w-	C:\Windows\Sysnative\tracerpt.exe
2015-08-23 17:32:08	4F90A7A0FCBC0ED18E573917860062FF	113664	----a-w-	C:\Windows\Sysnative\sechost.dll
2015-08-23 17:32:08	210E7D1EA34369194BE09493784E27BE	104448	----a-w-	C:\Windows\Sysnative\logman.exe
2015-08-23 17:32:07	1B93381366141875D8EE7EC1085236B9	19456	----a-w-	C:\Windows\Sysnative\diskperf.exe
2015-08-23 17:31:41	6AEEC5677AD522786CED371A7BEE620C	616360	----a-w-	C:\Windows\Sysnative\winresume.efi
2015-08-23 17:31:39	29143C7827F9F2AC543E792A8C63FBB0	4121600	----a-w-	C:\Windows\Sysnative\mf.dll
2015-08-23 17:31:37	DF6104DCED89E13A78BA5539CEF5100A	1202176	----a-w-	C:\Windows\Sysnative\drmv2clt.dll
2015-08-23 17:31:36	F88B4A9EA1A956F09D5001D08B546228	641024	----a-w-	C:\Windows\Sysnative\msscp.dll
2015-08-23 17:31:36	B7E752FFD95DC61FCB7A6E70E37175E5	693176	----a-w-	C:\Windows\Sysnative\winload.efi
2015-08-23 17:31:36	8DFDB70E3E56C2F1AE09CB3C03E266E5	1574400	----a-w-	C:\Windows\Sysnative\quartz.dll
2015-08-23 17:31:35	DB2D62AA2DF6B1F3D690A9EC9701AA2C	188416	----a-w-	C:\Windows\Sysnative\pcasvc.dll
2015-08-23 17:31:35	7F4D59E70DD6E757E96B40570B498D5C	782848	----a-w-	C:\Windows\Sysnative\wmdrmsdk.dll
2015-08-23 17:31:35	7A4064169FBA91F39DB1FDC094A18DA8	619056	----a-w-	C:\Windows\Sysnative\winload.exe
2015-08-23 17:31:35	6968D02DC38757C3FBE7ED7C2F9670AA	680960	----a-w-	C:\Windows\Sysnative\audiosrv.dll
2015-08-23 17:31:35	410F6B1BE785F3630B4782F8E3D85A24	1069056	----a-w-	C:\Windows\Sysnative\cryptui.dll
2015-08-23 17:31:34	B2F02AB28864B6D5B5B9BEDA565D41BB	497664	----a-w-	C:\Windows\Sysnative\drmmgrtn.dll
2015-08-23 17:31:34	A53A63831185FF5339E76221BE45E6B9	842240	----a-w-	C:\Windows\Sysnative\blackbox.dll
2015-08-23 17:31:34	7BC64DEEFD0E6812E21DE89F0CF50A49	500224	----a-w-	C:\Windows\Sysnative\AUDIOKSE.dll
2015-08-23 17:31:33	C0AE7ABD87254B2789C8CB34AF274A65	296448	----a-w-	C:\Windows\Sysnative\AudioSes.dll
2015-08-23 17:31:33	AE66D26930CA536706078537CB5AC840	325632	----a-w-	C:\Windows\Sysnative\msnetobj.dll
2015-08-23 17:31:33	6E974F1C384615DEB0710E44F4847351	126464	----a-w-	C:\Windows\Sysnative\audiodg.exe
2015-08-23 17:31:33	5FFEE6CA63E27CBA1F32002743E58F3C	631808	----a-w-	C:\Windows\Sysnative\evr.dll
2015-08-23 17:31:33	3029D8E78E4BF18A0551E22CD4CB892C	371712	----a-w-	C:\Windows\Sysnative\qdvd.dll
2015-08-23 17:31:33	0BC72EA80234382701EAFC1BE0ECD7E4	432128	----a-w-	C:\Windows\Sysnative\mfplat.dll
2015-08-23 17:31:32	7D6C362CD05F41C95300626782DC5A36	2644992	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2015-08-23 17:31:32	3A7BC2DC99D3C5B172465E890B3C3B14	440832	----a-w-	C:\Windows\Sysnative\AudioEng.dll
2015-08-23 17:31:32	27793FE3FF2D0123896D1A01A2D222C7	37376	----a-w-	C:\Windows\Sysnative\pcadm.dll
2015-08-23 17:31:31	CBE684883A45E5B047DA6B4AC46C2112	55808	----a-w-	C:\Windows\Sysnative\rrinstaller.exe
2015-08-23 17:31:31	947938F265D7CB99653CDFF2B3C0468D	206848	----a-w-	C:\Windows\Sysnative\mfps.dll
2015-08-23 17:31:29	ED6BF1E1C4F40F600DFEC0CB101A1789	9728	----a-w-	C:\Windows\Sysnative\pcalua.exe
2015-08-23 17:31:29	C4937B9D6EF4D309A60054D4D00EE9DB	63488	----a-w-	C:\Windows\Sysnative\setbcdlocale.dll
2015-08-23 17:31:29	A84C94CF795E08BBB99E4E145F9E81A3	11264	----a-w-	C:\Windows\Sysnative\pcawrk.exe
2015-08-23 17:31:29	94BC902494AFC9F5EBC5FBB61445D73F	82432	----a-w-	C:\Windows\Sysnative\cryptsp.dll
2015-08-23 17:31:29	84DB8EB3C184BB549ED90A842020F278	58880	----a-w-	C:\Windows\Sysnative\appidapi.dll
2015-08-23 17:31:29	72D4757510FDA69D729169C00AFC211E	32256	----a-w-	C:\Windows\Sysnative\appidsvc.dll
2015-08-23 17:31:29	589852B65C91F574E980ABDB8205080A	146944	----a-w-	C:\Windows\Sysnative\appidpolicyconverter.exe
2015-08-23 17:31:29	56FD1BC602EE0E7949F92EE2EE327B72	284672	----a-w-	C:\Windows\Sysnative\EncDump.dll
2015-08-23 17:31:29	00EE5D3E16D42F25F7813ACFA10EC803	24576	----a-w-	C:\Windows\Sysnative\mfpmp.exe
2015-08-23 17:31:28	EA285B947EE48103697CDA53D76C9EEC	17920	----a-w-	C:\Windows\Sysnative\appidcertstorecheck.exe
2015-08-23 17:31:21	FE03B35A22C3D2714B494FC2AB32AC5B	8704	----a-w-	C:\Windows\Sysnative\pcaevts.dll
2015-08-23 17:31:19	8364A0F7633414DC5C50A37295B1FAFF	2048	----a-w-	C:\Windows\Sysnative\mferror.dll
2015-08-23 17:30:54	6B0F962B1EE486FFE7BCABBC9C736976	24576	----a-w-	C:\Windows\Sysnative\jnwmon.dll
2015-08-23 17:30:54	2B36E0C5C262437E1B098344DEFA55F8	275456	----a-w-	C:\Windows\Sysnative\InkEd.dll
2015-08-23 17:30:28	168EA9CD9BD6056BB6F60B57D5304BBE	52736	----a-w-	C:\Windows\Sysnative\basesrv.dll
2015-08-23 17:29:51	1FB81632476857E8451DDA8A456EF3CE	215552	----a-w-	C:\Windows\Sysnative\ubpm.dll
2015-08-23 17:29:45	E5404072A5A9E0B452ADDF1D1339176C	2543104	----a-w-	C:\Windows\Sysnative\wpdshext.dll
2015-08-23 17:29:37	EFFFE1C77ACCE66C82CCFD18A9687F48	404992	----a-w-	C:\Windows\Sysnative\gdi32.dll
2015-08-23 17:29:30	51F89CE2D0FEC66070354504E6C4C3E4	633856	----a-w-	C:\Windows\Sysnative\comctl32.dll
2015-08-23 17:29:22	E3EB94B45A2735D4559558B5899732E8	2087424	----a-w-	C:\Windows\Sysnative\ole32.dll
2015-08-23 17:29:10	C5752F5CE47B6B00F914AE91087C0CB4	229376	----a-w-	C:\Windows\Sysnative\wintrust.dll
2015-08-23 17:29:10	7EE0A3B9E904AF4744E4D8F00CB5CA32	140288	----a-w-	C:\Windows\Sysnative\cryptnet.dll
2015-08-23 17:29:10	7BC3E861F7E8EB543A630090FAE779E0	188416	----a-w-	C:\Windows\Sysnative\cryptsvc.dll
2015-08-23 17:29:10	71187FA11F58012C188453877E16EB8B	1480192	----a-w-	C:\Windows\Sysnative\crypt32.dll
2015-08-23 17:28:40	D9A91A779B5059E72D7FAD2B38275EA4	3242496	----a-w-	C:\Windows\Sysnative\msi.dll
2015-08-23 17:28:40	5489E74E56C0255159C8AE2C70744458	1941504	----a-w-	C:\Windows\Sysnative\authui.dll
2015-08-23 17:28:39	81CB8D34112178CE1826C86BA5F268C3	128000	----a-w-	C:\Windows\Sysnative\msiexec.exe
2015-08-23 17:28:39	0D9514850CC3A99A6600643F2888858B	112064	----a-w-	C:\Windows\Sysnative\consent.exe
2015-08-23 17:28:38	CDAD406033C31DB34185DDAECDD35FE2	504320	----a-w-	C:\Windows\Sysnative\msihnd.dll
2015-08-23 17:28:38	978DC0A1FBE9CC91B21B40AF66CB396A	70656	----a-w-	C:\Windows\Sysnative\appinfo.dll
2015-08-23 17:28:38	91593D4FB7D89249014564A5F3EC389B	25088	----a-w-	C:\Windows\Sysnative\msimsg.dll
2015-08-23 17:28:26	F97A0CFC495C92FF2F6A03933157D115	3208192	----a-w-	C:\Windows\Sysnative\win32k.sys
2015-08-23 17:28:25	F8C0AF84AB602D395FFC89BC7CF3CE18	372736	----a-w-	C:\Windows\Sysnative\atmfd.dll
2015-08-23 17:28:25	B1D08F1E7EB85284F35D2EB059D96448	1550336	----a-w-	C:\Windows\Sysnative\DWrite.dll
2015-08-23 17:28:25	1B51CE779E87D097E55E5C3F7E50BDF4	1148416	----a-w-	C:\Windows\Sysnative\FntCache.dll
2015-08-23 17:28:22	B45F7BC413F905ECA9DE679E3FF09472	100864	----a-w-	C:\Windows\Sysnative\fontsub.dll
2015-08-23 17:28:22	52DE81006E192EAA09B3BDE763D80BC8	14336	----a-w-	C:\Windows\Sysnative\dciman32.dll
2015-08-23 17:28:22	4ED7253917E0C4D60E64A1CCDE43ACD5	1838080	----a-w-	C:\Windows\Sysnative\d3d10warp.dll
2015-08-23 17:28:22	15113A4CD09E0F06894495FCE8BF2BF8	46080	----a-w-	C:\Windows\Sysnative\atmlib.dll
2015-08-23 17:28:22	0365E7AED8A38CB5FFF1DFB4458C0593	41984	----a-w-	C:\Windows\Sysnative\lpk.dll
2015-08-23 17:28:20	B32189BDFF6E577A92BAA61AD49264E6	193536	----a-w-	C:\Windows\Sysnative\notepad.exe
2015-08-23 17:28:19	764747F8F08CE69ECC36C6E2D0AE43B1	1112576	----a-w-	C:\Windows\Sysnative\rdpcorets.dll
2015-08-23 17:28:18	D5A447E642518F5A2F3950CEA9ECD6DE	162816	----a-w-	C:\Windows\Sysnative\rdpudd.dll
2015-08-23 17:28:17	AE4FEDD98096C09A8A86E021FC5E9D67	861696	----a-w-	C:\Windows\Sysnative\oleaut32.dll
2015-08-23 17:28:13	C7E50B04623FC6FF54EAF88938A8936E	142336	----a-w-	C:\Windows\Sysnative\poqexec.exe
2015-08-23 17:28:10	E88A78273D429554B6B2D2BDA945ED9B	1067520	----a-w-	C:\Windows\Sysnative\msctf.dll
2015-08-23 17:28:08	179CD2ECC8EA1286797D4445B1607749	1190400	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2015-08-23 17:28:03	F55F287810AAF708618793764AF7D1BB	23552	----a-w-	C:\Windows\Sysnative\sdbinst.exe
2015-08-23 17:28:03	83BFCCAC53795E8A5055A93672D0C46C	72192	----a-w-	C:\Windows\Sysnative\aelupsvc.dll
2015-08-23 17:28:03	7E21D3072EB20D5400919D435D549A9B	6656	----a-w-	C:\Windows\Sysnative\shimeng.dll
2015-08-23 17:28:03	31D260ADAF1CCFEFC49DB9FBCE9986DA	342016	----a-w-	C:\Windows\Sysnative\apphelp.dll
2015-08-23 17:28:02	FE72C89986E1BA32AD926A820491F23F	406528	----a-w-	C:\Windows\Sysnative\scesrv.dll
2015-08-23 17:27:14	ED4B980701D081AC42F7B121C1E42149	460800	----a-w-	C:\Windows\Sysnative\certcli.dll
2015-08-23 17:26:41	733BC760342A816D3B5A8CE2C7EF1D92	14177280	----a-w-	C:\Windows\Sysnative\shell32.dll
2015-08-23 17:16:28	745DE455E02693423B1B78F448D52961	79360	----a-w-	C:\Windows\Sysnative\clfsw32.dll
2015-08-23 17:16:28	404B7DF9CA4D1CB675045AF220FF3285	367552	----a-w-	C:\Windows\Sysnative\clfs.sys
2015-08-23 17:15:53	ED34F76322E2C91AA91CC20EEF1A7B52	392192	----a-w-	C:\Windows\Sysnative\WMPhoto.dll
2015-08-23 17:07:06	60696836CAD56F1B47059E1BA739787D	254976	----a-w-	C:\Windows\Sysnative\cewmdm.dll
2015-08-23 17:04:46	DE1B5089D48291BD81F6A5CCFB832E53	36864	----a-w-	C:\Windows\Sysnative\wups.dll
2015-08-23 17:04:46	D1E38F98DDA581BF70B6A89882E6E6F6	12288	----a-w-	C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-08-23 17:04:46	C980982C7F8ECB462C52CBEC759CBBDC	3154944	----a-w-	C:\Windows\Sysnative\wucltux.dll
2015-08-23 17:04:46	C0DA341908CC3A0209A63FBD4B521C2A	91136	----a-w-	C:\Windows\Sysnative\WinSetupUI.dll
2015-08-23 17:04:46	B0FBE5C8E18EB3BD677846DAB54037D5	696320	----a-w-	C:\Windows\Sysnative\wuapi.dll
2015-08-23 17:04:46	A6848EF3860E81A835AA4982ADBA1884	37888	----a-w-	C:\Windows\Sysnative\wups2.dll
2015-08-23 17:04:46	7CFCC5210E226AA85F2A21098FA01F29	37376	----a-w-	C:\Windows\Sysnative\wuapp.exe
2015-08-23 17:04:46	6FDC1FAD277AEF0A89B0D28F5675679C	139776	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2015-08-23 17:04:46	499034D7F1F6AF49F9EE12F8822793CB	2606080	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2015-08-23 17:04:46	1956D89C3E24A8388840489371B3A428	98304	----a-w-	C:\Windows\Sysnative\wudriver.dll
2015-08-23 17:04:46	0F72B73EBE4F6F86EE569598D377165E	192000	----a-w-	C:\Windows\Sysnative\wuwebv.dll
====== C:\Windows\Sysnative\drivers =====
2015-08-23 19:11:19	8F22037D3F5A6BB676525D825A1388B9	113880	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-08-23 19:11:06	E681CE4AE5C09651D53CB4387CA3560E	109272	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-08-23 19:11:06	AE757332EA130E94E646621CC695B52A	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2015-08-23 19:11:06	A8D28D5B3E2A528D1EF0E338E44F2820	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2015-08-23 18:01:57	552FA62B0EFECD22D8D52499324BCA4F	290816	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2015-08-23 18:01:57	522A1595D5701800DD41B2D472F5AAED	155584	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-08-23 18:01:56	97687971F9CB30E2633DE0F1296B9F61	129024	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-08-23 18:01:55	B2081803D510DCE174992BA880EDCA70	159232	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-08-23 18:01:55	67A1743377EBB5D9A370A8C2086CFDCC	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2015-08-23 18:01:55	67050452C0118BAF2883928E6FCCFE47	94656	----a-w-	C:\Windows\Sysnative\drivers\mountmgr.sys
2015-08-23 17:33:10	27667A788130A7F7A5858DE27572E6D7	459336	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2015-08-23 17:31:30	ED6E75158D28D33A2E2A020AC5B2B59D	663552	----a-w-	C:\Windows\Sysnative\drivers\PEAuth.sys
2015-08-23 17:31:26	90C53BD47979FB8814F465A08B885102	61440	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
2015-08-23 17:28:18	065F79543D7999EC28B687F87E96B803	20992	----a-w-	C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2015-08-23 17:28:12	36E0DDD19038C92B7C7709BFA03F813F	69888	----a-w-	C:\Windows\Sysnative\drivers\stream.sys
2015-08-23 17:28:11	F61634BEC53F73702A10DE69F6DCAF57	754688	----a-w-	C:\Windows\Sysnative\drivers\http.sys
2015-08-19 09:53:56	87AC702B45501609BE76F703A73FD558	297904	----a-w-	C:\Windows\Sysnative\drivers\avgidsha.sys
2015-08-19 09:52:30	9A4E5B1673F15F2339733D7C4ACFD85A	313264	----a-w-	C:\Windows\Sysnative\drivers\avgidsdrivera.sys
2015-08-04 09:32:36	3D295116030186FC6A014CA5388A4A55	300464	----a-w-	C:\Windows\Sysnative\drivers\avgtdia.sys
2015-08-04 09:32:32	93B6EF1B73E7AF384F2574F7FB4282F5	250800	----a-w-	C:\Windows\Sysnative\drivers\avgmfx64.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-08-29 04:51:30	--------	d-----w-	C:\Program Files\Microsoft Silverlight
2015-08-28 07:04:12	--------	d-----w-	C:\Program Files\Windows Live
2015-08-22 12:41:10	--------	d-----w-	C:\Program Files\trend micro
2015-08-21 14:16:53	--------	d-----w-	C:\Program Files\Common Files\AV
======= C:\PROGRA~2 =====
2015-08-28 07:07:31	--------	d-----w-	C:\PROGRA~2\Microsoft SQL Server Compact Edition
2015-08-28 07:05:19	--------	d-----w-	C:\PROGRA~2\Windows Live
2015-08-28 07:00:20	--------	d-----w-	C:\PROGRA~2\Microsoft Silverlight
2015-08-28 06:44:49	--------	d-----w-	C:\PROGRA~2\COMMON~1\Windows Live
2015-08-21 16:57:43	--------	d-----w-	C:\PROGRA~2\trend micro
======= C: =====
====== C:\Users\User1\AppData\Roaming ======
2015-08-28 07:25:22	--------	d-----w-	C:\Users\User1\AppData\Local\Windows Live Writer
2015-08-28 06:44:50	--------	d-----w-	C:\Users\User1\AppData\Local\Windows Live
2015-08-27 18:44:45	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2015-08-26 11:25:29	--------	d-----w-	C:\Users\User1\AppData\Roaming\vlc
2015-08-23 18:30:42	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-08-23 18:30:42	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-08-23 18:30:42	--------	d-----w-	C:\Users\User1\AppData\Local\Temp
2015-08-23 18:30:42	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-08-23 18:30:42	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-08-22 07:06:08	--------	d-----w-	C:\Users\User1\AppData\Local\GWX
====== C:\Users\User1 ======
2015-08-28 07:23:55	--------	d-----w-	C:\Users\User1\Tracing
2015-08-28 07:00:58	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-27 18:44:07	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-23 19:08:10	D3B6FA14CB7E12B7FBC0B3AA26235898	24345872	----a-w-	C:\Users\User1\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-22 12:33:04	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User1\Downloads\RSITx64 (1).exe
2015-08-22 12:31:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User1\Downloads\RSITx64.exe

====== C: exe-files ==
2015-08-28 06:53:26	DC5AFC9E6DBB2C866F7AFABCFB1A8E39	7450888	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\3b519ce61d0e15e47\bingbarsetup.exe
2015-08-28 06:51:35	A0EE8879A17B1D4B00B37D294AF106D0	15712	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\fb0fb2811d0e15d39\MeshBetaRemover.exe
2015-08-28 06:50:02	DDCE338BB173B32024679D61FB4F2BA6	537432	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\c30c13971d0e15d2c\DXSETUP.exe
2015-08-28 06:49:57	F5443547CAAC20AA334A88817579270F	525656	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\bff44bf91d0e15d2b\DXSETUP.exe
2015-08-28 06:47:28	161AA2E379224E545C8D516369E6B553	6260088	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\66f229391d0e15d17\Silverlight.4.0.exe
2015-08-27 18:47:53	AA80F50235496A10532C3A1C4EAFFF11	1040600	----a-w-	C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
2015-08-27 18:44:25	4B9D2EB12D3A66E1FDF6A1FBB7F68049	4281768	----a-w-	C:\Program Files\Common Files\AV\AVG AntiVirus Free Edition 2015\upgrade.exe
2015-08-24 14:33:22	0E8CCCB4BB86CC56DDF6FA8AED84E45F	3637160	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
2015-08-24 14:19:58	93539DF292FDF8F0C147A118322085F3	1566632	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
2015-08-24 14:17:54	F5DEFFD48A48571B19A3F38D27129B1D	1223080	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
2015-08-24 14:17:44	DD5EFD44CA93CF3B549C1369C0963878	881064	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
2015-08-24 14:17:12	9E165FFF051ADE4B626FC257B56196F1	1026472	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
2015-08-24 14:17:10	C541BAE70F845F40C6A62D2E5439EDC2	965544	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgntdumpa.exe
2015-08-24 14:16:42	BC81E9F2D40B503A7F89EF316C64BF07	255400	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgcmgr.exe
2015-08-24 14:16:42	2088BD5DA99AAA020760649447FFC0A0	988088	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgdumpa.exe
2015-08-24 14:16:36	3B5E455A5F849C73B4881622778B5EFD	3775912	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgui.exe
2015-08-24 14:16:32	7C69B24D70EDCC7709CC6149BAD16D6C	785320	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgntdumpx.exe
2015-08-24 14:16:28	6D1A79104576B004E9EDD932363A698C	827816	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgcsrvx.exe
2015-08-24 14:16:22	D5059B996BBD7948DAFB51D645DDDF70	423848	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgcomdlga.exe
2015-08-24 14:16:06	7297D323A7EF44DC520B49B052D2D198	509352	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgscana.exe
2015-08-24 14:14:00	4706A3523C92B99657D5417541131ABF	6920824	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
2015-08-24 14:13:24	597808955635D0401856966AE26B6599	459768	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe
2015-08-24 14:10:30	94235FC58371DFE7468A878ED45382FA	380840	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
2015-08-24 14:08:14	24F423209E550996FE229A9F70CA0ED1	372136	----a-w-	C:\Program Files (x86)\AVG\AVG2015\fixcfg.exe
2015-08-24 14:08:06	01D33A3EED081AA41C27CEB7AB8926E3	3631528	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
2015-08-24 14:07:54	4B9D2EB12D3A66E1FDF6A1FBB7F68049	4281768	----a-w-	C:\Program Files (x86)\AVG\AVG2015\upgrade.exe
2015-08-24 14:05:14	2406EEC0525DAE3F254C0A2070F78DA3	335656	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
2015-08-24 14:04:40	C0C075D8B5D773E96AD468C46047FE08	436136	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgscanx.exe
2015-08-24 14:04:40	6B4428F1812936430AEBDD3C900177BA	802096	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgdumpx.exe
2015-08-24 13:56:26	A8450FB0E17DCFE04E1EED7E38E84BA9	25512	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe
2015-08-24 13:56:26	0A6F7058501477737153D8466CB0CB99	71592	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avguirux.exe
2015-08-24 13:56:18	9E240182322F517861473A630C85228C	24488	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe
2015-08-24 13:55:00	EDB6E7C7379BF6A259E4A623DD53BEC7	338744	----a-w-	C:\Program Files (x86)\AVG\AVG2015\Tuneup\TUMicroScanner.exe
2015-08-23 19:08:10	D3B6FA14CB7E12B7FBC0B3AA26235898	24345872	----a-w-	C:\Users\User1\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 18:02:01	B9A07A9807A4BAC067498CC8D77F3D4D	5568960	----a-w-	C:\Windows\System32\ntoskrnl.exe
2015-08-23 18:01:59	DC18FFFF3175376ABD38E6D48309F7F9	3934656	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-23 18:01:59	6C95D6264810F816E92780E7DB81F7B1	3989952	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-23 18:01:55	354D59027DE2BFB3A63E8E7DBAF081D8	338432	----a-w-	C:\Windows\System32\conhost.exe
2015-08-23 18:01:54	EBB9C6638109A3486EBA51D28837495C	64000	----a-w-	C:\Windows\System32\auditpol.exe
2015-08-23 18:01:54	A2C5FAE51BC43B29525AAA5BF0B31259	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2015-08-23 18:01:54	99D1FAA337A4EF3C33E256C79DC708F8	296960	----a-w-	C:\Windows\System32\rstrui.exe
2015-08-23 18:01:54	55C48343919A72B0C8F5C42E4C798FCA	112640	----a-w-	C:\Windows\System32\smss.exe
2015-08-23 18:01:54	0D48E93C6BE3143C0198CB252B992D16	31232	----a-w-	C:\Windows\System32\lsass.exe
2015-08-23 18:01:54	086A1544FACAA91CD6F95FC4CDE16913	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2015-08-23 18:01:53	832494A551C2B2CCB616B2BE13A696A1	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2015-08-23 18:01:52	03A179385219FD37CDFB3E603F912CA7	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2015-08-23 17:32:46	E99A30142A108B11381C47B0A30283B0	17344	----a-w-	C:\Windows\System32\CompatTelRunner.exe
2015-08-23 17:32:46	7150E809474BBD4D4AD24B13FA2454E5	1239720	----a-w-	C:\Windows\System32\aitstatic.exe
2015-08-23 17:32:46	17D815AD21D4325CD589E57A9582E311	70840	----a-w-	C:\Windows\System32\CompatTel\diagtrackrunner.exe
2015-08-23 17:32:45	8D06AAF1723B514C412187C5B8B67EEF	46752	----a-w-	C:\Windows\System32\CompatTel\wicainventory.exe
2015-08-23 17:32:45	4AC38FC4C6894B21698A99B9129B1EA4	161952	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
2015-08-23 17:32:44	71C85477DF9347FE8E7BC55768473FCA	328704	----a-w-	C:\Windows\System32\services.exe
2015-08-23 17:32:35	E39D7E7FCC5D4B77B8CBA52FEF8753DE	102912	----a-w-	C:\Program Files\Windows Media Player\wmpshare.exe
2015-08-23 17:32:35	8D3316795ACCC0EC0DD6A844E046DA68	167424	----a-w-	C:\Program Files\Windows Media Player\wmplayer.exe
2015-08-23 17:32:35	6F139F39295000E6301C0D08F7493CC6	101888	----a-w-	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
2015-08-23 17:32:35	5F7B628B5F10531E8DE3E711ED73AAD7	164864	----a-w-	C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2015-08-23 17:32:35	44854DDB738BF2C507FC2162245361D6	102400	----a-w-	C:\Program Files\Windows Media Player\wmpconfig.exe
2015-08-23 17:32:35	3505E5A7664FD84AC8AE51FE3B545AE1	102400	----a-w-	C:\Program Files (x86)\Windows Media Player\wmpshare.exe
2015-08-23 17:32:08	E20BF3FA89DE67B00ED713B5254C0BF0	47104	----a-w-	C:\Windows\System32\typeperf.exe
2015-08-23 17:32:08	858F04B3C39239972959E9EE97CACAE4	43008	----a-w-	C:\Windows\System32\relog.exe
2015-08-23 17:32:08	6703266C1E56157B5965F9AC868A20AC	404992	----a-w-	C:\Windows\System32\tracerpt.exe
2015-08-23 17:32:08	629AD3FDA168D82D459164044A29F9BB	40448	----a-w-	C:\Windows\SysWOW64\typeperf.exe
2015-08-23 17:32:08	3C1BE79C3CE6EB378108B11D94CA1072	364544	----a-w-	C:\Windows\SysWOW64\tracerpt.exe
2015-08-23 17:32:08	3B5DA649BF7B7D07510C06DE0AEEB4EB	82944	----a-w-	C:\Windows\SysWOW64\logman.exe
2015-08-23 17:32:08	210E7D1EA34369194BE09493784E27BE	104448	----a-w-	C:\Windows\System32\logman.exe
2015-08-23 17:32:07	FB224B0A63B8F58E91FE8A314AD295AD	17408	----a-w-	C:\Windows\SysWOW64\diskperf.exe
2015-08-23 17:32:07	3E6731BF36A7D6C62D09671B427B6B67	37888	----a-w-	C:\Windows\SysWOW64\relog.exe
2015-08-23 17:32:07	1B93381366141875D8EE7EC1085236B9	19456	----a-w-	C:\Windows\System32\diskperf.exe
2015-08-23 17:31:41	6B4BE7F9923F727C0298E9CB0FB2A406	497080	----a-w-	C:\Windows\Boot\PCAT\memtest.exe
2015-08-23 17:31:35	7A4064169FBA91F39DB1FDC094A18DA8	619056	----a-w-	C:\Windows\System32\winload.exe
2015-08-23 17:31:35	7A4064169FBA91F39DB1FDC094A18DA8	619056	----a-w-	C:\Windows\System32\Boot\winload.exe
2015-08-23 17:31:33	6E974F1C384615DEB0710E44F4847351	126464	----a-w-	C:\Windows\System32\audiodg.exe
2015-08-23 17:31:31	CBE684883A45E5B047DA6B4AC46C2112	55808	----a-w-	C:\Windows\System32\rrinstaller.exe
2015-08-23 17:31:31	08FF727297A97907AADED4BA86CF44E9	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2015-08-23 17:31:29	ED6BF1E1C4F40F600DFEC0CB101A1789	9728	----a-w-	C:\Windows\System32\pcalua.exe
2015-08-23 17:31:29	A84C94CF795E08BBB99E4E145F9E81A3	11264	----a-w-	C:\Windows\System32\pcawrk.exe
2015-08-23 17:31:29	589852B65C91F574E980ABDB8205080A	146944	----a-w-	C:\Windows\System32\appidpolicyconverter.exe
2015-08-23 17:31:29	49F4EE8DF752CFA159B99046CD1FDD2B	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2015-08-23 17:31:29	00EE5D3E16D42F25F7813ACFA10EC803	24576	----a-w-	C:\Windows\System32\mfpmp.exe
2015-08-23 17:31:28	EA285B947EE48103697CDA53D76C9EEC	17920	----a-w-	C:\Windows\System32\appidcertstorecheck.exe
2015-08-23 17:30:57	B3DBD6A2286BA43018F58349E51EC8B1	691712	----a-w-	C:\Windows\System32\GWX\GWXConfigManager.exe
2015-08-23 17:30:57	7B375C10CACC2FEBEC978D023ADBAB9C	513024	----a-w-	C:\Windows\System32\GWX\GWX.exe
2015-08-23 17:30:57	621FC2FCBB852684C1F1106E28CCC84F	438784	----a-w-	C:\Windows\SysWOW64\GWX\GWX.exe
2015-08-23 17:30:57	6008147E0BDAC5C23A0A314E96783F72	413696	----a-w-	C:\Windows\System32\GWX\GWXUX.exe
2015-08-23 17:30:57	1608E63BD26C74BEBB31BCAFDFC96BD6	343040	----a-w-	C:\Windows\System32\GWX\GWXDetector.exe
2015-08-23 17:30:57	0A31B851379818A8ECF1F7643FFA3F5A	382768	----a-w-	C:\Windows\System32\GWX\GWXUXWorker.exe
2015-08-23 17:30:55	D5E35700566B225CBF8ECD7F92C460C8	2164224	----a-w-	C:\Program Files\Windows Journal\Journal.exe
2015-08-23 17:30:54	0DBC9BB05703CA0D8792E2075D62B3C3	51200	----a-w-	C:\Program Files\Windows Journal\PDIALOG.exe
2015-08-23 17:28:39	81CB8D34112178CE1826C86BA5F268C3	128000	----a-w-	C:\Windows\System32\msiexec.exe
2015-08-23 17:28:39	0D9514850CC3A99A6600643F2888858B	112064	----a-w-	C:\Windows\System32\consent.exe
2015-08-23 17:28:38	F61A069A5517F85662ED9A6C5AD5445A	73216	----a-w-	C:\Windows\SysWOW64\msiexec.exe
2015-08-23 17:28:20	B32189BDFF6E577A92BAA61AD49264E6	193536	----a-w-	C:\Windows\System32\notepad.exe
2015-08-23 17:28:20	B32189BDFF6E577A92BAA61AD49264E6	193536	----a-w-	C:\Windows\notepad.exe
2015-08-23 17:28:20	A4F6DF0E33E644E802C8798ED94D80EA	179712	----a-w-	C:\Windows\SysWOW64\notepad.exe
2015-08-23 17:28:13	C7E50B04623FC6FF54EAF88938A8936E	142336	----a-w-	C:\Windows\System32\poqexec.exe
2015-08-23 17:28:13	C489D8B4D8C64F20CC75A93F541F7D91	123904	----a-w-	C:\Windows\SysWOW64\poqexec.exe
2015-08-23 17:28:03	F55F287810AAF708618793764AF7D1BB	23552	----a-w-	C:\Windows\System32\sdbinst.exe
2015-08-23 17:28:03	715C060150D969B0DE5DD5B365A712AF	20992	----a-w-	C:\Windows\SysWOW64\sdbinst.exe
2015-08-23 17:04:46	7CFCC5210E226AA85F2A21098FA01F29	37376	----a-w-	C:\Windows\System32\wuapp.exe
2015-08-23 17:04:46	742AC3EF3C7C30F0EBF628D6D03BB399	34816	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2015-08-23 17:04:46	6FDC1FAD277AEF0A89B0D28F5675679C	139776	----a-w-	C:\Windows\System32\wuauclt.exe
2015-08-22 12:41:10	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\User1.exe
2015-08-22 12:33:04	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User1\Downloads\RSITx64 (1).exe
2015-08-22 12:31:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User1\Downloads\RSITx64.exe
=== C: other files ==
2015-08-25 07:32:43	312BDDF1C778CD8A988C05B2D2EFD2D5	101467978	----a-w-	C:\Users\User1\Documents\CBS (2).zip
2015-08-25 07:13:26	296D6DD02C55B2B7D36667186FA85983	101467866	----a-w-	C:\Users\User1\Documents\CBS.zip
2015-08-24 14:37:14	929367C59EE9DFAC361DFE9E5B83F157	1021345	----a-w-	C:\Program Files (x86)\AVG\AVG2015\banners\banners.zip
2015-08-23 19:11:19	8F22037D3F5A6BB676525D825A1388B9	113880	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-23 19:11:06	E681CE4AE5C09651D53CB4387CA3560E	109272	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2015-08-23 19:11:06	AE757332EA130E94E646621CC695B52A	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2015-08-23 19:11:06	A8D28D5B3E2A528D1EF0E338E44F2820	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2015-08-23 18:01:57	552FA62B0EFECD22D8D52499324BCA4F	290816	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2015-08-23 18:01:57	522A1595D5701800DD41B2D472F5AAED	155584	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2015-08-23 18:01:56	97687971F9CB30E2633DE0F1296B9F61	129024	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2015-08-23 18:01:55	B2081803D510DCE174992BA880EDCA70	159232	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2015-08-23 18:01:55	67A1743377EBB5D9A370A8C2086CFDCC	95680	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2015-08-23 18:01:55	67050452C0118BAF2883928E6FCCFE47	94656	----a-w-	C:\Windows\System32\drivers\mountmgr.sys
2015-08-23 17:33:10	27667A788130A7F7A5858DE27572E6D7	459336	----a-w-	C:\Windows\System32\drivers\cng.sys
2015-08-23 17:32:45	7EBB5DAD11B1D0B12317A191C8325991	21128	----a-w-	C:\Windows\System32\appraiser\nxquery.sys
2015-08-23 17:31:30	ED6E75158D28D33A2E2A020AC5B2B59D	663552	----a-w-	C:\Windows\System32\drivers\PEAuth.sys
2015-08-23 17:31:26	90C53BD47979FB8814F465A08B885102	61440	----a-w-	C:\Windows\System32\drivers\appid.sys
2015-08-23 17:28:26	F97A0CFC495C92FF2F6A03933157D115	3208192	----a-w-	C:\Windows\System32\win32k.sys
2015-08-23 17:28:18	065F79543D7999EC28B687F87E96B803	20992	----a-w-	C:\Windows\System32\drivers\rdpvideominiport.sys
2015-08-23 17:28:12	36E0DDD19038C92B7C7709BFA03F813F	69888	----a-w-	C:\Windows\System32\drivers\stream.sys
2015-08-23 17:28:11	F61634BEC53F73702A10DE69F6DCAF57	754688	----a-w-	C:\Windows\System32\drivers\http.sys
2015-08-23 17:16:28	404B7DF9CA4D1CB675045AF220FF3285	367552	----a-w-	C:\Windows\System32\clfs.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1701775280-1332481620-2837527582-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"GoogleChromeAutoLaunch_8DFDA4EDF67BEB42A85E8A6D92071EEF"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"GoogleChromeAutoLaunch_8DFDA4EDF67BEB42A85E8A6D92071EEF"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/01/2015 07:48]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/01/2015 08:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/01/2015 08:10]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Application Starter - f1375f225883e83d52e8db9690775c3c" [C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Chrome Web Store Payments - User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.be/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_8DFDA4EDF67BEB42A85E8A6D92071EEF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDQZDTB9 will be deleted at reboot
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2CDALOA will be deleted at reboot
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL7XFSN2 will be deleted at reboot
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User1\AppData\Local\Mozilla\Firefox\Profiles\vbjrry1t.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=159 folders=60 316158691 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found
"C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDQZDTB9" not found
"C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2CDALOA" not found
"C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL7XFSN2" not found

==== EOF on za 29/08/2015 at 14:32:37,54 ======================