
Zoek.exe Version 5.0.0.0 Updated 06-October-2015
Tool run by Eigenaar on do 08/10/2015 at 14:29:52,42.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: c:\Users\Eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2015-09-28-130101.log	23215 bytes
C:\zoek-results2015-10-05-095746.log	38457 bytes
C:\zoek-results2015-10-06-143903.log	68416 bytes

==== Folders Found ======================

2015-10-01 12:22:04 2015-10-01 12:22:04	--------	d-----w-	C:\ProgramData\Microsoft\Microsoft Security Client
2015-10-01 12:22:04 2015-10-01 12:22:04	--------	d-----w-	C:\Users\All Users\Microsoft\Microsoft Security Client

==== Files Found ======================


==== Registry Search Results for "Microsoft Security" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC6E3177D5407944FBCB027BBE4BE263]
"00000000000000000000000000000000"="02:\\SOFTWARE\\Microsoft\\Microsoft Security Client\\Market"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Control\WMI\Autologger\Microsoft Security Client]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Control\WMI\Autologger\Microsoft Security Client]
"FileName"="C:\\ProgramData\\Microsoft\\Microsoft Security Client\\Support\\Application.etl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Control\WMI\Autologger\Microsoft Security Client\{a1488156-5391-4f34-9214-105e4335f3a4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\Eventlog\Application\Microsoft Security Client]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\Eventlog\Application\Microsoft Security Client]
"EventMessageFile"="C:\\Program Files\\Microsoft Security Client\\MsMpRes.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\Eventlog\Application\Microsoft Security Client Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\Eventlog\System\Microsoft Antimalware]
"EventMessageFile"="C:\\Program Files\\Microsoft Security Client\\MpEvMsg.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\Eventlog\System\Microsoft Antimalware]
"ParameterMessageFile"="C:\\Program Files\\Microsoft Security Client\\MpEvMsg.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\MsMpSvc]
"Description"="@C:\\Program Files\\Microsoft Security Client\\MpAsDesc.dll,-240"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\NisSrv]
"DisplayName"="@C:\\Program Files\\Microsoft Security Client\\MpAsDesc.dll,-243"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\NisSrv]
"Description"="@C:\\Program Files\\Microsoft Security Client\\MpAsDesc.dll,-242"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"e8192b85-86f9-4cc7-90e8-fc9b6cd26a31"="v2.1|Action=Block|Active=TRUE|Dir=In|App=C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe|Svc=MsMpSvc|Name=Regel voor beperking van binnenkomend verkeer voor service MsMpSvc|Desc=Alle binnenkomend verkeer voor service MsMpSvc blokkeren|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"0a214efd-851c-4e60-bbe3-d8db086e8396"="v2.1|Action=Block|Active=TRUE|Dir=Out|App=C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe|Svc=MsMpSvc|Name=Regel voor beperking van uitgaand verkeer van service MsMpSvc|Desc=Alle uitgaande verkeer van service MsMpSvc blokkeren|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{C62B8CC4-4BFE-4E96-B630-57F79FF293D0}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=443|App=C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe|Svc=MsMpSvc|Name=MsMpSvc Outbound for HTTPS|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{D7F60333-A4D7-4DCC-8D0D-1F73F0E47DD9}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|App=C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe|Svc=MsMpSvc|Name=MsMpSvc Outbound for HTTP|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\Eventlog\Application\Microsoft Security Client Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet026\Services\Eventlog\Application\Microsoft Security Client Setup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client Setup]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=854 folders=85 587464844 bytes)

==== EOF on do 08/10/2015 at 14:40:35,43 ======================