Zoek.exe v5.0.0.0 Updated 01-September-2015 Tool run by Gebruiker on wo 02/09/2015 at 12:41:55,33. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 2/09/2015 12:46:41 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\360 deleted successfully C:\PROGRA~2\AOMEI Backupper Professional Edition 2.0 deleted successfully C:\PROGRA~2\DoYourData deleted successfully C:\PROGRA~2\Lavasoft deleted successfully C:\PROGRA~2\MunSoft deleted successfully C:\PROGRA~2\COMMON~1\Apple deleted successfully C:\Program Files\log deleted successfully C:\Program Files\Soluto deleted successfully C:\PROGRA~3\360Quarant deleted successfully C:\PROGRA~3\Acronis deleted successfully C:\PROGRA~3\Auslogics deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Lavasoft deleted successfully C:\PROGRA~3\Malwarebytes deleted successfully C:\PROGRA~3\OPSWAT deleted successfully C:\PROGRA~3\oxInstall deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Users\Gebruiker\AppData\Roaming\KC Softwares deleted successfully C:\Users\Gebruiker\AppData\Roaming\Lavasoft deleted successfully C:\Users\Gebruiker\AppData\Roaming\Lite deleted successfully C:\Users\Gebruiker\AppData\Roaming\McAFee TechCheck deleted successfully C:\Users\Gebruiker\AppData\Roaming\mov Audio Extractor deleted successfully C:\Users\Gebruiker\AppData\Local\Comodo deleted successfully C:\Users\Gebruiker\AppData\Local\EmieSiteList deleted successfully C:\Users\Gebruiker\AppData\Local\EmieUserList deleted successfully C:\Users\Gebruiker\AppData\Local\LogMeIn Rescue Applet deleted successfully C:\Users\Gebruiker\AppData\Local\ms-drivers deleted successfully C:\Users\Gebruiker\AppData\Local\Secunia PSI deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-174170113-1959642047-2039998945-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA} deleted successfully HKEY_USERS\S-1-5-21-174170113-1959642047-2039998945-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA} deleted successfully HKEY_USERS\S-1-5-21-174170113-1959642047-2039998945-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF} deleted successfully HKEY_USERS\S-1-5-21-174170113-1959642047-2039998945-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F86DEB4A-8D78-4C57-8872-D2730ED051EF} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 64 Bit HP CIO Components Installer Adobe Acrobat Reader DC - Nederlands Adobe Flash Player 18 NPAPI Adobe Refresh Manager ANT Drivers Installer x64 AOMEI Backupper Standard Belgium e-ID middleware 4.0.7 (build 7466) BufferChm Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon MG5600 series MP Drivers Canon MG5600 series On-screen Manual Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Copy D3DX10 Destinations DeviceDiscovery DocProc Elevated Installer Fax Fotogalerie Gadwin PrintScreen (64-Bit) Galerie de photos Garmin Express Garmin Express Tray GPBaseService2 HPProductAssistant HPSSupply inSSIDer 3 Intel(R) Chipset Device Software Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel(R) Update Manager Intel© Trusted Connect Service Client Java 8 Update 45 Java 8 Update 51 Java 8 Update 60 Java Auto Updater Junk Mail filter update LavasoftTcpService MarketResearch Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Movie Maker MozBackup 1.5.1 Mozilla Firefox 40.0.3 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 38.2.0 (x86 nl) MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Norton 360 Premier Photo Common Photo Gallery PlayReady PC Runtime amd64 Premium Sound HD Raccolta foto Realtek Bluetooth Filter Driver Package Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader REALTEK Wireless LAN Driver Realtek WLAN Driver recALL versie 15.04 RoboForm 7-9-15-8 (All Users) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883029) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2965282) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2863812) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965208) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2965281) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2965283) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3054996) 32-Bit Edition Software voor Intel© Chipset-apparaten SolutionCenter Status Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) swMSM System Requirements Lab for Intel TeamViewer 10 Tenorshare Data Recovery WinPE TOSHIBA Assist TOSHIBA Desktop Assist TOSHIBA eco Utility TOSHIBA Function Key TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA System Driver TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition VLC media player Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources XnView 2.33 ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AOMEI Backupper\ABService.exe C:\Prey\platform\windows\cronsvc.exe C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files (x86)\TeamViewer\tv_w32.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Users\Gebruiker\Downloads\zoek(1).exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\360 not found C:\PROGRA~2\AOMEI Backupper Professional Edition 2.0 not found C:\PROGRA~2\DoYourData not found C:\PROGRA~2\Lavasoft not found C:\PROGRA~2\MunSoft not found C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found C:\PROGRA~2\File Scanner Library (Spybot - Search & Destroy) deleted C:\PROGRA~2\Misc. Support Library (Spybot - Search & Destroy) deleted C:\PROGRA~2\Tenorshare Data Recovery WinPE deleted C:\install.exe deleted C:\found.000 deleted C:\Users\Gebruiker\AppData\Roaming\index.txt deleted C:\PROGRA~3\fontcacheev1.dat deleted C:\PROGRA~3\BSD deleted C:\PROGRA~3\Package Cache deleted C:\Users\Gebruiker\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted C:\Users\Gebruiker\AppData\LocalLow\ADSRemoval deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWOW64\LavasoftTcpService.dll deleted C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\searchplugins\safesearch.xml deleted C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\jetpack deleted "C:\WINDOWS\Installer\2117f1.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3986 MB CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz CPU Speed: 2528,7 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-208AB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 448,1GB Hard Disks - Free: C: 400,1GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | 07/17/13 | TOSASU - 100 Time Zone: West-Europa (standaardtijd) Motherboard *: Type2 - Board Vendor Name1 Type2 - Board Product Name1 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Norton 360 Premier On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Norton 360 Premier disabled (Outdated) Firewall: Norton 360 Premier disabled Default Browser: Firefox 40.0.3 Internet Explorer Version: 11.0.9600.17905 Mozilla Firefox version: 40.0.3 (x86 nl) Adobe Reader version: 15.8.20082.147029 Sun Java version: 1.8.0_60 (32-bit) Sun Java version: 1.8.0_60 (64-bit) Flash Player version: 18.0.0.232 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2015-09-01 08:56:50 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\libiconv2.dll 2015-09-01 08:56:50 D34DE397C882E8E71FB0966D28F07CB1 71992 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\CreateRestorePoint.exe 2015-09-01 08:56:50 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\libintl3.dll 2015-09-01 08:56:50 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\pcre3.dll 2015-09-01 08:56:50 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\regex2.dll 2015-09-01 08:56:50 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2015-08-28 08:34:37 AF14F8E99253D10A65D9ED311FA711F2 6604744 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\TrueImageHomeInstall.exe 2015-08-28 08:34:37 AD966A056C29502A6F6CBB25AA321C74 1590624 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\icudt38.dll 2015-08-28 08:34:37 92D42055601E5B9D8BA28D792AEB6844 1193312 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\libcrypto9.dll 2015-08-28 08:34:37 79FF8B585EDAC5313D40D38F887176A8 251232 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\libssl9.dll 2015-08-28 08:34:37 4EE574543CA3627332379B9CC82DD038 2053472 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\fox.dll 2015-08-28 08:34:37 15F45DA2FCB6D2554AA956AC5E9817FD 1381728 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\icu38.dll 2015-08-28 08:34:36 92D42055601E5B9D8BA28D792AEB6844 1193312 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\libcrypto9.dll 2015-08-28 08:34:36 79FF8B585EDAC5313D40D38F887176A8 251232 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\libssl9.dll 2015-08-28 08:34:35 AF14F8E99253D10A65D9ED311FA711F2 6604744 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\TrueImageHomeInstall.exe 2015-08-28 08:34:35 AD966A056C29502A6F6CBB25AA321C74 1590624 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\icudt38.dll 2015-08-28 08:34:35 4EE574543CA3627332379B9CC82DD038 2053472 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\fox.dll 2015-08-28 08:34:35 15F45DA2FCB6D2554AA956AC5E9817FD 1381728 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\icu38.dll 2015-08-27 04:21:18 EFAD25B455DA6E8258B4D098CD18F9CA 17364968 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\RoboForm-Setup.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-09-01 08:51:15 A3D3B5E58099F3EF81BADC42CFB144FD 252480 ----atw- C:\WINDOWS\SysWOW64\crowdinspect64.exe 2015-08-27 04:20:21 C05114B0BDF2470F7F4A1B2128540062 97888 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-08-28 09:31:59 E019017558B28A707119F8545AD1A1C0 30648 ----a-w- C:\WINDOWS\Sysnative\ambakdrv.sys 2015-08-28 09:31:59 7CD08E63219E00BB206077F5BA708677 17848 ----a-w- C:\WINDOWS\Sysnative\amwrtdrv.sys 2015-08-28 09:31:59 46014EDFDC8AF8733E14947448D122C5 151480 ----a-w- C:\WINDOWS\Sysnative\ammntdrv.sys 2015-08-20 09:38:19 EABD549516BF670A684743EEE6A1ADA9 83160 ----a-w- C:\WINDOWS\Sysnative\RtCRX64.dll 2015-08-20 09:36:42 FED4483218FD4314CF8CD8621D71A3DA 1310936 ----a-w- C:\WINDOWS\Sysnative\RTCOM64.dll 2015-08-20 09:36:42 E32DD814272AF44C35044FF0D2992CD0 3234520 ----a-w- C:\WINDOWS\Sysnative\RtkApi64.dll 2015-08-20 09:36:42 B723902784FD6BBE1A7FB5E387D68530 2918104 ----a-w- C:\WINDOWS\Sysnative\RtPgEx64.dll 2015-08-20 09:36:42 8331FC724559DB1002249CE4792EB991 2702552 ----a-w- C:\WINDOWS\Sysnative\RTSnMg64.cpl 2015-08-20 09:36:42 3126969E04C3645975ACEFF7A28A8726 184688 ----a-w- C:\WINDOWS\Sysnative\RtkCfg64.dll 2015-08-20 09:36:36 CD7CB560797B651BB8E9CAEEDF804132 2930904 ----a-w- C:\WINDOWS\Sysnative\RltkAPO64.dll 2015-08-20 09:36:36 C8396A8EB9CF3DC533AC5AE924CF3791 1749208 ----a-w- C:\WINDOWS\Sysnative\RCoInstII64.dll 2015-08-20 09:36:12 E3057F69217B864F022DCF3A9DABB8E2 3195416 ----a-w- C:\WINDOWS\Sysnative\FMAPO64.dll 2015-08-20 09:36:06 66E6010C31A70C8C5C2853AF597D853E 1576976 ----a-w- C:\WINDOWS\Sysnative\CX64APO.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-08-28 08:48:05 EBBAEA02F0095A798000C7E06B16D41B 970336 ----a-w- C:\WINDOWS\Sysnative\drivers\timntr.sys 2015-08-20 09:38:59 A3259235FD9C8B8F291EA0BB7C22D28F 36712 ----a-w- C:\WINDOWS\Sysnative\drivers\Thotkey.sys 2015-08-20 09:38:36 AED55AAE288F4F391A28F610B9CE9753 3737304 ----a-w- C:\WINDOWS\Sysnative\drivers\rtwlane.sys 2015-08-20 09:38:19 AB959F26FBB851A9D31E2F229DB3FA1A 402136 ----a-w- C:\WINDOWS\Sysnative\drivers\RtsUer.sys 2015-08-20 09:36:42 D172E06EFE08DF148155A59DB716C1B6 4514008 ----a-w- C:\WINDOWS\Sysnative\drivers\RTKVHD64.sys 2015-08-20 09:36:36 EEBB2430E7BAFBD7B7A9F399502A43E1 35222128 ----a-w- C:\WINDOWS\Sysnative\drivers\RTAIODAT.DAT ====== C:\WINDOWS\Tasks ====== 2015-08-28 20:52:12 F32BA6A0D958454D668E6B5ADC53808B 4140 ----a-w- C:\WINDOWS\Sysnative\Tasks\Open URL by RoboForm 2015-08-28 20:52:12 4DEA28E1832DA8219682303B323EA147 3512 ----a-w- C:\WINDOWS\Sysnative\Tasks\Run RoboForm TaskBar Icon ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-08-31 18:59:02 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-08-28 09:31:54 -------- d-----w- C:\PROGRA~2\AOMEI Backupper 2015-08-27 11:01:44 -------- d-----w- C:\PROGRA~2\XnView 2015-08-27 04:21:13 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-08-15 08:03:41 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird ======= C: ===== 2015-08-31 04:09:19 518182B29D1FDF7CD7C7FFA4BA791D44 1024 ---ha-w- C:\SYSTAG.BIN 2015-08-30 04:28:38 70C09821A6223677CB986D3ADC8EB5BA 76 ---ha-w- C:\UFO.dat 2015-08-03 19:14:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Gebruiker\AppData\Roaming ====== 2015-09-01 16:57:58 5FC8E2993B5D381DB5FA7BF9BA09A761 194136 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-09-01 09:27:51 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CrashDumps 2015-08-31 04:31:00 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Gebruiker\AppData\Local\resmon.resmoncfg 2015-08-27 11:03:18 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\XnView 2015-08-27 04:21:02 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Sun 2015-08-03 16:15:53 -------- d-----w- C:\Users\Gebruiker\AppData\Local\VS Revo Group ====== C:\Users\Gebruiker ====== 2015-09-02 10:28:13 717CC25CD9442BB7D914C269E91DD884 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin 2015-09-02 04:40:53 0AD1283DB75CA2771AC0E88BBDE28608 262144 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak 2015-09-01 09:42:08 2D97483FCE19C62C4C2371C202E4E9DE 1514048 ----a-w- C:\Users\Gebruiker\Downloads\solutoinstaller-Xx3n8T1Mmo_s87959469.exe 2015-09-01 08:56:34 F7237344FADDF9FC25C562F1B9A906F1 1799392 ----a-w- C:\Users\Gebruiker\Downloads\JRT(1).exe 2015-08-28 09:32:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper 2015-08-27 11:01:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView 2015-08-27 04:20:57 -------- d-----w- C:\Users\Gebruiker\.oracle_jre_usage 2015-08-17 08:37:11 -------- d-----w- C:\ProgramData\Google 2015-08-03 19:14:19 -------- d-----w- C:\Users\Gebruiker\Start Menu 2015-08-03 16:15:44 -------- d-----w- C:\ProgramData\VS Revo Group ====== C: exe-files == 2015-09-01 09:42:08 2D97483FCE19C62C4C2371C202E4E9DE 1514048 ----a-w- C:\Users\Gebruiker\Downloads\solutoinstaller-Xx3n8T1Mmo_s87959469.exe 2015-09-01 08:56:50 D34DE397C882E8E71FB0966D28F07CB1 71992 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\CreateRestorePoint.exe 2015-09-01 08:56:50 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\nfo\nircmdc.exe 2015-09-01 08:56:34 F7237344FADDF9FC25C562F1B9A906F1 1799392 ----a-w- C:\Users\Gebruiker\Downloads\JRT(1).exe 2015-08-31 18:59:07 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2015-08-31 08:31:44 2D97483FCE19C62C4C2371C202E4E9DE 1514048 ----a-w- C:\ProgramData\Soluto\Installer\SolutoInstaller.exe 2015-08-30 04:30:03 DFA2E5A0EB0A13E46D49AE6CB6650551 1267712 ----a-w- C:\win-forensics-tools\ZTools\RawCopy\RawCopy64.exe 2015-08-30 04:30:03 A380EF599344602B3A0E15A9D0DCCEE7 171008 ----a-w- C:\win-forensics-tools\ZTools\CurrPorts(x64)\CurrPorts.exe 2015-08-30 04:30:03 9D323D4F3A4DD548E72E92D20DC62878 87784 ----a-w- C:\win-forensics-tools\ZTools\EDD\EDD.exe 2015-08-30 04:30:03 7A0C1017E6B5BB5DC776B3B883A1D0E0 44544 ----a-w- C:\win-forensics-tools\ZTools\NetResView\NetResView.exe 2015-08-30 04:30:03 77763C8FD95807F14B58CF0E98CC1AC8 35840 ----a-w- C:\win-forensics-tools\ZTools\MyUninstaller\MyUninstaller.exe 2015-08-30 04:30:03 749B063F97779A4125E6BDBFF03B2C61 76838 ----a-w- C:\win-forensics-tools\ZTools\rifiuti2\rifiuti.exe 2015-08-30 04:30:03 5EE9A1BB0207FE5061D456A1949C5D60 69632 ----a-w- C:\win-forensics-tools\ZTools\DiskID32\DiskID32.exe 2015-08-30 04:30:03 4286B05A5F9F587D89CDE452BBA5A6C4 670720 ----a-w- C:\win-forensics-tools\ZTools\RawCopy\RawCopy.exe 2015-08-30 04:30:03 201692A893B98BF4492CE7BB7A7728AD 76363 ----a-w- C:\win-forensics-tools\ZTools\rifiuti2\rifiuti-vista.exe 2015-08-30 04:30:03 08DE1AC9725238E985F02506361DAB1D 1788947 ----a-w- C:\win-forensics-tools\ZTools\MD5 - SHA1 Sum Tool\MD5 - SHA1 Sum Tool.exe 2015-08-30 04:30:03 0139F6697D38A2118397364CFC9D48F9 66048 ----a-w- C:\win-forensics-tools\ZTools\CurrPorts\CurrPorts.exe 2015-08-30 04:29:53 DEE53F6D71E6D95EC84E81B5951250EF 142056 ----a-w- C:\win-forensics-tools\Viewers\VLC\VLCPortable\VLCPortable.exe 2015-08-30 04:29:53 CC29FDF0E680C0F3531C9F2A834CA2A6 126995 ----a-w- C:\win-forensics-tools\Viewers\VLC\VLCPortable\App\vlc\vlc.exe 2015-08-30 04:29:53 A38C6957B06B3ED955C4FEEB1E9082EC 1636864 ----a-w- C:\win-forensics-tools\Viewers\VLC\VLC.exe 2015-08-30 04:29:53 52437302E4A48A6915AFE987423A1587 275217 ----a-w- C:\win-forensics-tools\Viewers\VLC\VLCPortable\App\vlc\uninstall.exe 2015-08-30 04:29:53 09F578E145AE942D0AA1B0094541323D 114707 ----a-w- C:\win-forensics-tools\Viewers\VLC\VLCPortable\App\vlc\vlc-cache-gen.exe 2015-08-30 04:29:52 BF4193C7665649A1B575033D0AF75D7E 148480 ----a-w- C:\win-forensics-tools\Viewers\IrfanView\IrfanViewPortable\App\IrfanView\Plugins\IV_Player.exe 2015-08-30 04:29:52 5C8B9185EC13998B7B848F34706790A1 97792 ----a-w- C:\win-forensics-tools\Viewers\IrfanView\IrfanViewPortable\App\IrfanView\Plugins\Slideshow.exe 2015-08-30 04:29:52 27A228841F9331492E74FEC0F8ADB57C 1481216 ----a-w- C:\win-forensics-tools\Viewers\PASpoolView\PASpoolView.exe 2015-08-30 04:29:52 07B8C9E9ADB5374C0723E93EE71D83B8 61440 ----a-w- C:\win-forensics-tools\Viewers\PASpoolView\EMFSpoolViewer.exe 2015-08-30 04:29:50 98631CFE5B6E5A768ABC256D43B5DB2C 603792 ----a-w- C:\win-forensics-tools\Viewers\IrfanView\IrfanViewPortable\App\IrfanView\i_view32.exe 2015-08-30 04:29:49 F055CC06D93132607BF3AFE5BEFDADAD 156536 ----a-w- C:\win-forensics-tools\Viewers\IrfanView\IrfanViewPortable\IrfanViewPortable.exe 2015-08-30 04:29:48 F5727E20BA23562CA79A5B2B5AD1F09F 1609728 ----a-w- C:\win-forensics-tools\Viewers\IrfanView\IrfanView.exe 2015-08-30 04:29:39 AA6C8E9233B43EA7EF013D0E3A071E7B 11015800 ----a-w- C:\win-forensics-tools\Viewers\FTKImagerLite\FTKImagerLite.exe 2015-08-30 04:29:39 4C747364FA186E8A185A2CE4788AC5BF 231936 ----a-w- C:\win-forensics-tools\Viewers\FTKImagerLite\adencrypt_gui.exe 2015-08-30 04:29:38 F76FD2868FFA7B84B14308B8ED4B2A05 28768 ----a-w- C:\win-forensics-tools\Reports\WinLister\WinLister.exe 2015-08-30 04:29:38 F36530F46A34516BE38521EE9A134D28 31232 ----a-w- C:\win-forensics-tools\Reports\UserAssistView\UserAssistView.exe 2015-08-30 04:29:38 E999C811B919C420D5657A484CECDD61 30208 ----a-w- C:\win-forensics-tools\Reports\MUICacheView\MUICacheView.exe 2015-08-30 04:29:38 D7FC749BB3B10FCC38DE498E8DB2639A 99936 ----a-w- C:\win-forensics-tools\Reports\LiveContactsView\LiveContactsView.exe 2015-08-30 04:29:38 D2A2A0CE38FAA12254FBBA8C0467AC46 53856 ----a-w- C:\win-forensics-tools\Reports\WhatInStartup\WhatInStartup.exe 2015-08-30 04:29:38 C907E6179C8154A8E80533BB828EE833 49760 ----a-w- C:\win-forensics-tools\Reports\DriveLetterView\DriveLetterView.exe 2015-08-30 04:29:38 B862699B849CCF7C93802EC6A977F734 87054 ----a-w- C:\win-forensics-tools\Recovery\TestDisk\fidentify_win.exe 2015-08-30 04:29:38 B0374EF227F086A483324E350787E8A3 146528 ----a-w- C:\win-forensics-tools\Reports\BlueScreenView(x64)\BlueScreenView.exe 2015-08-30 04:29:38 9486285ADA43D51E244D318D4BB5DE0D 54368 ----a-w- C:\win-forensics-tools\Reports\WinLister(x64)\WinLister.exe 2015-08-30 04:29:38 85D91E5F9B06F263FFB4B64ABAA91D44 1122304 ----a-w- C:\win-forensics-tools\Reports\WinAudit\WinAudit.exe 2015-08-30 04:29:38 79E779CF1BD32791F015B90A5FDF0E5E 523790 ----a-w- C:\win-forensics-tools\Recovery\TestDisk\PhotoRec.exe 2015-08-30 04:29:38 755DFF43AA46A1BA135538B82A3015E6 503310 ----a-w- C:\win-forensics-tools\Recovery\TestDisk\TestDisk.exe 2015-08-30 04:29:38 73A423AA84FCE8DB0D6E210F3BB3779E 104544 ----a-w- C:\win-forensics-tools\Reports\OutlookAttachView\OutlookAttachView.exe 2015-08-30 04:29:38 71E06C59B6F6EEC46B884E2A4064F403 265824 ----a-w- C:\win-forensics-tools\Reports\OutlookAttachView(x64)\OutlookAttachView.exe 2015-08-30 04:29:38 6CD5E889AA8701DD580FED8A517A1618 205920 ----a-w- C:\win-forensics-tools\Reports\WinCrashReport\WinCrashReport.exe 2015-08-30 04:29:38 61F69C0C83C2E8E86B63B79965783A78 131168 ----a-w- C:\win-forensics-tools\Reports\WhatInStartup(x64)\WhatInStartup.exe 2015-08-30 04:29:38 598C1E2B5E295BC93018329B785E6E5F 40544 ----a-w- C:\win-forensics-tools\Reports\ShellBagsView\ShellBagsView.exe 2015-08-30 04:29:38 48208ECA102628D76CE7C394AC8A7EE2 32256 ----a-w- C:\win-forensics-tools\Reports\UserProfilesView\UserProfilesView.exe 2015-08-30 04:29:38 43CB73DE08DCE7EFAED0FFA20F2A212C 91744 ----a-w- C:\win-forensics-tools\Reports\OutlookAddressBookView\OutlookAddressBookView.exe 2015-08-30 04:29:38 426E1C307910CD3C123EE685AF275402 96352 ----a-w- C:\win-forensics-tools\Reports\NTFSLinksView(x64)\NTFSLinksView.exe 2015-08-30 04:29:38 3D0A4451B7200BA892B443C089BDAE55 287840 ----a-w- C:\win-forensics-tools\Reports\WinCrashReport(x64)\WinCrashReport.exe 2015-08-30 04:29:38 3A0B51F010F3F42E6A9C5FA2D132AB2C 42592 ----a-w- C:\win-forensics-tools\Reports\AppCrashView\AppCrashView.exe 2015-08-30 04:29:38 337C8188DFA60A5EE35EC1277221EC37 43104 ----a-w- C:\win-forensics-tools\Reports\NTFSLinksView\NTFSLinksView.exe 2015-08-30 04:29:38 2D702882EC77CC8A3A0741BBEDF02D4A 43616 ----a-w- C:\win-forensics-tools\Reports\DiskCountersView\DiskCountersView.exe 2015-08-30 04:29:38 2D57A236F64156EF89F2C5E0EC68775B 61024 ----a-w- C:\win-forensics-tools\Reports\BlueScreenView\BlueScreenView.exe 2015-08-30 04:29:38 2CAE87BC525596D51A48733D679C9F3C 43616 ----a-w- C:\win-forensics-tools\Reports\DiskSmartView\DiskSmartView.exe 2015-08-30 04:29:38 2C8C0A61A80FEA781740D57C5E0C116B 93280 ----a-w- C:\win-forensics-tools\Reports\OutlookStatView\OutlookStatView.exe 2015-08-30 04:29:38 0E12EB881A2D98F0F9941BF758EC2160 226400 ----a-w- C:\win-forensics-tools\Reports\OutlookStatView(x64)\OutlookStatView.exe 2015-08-30 04:29:38 0C91D03D5BE1B999B3E567773300BC68 129120 ----a-w- C:\win-forensics-tools\Reports\OutlookAddressBookView(x64)\OutlookAddressBookView.exe 2015-08-30 04:29:37 9DD8B9167F4EA4DAAFAFDA768FB8A3EB 4814104 ----a-w- C:\win-forensics-tools\Recovery\Recuva\recuva64.exe 2015-08-30 04:29:37 4D97ACD127B2F25D8C681C14795B6C29 3793176 ----a-w- C:\win-forensics-tools\Recovery\Recuva\recuva.exe 2015-08-30 04:29:36 D59F36F30DB0D042F61BACF74E40C813 129632 ----a-w- C:\win-forensics-tools\Password Recovery\PasswordFox(x64)\PasswordFox.exe 2015-08-30 04:29:36 D584440BBC17545A468177EA79E3784F 90208 ----a-w- C:\win-forensics-tools\Other\WhatIsHang\WhatIsHang.exe 2015-08-30 04:29:36 D28F0CFAE377553FCB85918C29F4889B 54272 ----a-w- C:\win-forensics-tools\Password Recovery\VNCPassView\VNCPassView.exe 2015-08-30 04:29:36 B862699B849CCF7C93802EC6A977F734 87054 ----a-w- C:\win-forensics-tools\Recovery\PhotoRec\fidentify_win.exe 2015-08-30 04:29:36 A235B037A8D057861B9BDF153FFE49C3 2160640 ----a-w- C:\win-forensics-tools\Other\WindowsFileAnalyzer\WindowsFileAnalyzer.exe 2015-08-30 04:29:36 79E779CF1BD32791F015B90A5FDF0E5E 523790 ----a-w- C:\win-forensics-tools\Recovery\PhotoRec\PhotoRec.exe 2015-08-30 04:29:36 755DFF43AA46A1BA135538B82A3015E6 503310 ----a-w- C:\win-forensics-tools\Recovery\PhotoRec\TestDisk.exe 2015-08-30 04:29:36 5BA10EFF9643885222DF80EFD08BFF7D 78944 ----a-w- C:\win-forensics-tools\Password Recovery\RouterPassView\RouterPassView.exe 2015-08-30 04:29:36 4AF70993B562E3E85CB40843F8F26EE1 128608 ----a-w- C:\win-forensics-tools\Other\WhatIsHang(x64)\WhatIsHang.exe 2015-08-30 04:29:36 28779B75B252EFFE3207664DE94FA7CB 93792 ----a-w- C:\win-forensics-tools\Password Recovery\PasswordFox\PasswordFox.exe 2015-08-30 04:29:35 8C8E7948B3940BC2987D06D633DF4AEA 264464 ----a-w- C:\win-forensics-tools\Other\TeamViewer\TeamViewerPortable\App\teamviewer\tv_x64.exe 2015-08-30 04:29:35 83DE0CC30F2E7F7108F550AEBDDCE4C7 229648 ----a-w- C:\win-forensics-tools\Other\TeamViewer\TeamViewerPortable\App\teamviewer\tv_w32.exe 2015-08-30 04:29:35 78982C0B4F43237BBC4D9D250475EE46 450560 ----a-w- C:\win-forensics-tools\Other\USBWriteProtector\UsbWriteProtector.exe 2015-08-30 04:29:34 DE8E8FA274122C38CE0A7ED291177759 4812048 ----a-w- C:\win-forensics-tools\Other\TeamViewer\TeamViewerPortable\App\teamviewer\TeamViewer_Desktop.exe 2015-08-30 04:29:34 12220BA871C6D7BAE08FFDD137BAB697 13559056 ----a-w- C:\win-forensics-tools\Other\TeamViewer\TeamViewerPortable\App\teamviewer\TeamViewer.exe 2015-08-30 04:29:33 E461A8067E1B41B7C52D170216A12415 36352 ----a-w- C:\win-forensics-tools\Other\SearchFilterView\SearchFilterView.exe 2015-08-30 04:29:33 E16281A5E0390C240AA6B127A92B7015 202336 ----a-w- C:\win-forensics-tools\Other\SearchMyFiles(x64)\SearchMyFiles.exe 2015-08-30 04:29:33 CF13374D890DA06129FC86217C583073 1602560 ----a-w- C:\win-forensics-tools\Other\RamCapturer\RamCapturer.exe 2015-08-30 04:29:33 C7F7964D824052AD3317BFF74FA0080E 101472 ----a-w- C:\win-forensics-tools\Other\SysExporter(x64)\SysExporter.exe 2015-08-30 04:29:33 AD398E0EF8FA5E122B8589CCCAE90DF2 40032 ----a-w- C:\win-forensics-tools\Other\ShellMenuView\ShellMenuView.exe 2015-08-30 04:29:33 9B7F69E8DAC0EC1ABF268398871BEE9B 392840 ----a-w- C:\win-forensics-tools\Other\TeamViewer\CertMgr\321-WindowsXP-KB931125-rootsupd.exe 2015-08-30 04:29:33 67A6B83CD9CCAC4BD89ED5A6B81E7C31 71168 ----a-w- C:\win-forensics-tools\Other\TeamViewer\CertMgr\CertMgr64.exe 2015-08-30 04:29:33 470312D656984438E4B519BFB6208D37 43616 ----a-w- C:\win-forensics-tools\Other\SysExporter\SysExporter.exe 2015-08-30 04:29:33 3806884CE5EC86F957250DAA1EB2B9FA 155472 ----a-w- C:\win-forensics-tools\Other\TeamViewer\TeamViewerPortable\TeamViewerPortable.exe 2015-08-30 04:29:33 1F304AF230F3FF8DEF1E8F3021869E97 148192 ----a-w- C:\win-forensics-tools\Other\RamCapturer\RamCapture64.exe 2015-08-30 04:29:33 10FA12FE37BC5211ACEB4CF74672E9D1 1594880 ----a-w- C:\win-forensics-tools\Other\TeamViewer\TeamViewerL.exe 2015-08-30 04:29:33 102D7F779E4C9420F04AE4F2C1980C4E 93280 ----a-w- C:\win-forensics-tools\Other\ShellMenuView(x64)\ShellMenuView.exe 2015-08-30 04:29:33 0C0FA900FCE603C949E67A7D3F2B9150 65536 ----a-w- C:\win-forensics-tools\Other\TeamViewer\CertMgr\CertMgr32.exe 2015-08-30 04:29:33 00B88A9E514A5B8AC184556E5A7DEA60 83040 ----a-w- C:\win-forensics-tools\Other\SearchMyFiles\SearchMyFiles.exe 2015-08-30 04:29:32 FB26FDE44DA7A62B6A575E40C935E27B 40544 ----a-w- C:\win-forensics-tools\Other\Clipboardic\Clipboardic.exe 2015-08-30 04:29:32 EE5046444D17054D1D1CF6B03CD63B2C 94304 ----a-w- C:\win-forensics-tools\Other\ESEDatabaseView\ESEDatabaseView.exe 2015-08-30 04:29:32 E00DE20F0F6BED5CD2160247DDC9443B 38912 ----a-w- C:\win-forensics-tools\Other\ERUNT\AUTOBACK.EXE 2015-08-30 04:29:32 DFBCD1F8C71B2C509D4847DAA615D9C9 32768 ----a-w- C:\win-forensics-tools\Other\pcANYWHEREHostsScanner\pcANYWHEREHostsScanner.exe 2015-08-30 04:29:32 CA3E8E41912DBCFE9997F2B583BF08F4 50272 ----a-w- C:\win-forensics-tools\Other\ProcessActivityView\ProcessActivityView.exe 2015-08-30 04:29:32 B66395FCD7E27E5C263FE172323ACC7A 1662976 ----a-w- C:\win-forensics-tools\Other\MailCure\MailCure.exe 2015-08-30 04:29:32 B16C62CF3B7CE55A87EB55AD40E112B7 198240 ----a-w- C:\win-forensics-tools\Other\NK2Edit\nk2edit_32_bit.exe 2015-08-30 04:29:32 AE54A1956D0F5A7A2A02B5ACE1BB0018 80480 ----a-w- C:\win-forensics-tools\Other\ExifDataView\ExifDataView.exe 2015-08-30 04:29:32 A4424C35EFC0019840F814CF03241946 127712 ----a-w- C:\win-forensics-tools\Other\RamCapturer\RamCapture.exe 2015-08-30 04:29:32 9CFBF24A6716BB2D5EE85D90A34548FE 2498048 ----a-w- C:\win-forensics-tools\Other\IMHistoryBrowser\IMHistoryBrowser.exe 2015-08-30 04:29:32 8AAF428210575AED5CEBC1B5702FB366 140288 ----a-w- C:\win-forensics-tools\Other\ERUNT\NTREGOPT.EXE 2015-08-30 04:29:32 89219601CEF397E20574D4FD029E0DF5 13408 ----a-w- C:\win-forensics-tools\Other\NK2Edit\NK2Edit.exe 2015-08-30 04:29:32 8636BD2325C4F96FC53CC03BE6B86A35 684328 ----a-w- C:\win-forensics-tools\Other\MailCure\MailCureApp.exe 2015-08-30 04:29:32 831B034697849CACBE7A363D47F2E445 34816 ----a-w- C:\win-forensics-tools\Other\InsideClipboard\InsideClipboard.exe 2015-08-30 04:29:32 5AF6B376E660805759683865437ACBC0 36352 ----a-w- C:\win-forensics-tools\Other\CurrProcess\CurrProcess.exe 2015-08-30 04:29:32 487086B69F2CF934764B87A5C66257DE 117856 ----a-w- C:\win-forensics-tools\Other\ProcessActivityView(x64)\ProcessActivityView.exe 2015-08-30 04:29:32 37CE17FFC91AEC534ABDBA100956DF0B 104032 ----a-w- C:\win-forensics-tools\Other\AlternateStreamView(x64)\AlternateStreamView.exe 2015-08-30 04:29:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\win-forensics-tools\Other\ERUNT\ERUNT.EXE 2015-08-30 04:29:32 2A1BC3F8D26ACC0D4CC9610D2F33D245 42592 ----a-w- C:\win-forensics-tools\Other\AlternateStreamView\AlternateStreamView.exe 2015-08-30 04:29:32 29EDFC2C6B32C14F7143B366A4074626 306784 ----a-w- C:\win-forensics-tools\Other\NK2Edit\nk2edit_64_bit.exe 2015-08-30 04:29:28 FDF0F433E8E250AD57F1F45D7E908AB6 503696 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\tshark.exe 2015-08-30 04:29:28 A11A2F0CFE6D0B4C50945989DB6360CD 915128 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\WinPcap_4_1_3.exe 2015-08-30 04:29:28 9DE69002B7E3943E425FD38094945B6F 335248 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\text2pcap.exe 2015-08-30 04:29:28 914C4AB6BDF061F7A0A0ECCC269C66A6 2705808 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\Wireshark.exe 2015-08-30 04:29:27 F05648E5981D206BF7D8902A16CFF3F9 342416 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\rawshark.exe 2015-08-30 04:29:27 78940C2B399CC82CE11D65EFB9944ED5 311184 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\mergecap.exe 2015-08-30 04:29:27 55D69F80984AABD0AF4606CDEA38D4B0 3233280 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\qtshark.exe 2015-08-30 04:29:27 206B1CEBCEE75B2C62F12C33E4995A6E 306576 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\reordercap.exe 2015-08-30 04:29:21 33D0C6D2E112B562828675CB9D44E74D 332176 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\editcap.exe 2015-08-30 04:29:21 0E9FBB8E2D32ED39A43998FCAC9D8B3E 374672 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\dumpcap.exe 2015-08-30 04:29:21 0E135F828951191FE7D3A1A9A76A5388 320400 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\App\Wireshark\capinfos.exe 2015-08-30 04:29:20 9D31A3CE6EB9801B1948FF838001F8DD 428029 ----a-w- C:\win-forensics-tools\Network Tools\WShark\winpcap-4-12.exe 2015-08-30 04:29:20 87B2A2C2D5036B3928D8EC4C9032DD65 344590 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WiresharkPortable\WiresharkPortable.exe 2015-08-30 04:29:20 7D2F45B165BCEED44B81B47A9AA58BE3 3612880 ----a-w- C:\win-forensics-tools\Network Tools\LANSearchPro\64-bit\lansearch.exe 2015-08-30 04:29:20 7676123BEDE845E0E8B7E4DFE4B1C3EE 824928 ----a-w- C:\win-forensics-tools\Network Tools\WirelessNetworkWatcher\WirelessNetworkWatcher.exe 2015-08-30 04:29:20 639E55837E7AD6675A8C2E6F379CDE49 1658368 ----a-w- C:\win-forensics-tools\Network Tools\WShark\WShark.exe 2015-08-30 04:29:20 09E8CF6D9709CF23A9F55958CA9A4B49 809472 ----a-w- C:\win-forensics-tools\Network Tools\NetworkScanner\NetworkScanner.exe 2015-08-30 04:29:19 EEDFFE7B5829F8407EEC42CFDBD12596 36352 ----a-w- C:\win-forensics-tools\Network Tools\DNSDataView\DNSDataView.exe 2015-08-30 04:29:19 EE149FF9CE59CAB38F8E48FF0FEC4498 1596928 ----a-w- C:\win-forensics-tools\Network Tools\LANSearchPro\LANSearchPro.exe 2015-08-30 04:29:19 C5FEC6F0C922B4F12004AA22B1CF0A41 2264784 ----a-w- C:\win-forensics-tools\Network Tools\LANSearchPro\32-bit\lansearch.exe 2015-08-30 04:29:18 C973B29442A4F1FAD5D95D4E1D3CE684 1636864 ----a-w- C:\win-forensics-tools\Malware\Stinger\Stinger.exe 2015-08-30 04:28:42 4FCB2B6FC972F37BB3B77BB6C5BC77F8 16384 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\lib\w9xpopen.exe 2015-08-30 04:28:41 EC275D2046DE0E432A66D484F0B182D4 245760 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\QRecover.exe 2015-08-30 04:28:41 4FCB2B6FC972F37BB3B77BB6C5BC77F8 16384 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\w9xpopen.exe 2015-08-30 04:28:41 2B4CB536AF36DD1D40531EC4F9A704FE 114688 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\sigtool.exe 2015-08-30 04:28:41 12B41065EE1DE6647577DA8707BC9D34 53248 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\WClose.exe 2015-08-30 04:28:40 F316FB06197225B902E9A1C3F8C58CC6 47712 ----a-w- C:\win-forensics-tools\Browser History\MozillaCookiesView\MozillaCookiesView.exe 2015-08-30 04:28:40 F1487D5C92256D7165DEF91DB7FA50F6 181856 ----a-w- C:\win-forensics-tools\Log Viewers\SkypeLogView\SkypeLogView.exe 2015-08-30 04:28:40 F1487D5C92256D7165DEF91DB7FA50F6 181856 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\SkypeLogView\SkypeLogView.exe 2015-08-30 04:28:40 EDCB816ABE6BAFD8DB69D42692F0CBCE 68608 ----a-w- C:\win-forensics-tools\Browser History\SafariHistoryView\SafariHistoryView.exe 2015-08-30 04:28:40 E7EC4A533FF1C7DC27575AB740B60A48 122464 ----a-w- C:\win-forensics-tools\Log Viewers\MyEventViewer(x64)\MyEventViewer.exe 2015-08-30 04:28:40 E7EC4A533FF1C7DC27575AB740B60A48 122464 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\MyEventViewer(x64)\MyEventViewer.exe 2015-08-30 04:28:40 C66D21A7D3C6DAEC83D546623E8FCDF8 62560 ----a-w- C:\win-forensics-tools\Browser History\IECookiesView\IECookiesView.exe 2015-08-30 04:28:40 C51DAA6ECEABBDEC2D244C4E462F7852 77408 ----a-w- C:\win-forensics-tools\Browser History\WebCacheImageInfo\WebCacheImageInfo.exe 2015-08-30 04:28:40 B24A969B6E269A3574B410D8A252B23A 222816 ----a-w- C:\win-forensics-tools\Log Viewers\BluetoothLogView\BluetoothLogView.exe 2015-08-30 04:28:40 B24A969B6E269A3574B410D8A252B23A 222816 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\BluetoothLogView\BluetoothLogView.exe 2015-08-30 04:28:40 ADE37FB974703E236C1DE47785B9B633 41984 ----a-w- C:\win-forensics-tools\Browser History\OperaCacheView\OperaCacheView.exe 2015-08-30 04:28:40 AD516D3B539011F04FC7D464601B5CE2 98304 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\clamscan.exe 2015-08-30 04:28:40 A4DFA6B87F64D64B325A402E492C8646 461312 ----a-w- C:\win-forensics-tools\Browser History\SafariCacheView\SafariCacheView.exe 2015-08-30 04:28:40 A20C1C3DD1F2228ED05FFCF73F245B59 52320 ----a-w- C:\win-forensics-tools\Browser History\IECacheView\IECacheView.exe 2015-08-30 04:28:40 9CD19056BCC1A9CC83C6C53647251D46 53248 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\ClamWin.exe 2015-08-30 04:28:40 94BFC699768555946D4E75DDAF87C6CA 109152 ----a-w- C:\win-forensics-tools\Log Viewers\WinPrefetchView(x64)\WinPrefetchView.exe 2015-08-30 04:28:40 94BFC699768555946D4E75DDAF87C6CA 109152 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\WinPrefetchView(x64)\WinPrefetchView.exe 2015-08-30 04:28:40 8C7052EB992A1C847DF953E15F49C9BC 62560 ----a-w- C:\win-forensics-tools\Log Viewers\USBDeview\USBDeview.exe 2015-08-30 04:28:40 8C7052EB992A1C847DF953E15F49C9BC 62560 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\USBDeview\USBDeview.exe 2015-08-30 04:28:40 8A1CBBDB96154803438CC94F91EB337E 50272 ----a-w- C:\win-forensics-tools\Log Viewers\WinPrefetchView\WinPrefetchView.exe 2015-08-30 04:28:40 8A1CBBDB96154803438CC94F91EB337E 50272 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\WinPrefetchView\WinPrefetchView.exe 2015-08-30 04:28:40 87C351AAE86B5CC008F10E3100646B4D 62560 ----a-w- C:\win-forensics-tools\Browser History\MyLastSearch\MyLastSearch.exe 2015-08-30 04:28:40 84A292D220CA910C70E87B2838828C68 137344 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\ClamWinPortable.exe 2015-08-30 04:28:40 8206B8954C1376DE051810F998633200 225280 ----a-w- C:\win-forensics-tools\iPhone\iPhoneBrowser\iPhoneBrowser.exe 2015-08-30 04:28:40 818CEF3438A8636FDAA89D12393742B8 169056 ----a-w- C:\win-forensics-tools\Log Viewers\USBDeview(x64)\USBDeview.exe 2015-08-30 04:28:40 818CEF3438A8636FDAA89D12393742B8 169056 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\USBDeview(x64)\USBDeview.exe 2015-08-30 04:28:40 6E544ADBA690CB0B8BEBD62B4A6DE703 126976 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\freshclam.exe 2015-08-30 04:28:40 6D2907C974345045FF217246CC57D40A 50784 ----a-w- C:\win-forensics-tools\Log Viewers\MyEventViewer\MyEventViewer.exe 2015-08-30 04:28:40 6D2907C974345045FF217246CC57D40A 50784 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\MyEventViewer\MyEventViewer.exe 2015-08-30 04:28:40 6CBC569D4BDE2C7C465F28949F78BDBD 65120 ----a-w- C:\win-forensics-tools\Browser History\MozillaCacheView\MozillaCacheView.exe 2015-08-30 04:28:40 66822C748B5A1B4F52079C658D1F2B9C 39008 ----a-w- C:\win-forensics-tools\Log Viewers\RecentFilesView\RecentFilesView.exe 2015-08-30 04:28:40 66822C748B5A1B4F52079C658D1F2B9C 39008 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\RecentFilesView\RecentFilesView.exe 2015-08-30 04:28:40 652C21028A8F7EDDCBBCB33002F1CEC4 12800 ----a-w- C:\win-forensics-tools\iPhone\iPhoneBackupBrowser\mbdbdump.exe 2015-08-30 04:28:40 5B3B48C657ECFB70463257ABB8D2BAF2 1609728 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWin.exe 2015-08-30 04:28:40 56BBE8FC4E49792496DE296729C51A74 537184 ----a-w- C:\win-forensics-tools\Log Viewers\USBLogView\USBLogView.exe 2015-08-30 04:28:40 56BBE8FC4E49792496DE296729C51A74 537184 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\USBLogView\USBLogView.exe 2015-08-30 04:28:40 4F4D6C4E6A714EA1475AA6AAB821BC59 43616 ----a-w- C:\win-forensics-tools\Log Viewers\WinUpdatesList\WinUpdatesList.exe 2015-08-30 04:28:40 4F4D6C4E6A714EA1475AA6AAB821BC59 43616 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\WinUpdatesList\WinUpdatesList.exe 2015-08-30 04:28:40 464CF046AC54F31D1A69E358054A7477 86016 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\bin\ClamTray.exe 2015-08-30 04:28:40 3E62C5B50FF5D6724CF20B536235085E 51808 ----a-w- C:\win-forensics-tools\Browser History\MozillaHistoryView\MozillaHistoryView.exe 2015-08-30 04:28:40 248AD7CA43EA071FC35783F845A725FC 38400 ----a-w- C:\win-forensics-tools\Browser History\IEHistoryView\IEHistoryView.exe 2015-08-30 04:28:40 22F2AD781DD832A3CF22630DAD48A6F3 223840 ----a-w- C:\win-forensics-tools\Log Viewers\VideoCacheView(x64)\VideoCacheView.exe 2015-08-30 04:28:40 22F2AD781DD832A3CF22630DAD48A6F3 223840 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\VideoCacheView(x64)\VideoCacheView.exe 2015-08-30 04:28:40 1F0D93F5DDC7434C40D6CA59AEA40265 85600 ----a-w- C:\win-forensics-tools\Log Viewers\VideoCacheView\VideoCacheView.exe 2015-08-30 04:28:40 1F0D93F5DDC7434C40D6CA59AEA40265 85600 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\VideoCacheView\VideoCacheView.exe 2015-08-30 04:28:40 1731039EE28F3D287177E84FEEA5A750 101984 ----a-w- C:\win-forensics-tools\Log Viewers\LastActivityView\LastActivityView.exe 2015-08-30 04:28:40 1731039EE28F3D287177E84FEEA5A750 101984 ----a-w- C:\win-forensics-tools\Copy of Log Viewers\LastActivityView\LastActivityView.exe 2015-08-30 04:28:40 049C507134B1BE62CAD4426663BFBCB8 92160 ----a-w- C:\win-forensics-tools\iPhone\iPhoneBackupBrowser\iphonebackupbrowser.exe 2015-08-30 04:28:38 F28A33ACC7045EA8B2D1EDAF8569840E 62048 ----a-w- C:\win-forensics-tools\Browser History\ChromeCacheView\ChromeCacheView.exe 2015-08-30 04:28:38 EEB60F47EDEF3519B04DE6C08F547A02 892928 ----a-w- C:\win-forensics-tools\Browser History\Historian\Historian.exe 2015-08-30 04:28:38 DAD39CCE3B71137119403C991F1CA525 344160 ----a-w- C:\win-forensics-tools\Browser History\BrowsingHistoryView\BrowsingHistoryView.exe 2015-08-30 04:28:38 AD620B6251A813E757594373FB879083 75872 ----a-w- C:\win-forensics-tools\Browser History\FBCacheView\FBCacheView.exe 2015-08-30 04:28:38 AB123FD3EAE6C103AED5D0660D2910D2 303712 ----a-w- C:\win-forensics-tools\Browser History\FirefoxDownloadsView\FirefoxDownloadsView.exe 2015-08-30 04:28:38 9F5D8F348479D5E8011A22D2226192A0 46176 ----a-w- C:\win-forensics-tools\Browser History\FavoritesView\FavoritesView.exe 2015-08-30 04:28:38 797FA34347CC85C777A18192DCF50B6D 41984 ----a-w- C:\win-forensics-tools\Browser History\FlashCookiesView\FlashCookiesView.exe 2015-08-30 04:28:38 5FDA6C432F803F823402C90C3A4876BC 463968 ----a-w- C:\win-forensics-tools\Browser History\BrowsingHistoryView(x64)\BrowsingHistoryView.exe 2015-08-30 04:26:12 AF14F8E99253D10A65D9ED311FA711F2 6604744 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\TrueImageHomeInstall.exe 2015-08-30 04:26:09 AF14F8E99253D10A65D9ED311FA711F2 6604744 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\TrueImageHomeInstall.exe 2015-08-30 04:26:04 DF25B4DD1B3A984BA3DEA321A91BC409 3250240 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\Chrome\rf-chrome-nm-host.exe 2015-08-30 04:25:59 03CDDEBABCD14AF58922C6593A6E1AF2 253008 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\identities.exe 2015-08-30 04:25:55 D5D070EC4AC359C9FB3D13EA7BB89F3A 4792912 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\rfwipeout.exe 2015-08-30 04:25:55 8D11D5D9D150BC9CFB2009DA47EB3366 64080 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\passwordgenerator.exe 2015-08-30 04:25:51 6F1737DB7FFAFBDDF721700C67C167FB 74320 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\robotaskbaricon-x64.exe 2015-08-30 04:25:50 FB54732797F0A25A76C2896DB0A3A308 110160 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\robotaskbaricon.exe 2015-08-30 04:25:47 EFAD25B455DA6E8258B4D098CD18F9CA 17364968 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RoboForm-Setup.exe 2015-08-30 04:25:47 BFB89870D4FBF11328F409D9B8B0A7D0 1498368 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\Temp1_speedyfox.zip\speedyfox.exe 2015-08-30 04:25:12 53820EFBC952107EE1A38BE6CD5AA3F0 1822848 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Music\iTunes\ACR38_MSI_Winx86_1120_P\ACR38_MSI_Winx86_1120_P\redist\InstMsiW.exe 2015-08-30 04:25:12 489A51CEB8F8FE145FA3F19DF02C8547 236056 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Music\iTunes\ACR38_MSI_Winx86_1120_P\ACR38_MSI_Winx86_1120_P\Setup.exe 2015-08-30 04:21:43 293A6EC59C28EB50B1530348EC87C172 3294328 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\RaidLabsFileUneraser21\Setup.exe 2015-08-30 04:20:41 E6EBE13418733BCC15F9B68668D01C36 6337032 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Desktop\geek.exe 2015-08-28 20:54:43 727602958ADF261B5ABBCBA93C823980 102400 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\CertUtils\certutil.exe 2015-08-28 09:32:08 3D2BF28DA426821187108BF00540596C 137392 ----a-w- C:\Program Files (x86)\AOMEI Backupper\vsscom.exe 2015-08-28 09:31:59 D7C2F84715C169F33DF3589D471B2C8B 99544 ----a-w- C:\Program Files (x86)\AOMEI Backupper\LoadDrv.exe 2015-08-28 09:31:57 880D2336049D4092B66011F152286BB4 101080 ----a-w- C:\Program Files (x86)\AOMEI Backupper\Winpe64\PeLoadDrv.exe 2015-08-28 09:31:57 35C131CC5E9921D9C79E15A8A167D206 8372440 ----a-w- C:\Program Files (x86)\AOMEI Backupper\Winpe64\Backupper.exe 2015-08-28 09:31:56 B37E75CF3CB1F3862E00BCD96473661F 1097432 ----a-w- C:\Program Files (x86)\AOMEI Backupper\PxeUi.exe 2015-08-28 09:31:56 6065FB9344E2B050C15485E94D664759 523328 ----a-w- C:\Program Files (x86)\AOMEI Backupper\msbios\bootmgr.exe 2015-08-28 09:31:55 C8DBB14D1B8508095AB0FD7FF6750933 29912 ----a-w- C:\Program Files (x86)\AOMEI Backupper\ABService.exe 2015-08-28 09:31:55 831B9FCB83DC70BBC295928F3C7F32FE 134872 ----a-w- C:\Program Files (x86)\AOMEI Backupper\Info.exe 2015-08-28 09:31:55 7AE309A24987E031981E4D7FDBFB5AFF 77528 ----a-w- C:\Program Files (x86)\AOMEI Backupper\ValidCheck.exe 2015-08-28 09:31:55 6C2A14376F85968D4F89F19D8D3FFB7D 17624 ----a-w- C:\Program Files (x86)\AOMEI Backupper\PeLoadDrv.exe 2015-08-28 09:31:54 A363E6613B428C30F4FF14B6BF093B22 1174979 ----a-w- C:\Program Files (x86)\AOMEI Backupper\unins000.exe 2015-08-28 09:31:54 76810D8351D2B8DA43FDDF33B5728FB1 4746968 ----a-w- C:\Program Files (x86)\AOMEI Backupper\MakeDisc.exe 2015-08-28 09:31:54 338289F7D4865E1CE3B2525CF4984877 7532248 ----a-w- C:\Program Files (x86)\AOMEI Backupper\Backupper.exe 2015-08-28 08:34:37 AF14F8E99253D10A65D9ED311FA711F2 6604744 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\EB9B8DE67C7D40F6B4743B7116E043A9\TrueImageHomeInstall.exe 2015-08-28 08:34:35 AF14F8E99253D10A65D9ED311FA711F2 6604744 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\18226ED9FB81442C9A7F4A914E30C1C0\TrueImageHomeInstall.exe 2015-08-27 11:01:44 CA2BF914BD7CDA1F7787EE8CC7BC21D5 5238232 ----a-w- C:\Program Files (x86)\XnView\xnview.exe 2015-08-27 11:01:44 525069DABF0E224533EABA59972654E5 200704 ----a-w- C:\Program Files (x86)\XnView\PlugIns\slide.exe 2015-08-27 11:01:44 475AE6A81E52774832701E88133822F7 734200 ----a-w- C:\Program Files (x86)\XnView\unins000.exe 2015-08-27 04:21:18 EFAD25B455DA6E8258B4D098CD18F9CA 17364968 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\RoboForm-Setup.exe 2015-08-27 04:20:21 BC949C957CEB9FAFDF0F3949CDDF1A72 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-08-27 04:20:21 7080B965215703EA1340C3C4903C7D73 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-08-27 04:20:21 5DC0128E8A2017E82289191820C736A5 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-08-27 04:19:46 D94C31E9C9C9A1273CC67DC6FFAF9984 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\policytool.exe 2015-08-27 04:19:46 BDFF5086FC1F20E631A070EEF43A7BEC 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\tnameserv.exe 2015-08-27 04:19:46 B804A4E31F4BAD4D5BA05FE684756BA2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\servertool.exe 2015-08-27 04:19:46 7A0DE452F677EF2971C7B75B0267B6ED 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssvagent.exe 2015-08-27 04:19:46 6A5A2FDB6D09E02A3283C55237DA10F6 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\unpack200.exe 2015-08-27 04:19:46 606A24A64E164B345A79F8F22A5DAC6F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\pack200.exe 2015-08-27 04:19:46 5A503CFE5B553A9721A469FCC9CE8562 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmiregistry.exe 2015-08-27 04:19:46 3292748E640429C2682484BD23D43F6B 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmid.exe 2015-08-27 04:19:46 08427EADE480F21412696582170B1167 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\orbd.exe 2015-08-27 04:19:45 E408E46C5DD2D03A7474AA12BAABEFEE 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\klist.exe 2015-08-27 04:19:45 B9DE149653ED8B9C5C6CB68131AB66D2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jjs.exe 2015-08-27 04:19:45 30387BE3E5D04FE969B731441C89D2D8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ktab.exe 2015-08-27 04:19:45 21B5D297A9191E4D833BB39456CEDAD0 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\kinit.exe 2015-08-27 04:19:45 0FCF9F3D9518B90FB58CC950FA33998C 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2launcher.exe 2015-08-27 04:19:45 0F6E0DD1263ACB2A1AC559BB7742B54D 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\keytool.exe 2015-08-27 04:19:44 BC949C957CEB9FAFDF0F3949CDDF1A72 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe 2015-08-27 04:19:44 8C6BDB56CD4DEED1AF2790D37B54CFE9 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe 2015-08-27 04:19:44 86CC77A8189758834CF83F7F2FEA5162 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java-rmi.exe 2015-08-27 04:19:44 7080B965215703EA1340C3C4903C7D73 274016 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaws.exe 2015-08-27 04:19:44 5DC0128E8A2017E82289191820C736A5 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe 2015-08-27 04:19:44 262BBCE84B9C8784CC5A5E1975898022 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jabswitch.exe === C: other files == 2015-09-01 08:56:49 FCEB5D2ECAB2DCD63628CC2B95248A0A 31220 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\iexplore.bat 2015-09-01 08:56:49 F836546B0C268B8930447AD51C19B683 1568 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\delfolders.bat 2015-09-01 08:56:49 F4C7212D69D4C70DEB8BFDB77A7FB341 12100 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\runvalues.bat 2015-09-01 08:56:49 E0A0B0442A4ED95A003A1C0F0AE63E2B 4910 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\chrome_pref.bat 2015-09-01 08:56:49 D459F9602E5A43B00385533D5A68E873 151055 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\misc.bat 2015-09-01 08:56:49 CA495C330AF9FB8D8608A536D6377909 7910 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\chrome.bat 2015-09-01 08:56:49 C74DACC98CBDA29BA34D82665E6C43FF 2245 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\medfos.bat 2015-09-01 08:56:49 B23B16209341AEAE62A7D32117A36F55 1192 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\TDL4.bat 2015-09-01 08:56:49 A8F5541C419593F3ECAC0E0A3FB0F2BA 1162 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\surfvox.bat 2015-09-01 08:56:49 9C9A5690717C49EA3F155F24A097E1A3 17606 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\get.bat 2015-09-01 08:56:49 93A6196509429319C854A941F14F1E7C 252 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\ev_clear.bat 2015-09-01 08:56:49 9246BABAAAE2978EABF6F0D784B0683D 34543 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\prelim.bat 2015-09-01 08:56:49 81F82F01664FD84D77EF8521A2C39463 23026 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\ask.bat 2015-09-01 08:56:49 7C2536139B5D838D88D3E0082F9A77FC 167302 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\firefox.bat 2015-09-01 08:56:49 5AA2EDB2A4E406EDBCF2281726A7557B 9123 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\searchlnk.bat 2015-09-01 08:56:49 3FF35FA6DEAAE10308284F654477F10D 17100 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\jrt\mws.bat 2015-08-31 16:45:52 80BDA029F2711C7C395AFBA7F519BBDD 963213 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2015-08-31 16:45:51 80BDA029F2711C7C395AFBA7F519BBDD 963213 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\tmp-vbd.xpi 2015-08-31 15:20:59 AD78AE349363FA5E024D9FE466444039 48845933 ----a-w- C:\Users\Gebruiker\AppData\Local\ElevatedDiagnostics\2560293460\2015083115.000\DataStoreAndWULogFiles.zip 2015-08-31 07:27:55 D3BF1077926ED41ABFB0B4BB127E2FD1 48927328 ----a-w- C:\Users\Gebruiker\AppData\Local\ElevatedDiagnostics\2560293460\2015083107.001\DataStoreAndWULogFiles.zip 2015-08-31 07:04:36 8BE1F8374DB6D667BFA62EF7CDAAA579 48833174 ----a-w- C:\Users\Gebruiker\AppData\Local\ElevatedDiagnostics\2560293460\2015083107.000\DataStoreAndWULogFiles.zip 2015-08-30 16:04:15 C1D9B124D8601342C68F9878013BE5EB 74654 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\tmp-cld.xpi 2015-08-30 13:11:00 C1D9B124D8601342C68F9878013BE5EB 74654 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\689\C\Users\Gebruiker\AppData\Local\Temp\tmp-rwi.xpi 2015-08-30 11:18:24 C1D9B124D8601342C68F9878013BE5EB 74654 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\tmp-rwi.xpi 2015-08-30 04:29:33 AF50E2A675F0640595780AABD13D7BF1 12832 ----a-w- C:\win-forensics-tools\Other\RamCapturer\RamCaptureDriver64.sys 2015-08-30 04:29:33 A0B70856BFB62B31911BC9F113BF10C3 12320 ----a-w- C:\win-forensics-tools\Other\RamCapturer\RamCaptureDriver.sys 2015-08-30 04:29:32 1F725529137C42AB8A905AF47E35442A 5417 ----a-w- C:\win-forensics-tools\Other\ERUNT\LOC_GER.ZIP 2015-08-30 04:28:41 1607C985B7FD98FB4B35C3E52A8C67B7 6287418 ----a-w- C:\win-forensics-tools\Malware\ClamWin\ClamWinPortable\App\clamwin\lib\clamwin.zip 2015-08-30 04:26:04 C25431FDDED74D92BE6736632CD5037D 107991 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\Chrome\rf-chrome.crx 2015-08-30 04:26:00 9ABBB320F04DD6324CEDC5B336DB7657 86010 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\RFS4.tmp\Firefox\roboform.xpi 2015-08-30 04:25:47 80BDA029F2711C7C395AFBA7F519BBDD 963213 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\tmp-571.xpi 2015-08-30 04:25:46 C1D9B124D8601342C68F9878013BE5EB 74654 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\AppData\Local\Temp\tmp-ldi.xpi 2015-08-30 04:22:30 B2FD21D75A54689BCB3DE5475C1D75B9 45056 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACR38(FW110)\a38usbx64.sys 2015-08-30 04:22:30 8378A77DFAF832A7ACBE90F59066FF9A 14080 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACR38(FW110)\acr38svr.sys 2015-08-30 04:22:30 41AB03F6E54D850BD895259DC839B837 38528 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACR38(FW110)\a38usb.sys 2015-08-30 04:22:30 0FA03F53C0A635513F34B3D85BA1D361 17674 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACR38(FW110)\a38usb98.sys 2015-08-30 04:22:29 BE31D153E6FF2D82FB7145F892872AF2 38912 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACSCCID\a38cd98.sys 2015-08-30 04:22:29 738D8CD9F90F11D62F85A9304BF8B8F8 39424 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACSCCID\a38ccid.sys 2015-08-30 04:22:29 099047A64AB60D8588A86839904339A6 46720 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\ACR38_Driver_Win_1168_P\ACSCCID\a38ccidx64.sys 2015-08-30 04:21:56 9063C12C81C5442109D28CAFA37A700E 9202609 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\My Backups\mybackup.zip 2015-08-30 04:21:54 1A264FBC0B7FD301A312E3714F60A3FA 7111609 ----a-r- C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\FileHistory\Data\682\C\Users\Gebruiker\Documents\My Backups\mybackup[5].zip 2015-08-29 18:00:13 80BDA029F2711C7C395AFBA7F519BBDD 963213 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\tmp-571.xpi 2015-08-28 20:54:43 AD2B8BC22259A8DBA5BDA074DBDD60D7 1840349 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\CertUtils.zip 2015-08-28 20:54:41 9421B20FBD3FD434DB36C743811441D8 26616 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\extensions\belgiumeid@eid.belgium.be.xpi 2015-08-28 20:51:30 9ABBB320F04DD6324CEDC5B336DB7657 86010 ----a-w- C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi 2015-08-28 09:32:06 9D6956A382EE791013B3FE4B7206D8C7 14392 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\i386\amwrtdrv.sys 2015-08-28 09:32:06 9059308FD5FE4317B6C489CA570567CB 129720 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\i386\ammntdrv.sys 2015-08-28 09:32:06 012C5F4E9349E711E11E0F19A8589F0A 28032 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\i386\msahci.sys 2015-08-28 09:32:04 DEB88D6B0D7CE5FB78FC4AB88E6B0C43 26424 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\i386\ambakdrv.sys 2015-08-28 09:32:03 C25F0BAFA182CBCA2DD3C851C2E75796 31104 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\amd64\msahci.sys 2015-08-28 09:32:03 7CD08E63219E00BB206077F5BA708677 17848 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\amd64\amwrtdrv.sys 2015-08-28 09:32:03 46014EDFDC8AF8733E14947448D122C5 151480 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\amd64\ammntdrv.sys 2015-08-28 09:32:00 E019017558B28A707119F8545AD1A1C0 30648 ----a-w- C:\Program Files (x86)\AOMEI Backupper\driver\amd64\ambakdrv.sys 2015-08-28 09:31:59 E019017558B28A707119F8545AD1A1C0 30648 ----a-w- C:\Windows\System32\ambakdrv.sys 2015-08-28 09:31:59 7CD08E63219E00BB206077F5BA708677 17848 ----a-w- C:\Windows\System32\amwrtdrv.sys 2015-08-28 09:31:59 46014EDFDC8AF8733E14947448D122C5 151480 ----a-w- C:\Windows\System32\ammntdrv.sys 2015-08-28 09:31:56 D4BEFEBF3CEF129AC087422B9E912788 4096 ----a-w- C:\Program Files (x86)\AOMEI Backupper\msbios\ETFSBOOT.COM 2015-08-28 08:48:05 EBBAEA02F0095A798000C7E06B16D41B 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys 2015-08-27 07:25:45 C1D9B124D8601342C68F9878013BE5EB 74654 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\tmp-ldi.xpi 2015-08-27 04:19:46 4E221C69F3B103481534D1B6CB6A90DD 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-21-174170113-1959642047-2039998945-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "TosWaitSrv"="C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe" "TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe" "SRS Premium Sound HD"="C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /f=C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip /h" "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadwin PrintScreen] "command"="\"C:\\Program Files (x86)\\Gadwin Systems\\PrintScreen\\PrintScreen.exe\" /nosplash" "hkey"="HKCU" "item"="Gadwin PrintScreen" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/08/2015 16:27] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\Open URL by RoboForm" [C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNJNJHMPMJMNMMJMMCNLJLMGMHMCNLMKJKJLJCNGMHMKJNJCNKMNMNJJMNMKJJJKJHMOJLJMJJNJICMIMCNGMCNOMKMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMIMIMJNHICMOMNMKJOMMMJNBJCMILKJNJNIKIGJEJKJNIJNKJCMJNNICMJNDJCMBJDJJNMJCMPMFMLMOMFMNMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"] "C:\WINDOWS\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{634082CA-7E71-489C-B801-150D5B977529}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default user_pref("browser.startup.homepage", "http://www.hln.be/hln/nl/1/home/actua/index.dhtml"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn" [02/09/2015 12:28] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi" [28/08/2015 22:50] ==== Firefox Extensions ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default - Clickamp;Clean - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default\extensions\clickclean@hotcleaner.com - Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Thunderbird\Profiles\ksyv81rp.default - Lightning - C:\Users\Gebruiker\AppData\Roaming\Thunderbird\Profiles\ksyv81rp.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - Allow Empty Subject - %ProfilePath%\extensions\{59f0fe53-cd29-49fe-8ae3-2ad2fa7f1c46}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\TomTom\HOME\Profiles\zu7qqgjm.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ys5vlsb1.default EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx[10/07/2015 06:03] iikflkcanblccfahdhdonehdalibjnif - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hln.be/hln/nl/1/home/actua/index.dhtml" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hln.be/hln/nl/1/home/actua/index.dhtml" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {93729DE3-FBAF-4856-9464-81EC9E89AA8A} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B42A61954A95BDF4793594C91B6F3526 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5916A24B-59A4-4FDB-9753-499CB1F65362} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B42A61954A95BDF4793594C91B6F3526 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O8 - Extra context menu item: Formulieren Invullen - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html O8 - Extra context menu item: Formulieren opslaan - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html O8 - Extra context menu item: Menu aanpassen - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files (x86)\AOMEI Backupper\ABService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=147 folders=77 151998994 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 02/09/2015 at 13:10:45,32 ======================