Zoek.exe v5.0.0.1 Updated 09-November-2015 Tool run by Cronos on ma 09/11/2015 at 17:08:31,18. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Cronos\Downloads\zoek.exe [Scan all users] [Checkboxes used] ==== System Restore Info ====================== 9/11/2015 17:09:25 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Cronos\AppData\Local\Greenshot deleted successfully C:\Users\Cronos\AppData\Local\Spoon Studio 12 deleted successfully C:\Users\Cronos\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7-Zip 15.10 beta Adobe Flash Player 20 NPAPI Any Video Converter Ultimate 5.8.0 AVG 2015 CCleaner Defraggler Greenshot 1.2.6.7 Intel(R) Chipset Device Software Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (NLD) Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.4053 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.57102 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.0 False Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False Eng Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False Eng Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False Eng Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Mozilla Firefox 42.0 (x86 nl) Mozilla Maintenance Service NVIDIA-configuratiescherm 353.82 NVIDIA 3D Vision stuurprogramma 353.82 NVIDIA Grafisch stuurprogramma 353.82 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 10.4.0 NVIDIA Update Core Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.5.2 (KB2972107) Security Update for Microsoft .NET Framework 4.5.2 (KB2972216) Security Update for Microsoft .NET Framework 4.5.2 (KB2978128) Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Software voor Intel© Chipset-apparaten Transmission-Qt Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player WinRAR 5.30 bŠta 2 (64-bit) ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Cronos\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Cronos\AppData\Roaming\transmission deleted C:\Users\Cronos\CD95F661A5C444F5A6AAECDD91C240EC.TMP deleted C:\PROGRA~3\Package Cache deleted C:\Windows\wininit.ini deleted C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\l8n7map7.default\jetpack deleted "C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\l8n7map7.default\extensions\firefox@ghostery.com.xpi" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8132 MB CPU Info: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz CPU Speed: 3173,6 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: NVIDIA GeForce GTX 745 | NVIDIA GeForce GTX 745 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen niet-PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Realtek PCIe GBE Family Controller | Bluetooth-apparaat (Personal Area Network) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GHB0N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 235,6GB | E: 695,9GB Hard Disks - Free: C: 203,6GB | E: 668,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 03/21/14 | ACRSYS - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire TC-605 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: AVG Internet Security 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security 2015 *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368} Default Browser: Firefox 42.0 Internet Explorer Version: 11.0.9600.18059 Mozilla Firefox version: 42.0 (x86 nl) Flash Player version: 20.0.0.195 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Cronos\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-11-04 17:30:28 908BBA41A5B57DDB126B85EC14DD58EF 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-11-04 17:30:28 0E036A353DB9D8F4F642AC0F9412F09E 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-04 17:30:28 04BB7AF8E0DAE83982155F0752308666 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-04 17:30:27 D586CB95B4EADC0525E8929A241898F5 20357632 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-11-04 17:30:27 C89372B642726F1CF3EB479397976DA3 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-11-04 17:30:27 C848E013BB85C48C787001E1EA36905F 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-04 17:30:27 A7028D5D5E3DCF820B3C0AFE0137A87E 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2015-11-04 17:30:27 9F36964CDB9A920779314395E3911503 504832 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-11-04 17:30:27 7E8EABA6A2B10FE11E2381378A57322B 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-11-04 17:30:27 098F6097F919EE77EA490E16D11E427A 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-11-04 17:30:27 060409834CC8FAC3F1231DA3F0648CC5 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-11-04 17:30:27 00FBEDF0E74AD8815469A95271C0E562 345688 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-11-04 17:30:26 F274AF14C7DB6C52C023BCBDA4197D17 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-11-04 17:30:26 BE1263EE0CB8CF942FC35CC86E0C3941 12853760 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-11-04 17:30:26 B87A11C95703AB19ACB43993DDA0F1A3 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-11-04 17:30:26 AFC4F34507B555D1C9C4F049CCA1475F 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-11-04 17:30:26 9F4234838400CC3A964AF53DE4410A50 2279936 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-11-04 17:30:26 8C9BCE16E894D4FBCE151F4A5FE05F55 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-11-04 17:30:26 816B489E2BBFE2479C844AAD486ABB42 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-11-04 17:30:26 73189A2739491ABB556872737C501F8E 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-11-04 17:30:26 584E6632F1F4027AB64DEB0F4139E7D7 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-11-04 17:30:26 4A3CA2C73C4D66A90C63E9E532746020 480256 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-11-04 17:30:26 12DCE9300FF5B74DC2F7DBAC96B0614E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-11-04 17:30:25 E401E66CCB2AE219CF41F7F901C410C1 2011136 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-11-04 17:30:25 DE53F76D63CA64E172B336BC7CFF6EDA 4527616 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-11-04 17:30:25 CEDBC9DBD9800E0EE81B0840EBC2BAC5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-04 17:30:25 A25C9DD040CA9799C2A7E41732D0752A 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2015-11-04 17:30:25 5EE17D52CAF79663211C01C614594620 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-11-04 17:30:25 17B66052348D3A3681A9411EDD839E18 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-11-04 17:30:24 A7012A7032207D1C16B7236EDF91F4BB 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-11-04 17:30:03 C19537A50B723E0F7B53D413163B35EE 3936192 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-04 17:30:02 9E83A4F6E776F7A3E5F7FB90180FBC0B 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-11-04 17:30:02 63FD03CED9739062E9B94F0D1E54A406 3990976 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-04 17:30:00 CA504606753BD62FA3128D3056320264 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-11-04 17:30:00 22BF275468F714A4F7E6F36449D1DCE2 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-11-04 17:30:00 0834E70A068360D85CDC47697A4B7898 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-11-04 17:29:59 C7293C9340BDC8291F6718913F3F7B14 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-11-04 17:29:59 6D16D1B9DB2526B985BBB9B27A56B70B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-11-04 17:29:59 4EB6A0445891D56D56BB4580B3906BEA 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-11-04 17:29:58 D9F5F78F8EA5749CA651B71335A96421 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-11-04 17:29:58 D8269205300BB593C3698BB77178E8D3 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-11-04 17:29:58 C142CBB756205146B88DDB66D00BFE66 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-11-04 17:29:58 C00E4CD3AC3A0D8E339635E06546B77D 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-11-04 17:29:58 8A4ED460B6557EDCA637236073794DFF 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-11-04 17:29:58 6848FA8B421A0CEC8990AFE7A615574F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-11-04 17:29:58 5FC0F48FD38D0AC7FC54EBEFBC3F69C5 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-11-04 17:29:58 3FA49981A847AE62259E6AEB585C84B8 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-11-04 17:29:58 2464CEAC16185B73774662AC625F695D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-11-04 17:29:58 2421C989BF8485B6A9EBBAC35ACADF1D 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2015-11-04 17:29:58 1ADCC4F94981430FE968EE992353C535 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-11-04 17:29:58 15192FC6BFCB37AE43A645A9C84AEF2F 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2015-11-04 17:29:57 B421B311420FD650BE3B25EAC217E685 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-11-04 17:29:57 1BE5DF925C30D9D1FAD1212FB215E469 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-11-04 17:29:56 FE7B23203C757148CBCCA0A39EAD3C59 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-11-04 17:29:56 D414A645F6853BB2C8A24B85C1C86581 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-11-04 17:29:56 64B92847AA0945992BB49B62D9B0440E 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-11-04 17:29:56 09BA6677E9CCBB1884CD0FB24F6EF584 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-11-04 17:29:34 F1BAAC5C7B35968EFAB7C21C32ECBB28 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-11-04 17:29:34 D714B7F77DB7E1D81CBFCE8DDCDCC5FE 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-11-04 17:29:34 B35154CD5A10368ED3DB277BB38012B3 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-11-04 17:29:34 5670A441F06AE04D2B587D1BD2DC1DC0 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-11-04 17:29:34 1E643C501E621F91776F9F9AC226FADF 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-11-04 17:29:27 F811B932E3DBA308014F8C870F752F16 12875776 ----a-w- C:\Windows\SysWOW64\shell32.dll 2015-11-04 17:29:26 5CB2886338C82E388F68557E2745200F 1498624 ----a-w- C:\Windows\SysWOW64\ExplorerFrame.dll 2015-11-04 17:27:35 0D0FF2A38473552DDFF4F21756700F9B 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-11-04 17:30:28 9AEE2A881FD10E6A463588303D8027AD 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-11-04 17:30:28 80E9DF296F127B3BC965EBC5A2C8F044 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-11-04 17:30:28 3A0773E21355B41176ACAD8BB099D9B3 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-11-04 17:30:27 BF8A5B4E696F4E8F3B2B5E9902467418 720896 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-11-04 17:30:27 9E0D0522908C1106E0D77708CB9926FE 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-11-04 17:30:27 521E1A87D4F750FD9694DBF3AB37B38F 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-11-04 17:30:26 F6F91F217D760981017E4AA4F1C7E633 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-11-04 17:30:26 D661A17B4634171C58373699CBD6455B 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-11-04 17:30:26 8A2A46DD0C51E5D2D0A2EF2AA289DA4D 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-11-04 17:30:26 6E1EEB1CE2F9F3AB14A9E8A6B1E82455 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-11-04 17:30:26 4AEB3F2FB0CC23A18ED997F6C0476819 391784 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-11-04 17:30:26 3295B811A0260C0A5B346ECB73C5FCF0 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2015-11-04 17:30:26 2A898891EB7FBCF0774F0B96AAD05561 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-11-04 17:30:26 12C1DECE9502828C0A5ADB50AB1673A0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-11-04 17:30:25 E91FD3ACC10C971CBA991FCD058ABB58 2886656 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-11-04 17:30:25 A865136AC6436533E0A4A3C67F259401 585728 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-11-04 17:30:25 84C63F3D2D488A918A947E06BD1105EF 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-11-04 17:30:25 7C3050383491011FEDD40961A37A2D99 2126336 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-11-04 17:30:25 0FA614470B3A78FC5B8F3F3F742B9837 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-11-04 17:30:24 BC92D9D88959542FBAF1F8CF21F86B38 14458368 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-11-04 17:30:24 88D3F690043A1AA43F33DEC6DDA82178 616960 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-11-04 17:30:24 45A56A2CC2D6A4B649B7DC3B5DF259FF 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-11-04 17:30:23 E36C7069B9C56DF9A53DD4FA5DCDDE72 5990912 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-11-04 17:30:23 B0917E6238C1675E48CFE64947DD9FD9 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-11-04 17:30:23 5175A9C2C71D49394424C07CA856B803 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-11-04 17:30:23 4A9FFAC9325EFFDEFD7E8C0830B0ABEC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-11-04 17:30:23 454669BB12162610D93954BCC942A41C 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-11-04 17:30:23 373B3EFBBF1A2706F8660C4DE4202694 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2015-11-04 17:30:23 1DE918244ED8AB9D3F2C4B9A1F91A24D 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-11-04 17:30:22 BEA081F4F2D507D6461B142AB11995B3 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-11-04 17:30:22 BD06D875FB79E92DAF724C91DE743AFA 2487808 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-11-04 17:30:22 99BA96F5AC545D857E662A9FC576D919 25851904 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-11-04 17:30:22 58DD42AC31D1F86D303BAAF5955A59BA 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-11-04 17:30:22 0783994A921469A6E97F3117AA0934DD 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-11-04 17:30:03 3FE5671328B8A655F766D872D12DC373 5569472 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-11-04 17:30:02 6C190505923A971F0474F8BA8DA50789 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-11-04 17:30:02 11C18D613F66CB5CE829B821599ED339 1164800 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-11-04 17:30:01 91DDAFAFCEC3E360881FE35AF06B9EE4 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-11-04 17:30:00 F337ACC4CF6B9DFBE46D9A7E54E10756 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-11-04 17:30:00 EE035334B7A58C7F748C3D0394574A35 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-11-04 17:30:00 CD349AD99C801523B55030AC234CC1EF 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-11-04 17:30:00 A06A96A26FE0BE22B08B641362296B68 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-11-04 17:30:00 5B9427E47B86AFDA813A8D252713FC35 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-11-04 17:30:00 5401C9D2F4B0A98B60259C621DDF1EB6 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-11-04 17:30:00 4AD1C61152A0199E3D7F9A82C07AC629 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-11-04 17:30:00 365480590A46ECB0E4BF1DBD7BC69713 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-11-04 17:30:00 338FD40323ADD43B5C94B4A6CB91874B 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2015-11-04 17:29:59 E43F36D0B4C674FEA2C992564A3E0F28 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-11-04 17:29:59 D2BF3CD0F66139B5F1BA1D35C6613E78 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-11-04 17:29:59 96DE914D834FD7809A1720AF5D913C96 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-11-04 17:29:59 06AA22DBBD294BB40F01E23BF826AA9C 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-11-04 17:29:58 FCFE939A325054DFC69E1D8C58751A62 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-11-04 17:29:58 E9CCB68290F27837A3D7058FEB51F7A8 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-11-04 17:29:58 E91002F7EC3A9BF7F62BF1E215A32451 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-11-04 17:29:58 D2E2A613EBD0C959E72556C3A63A6B4A 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-11-04 17:29:58 C0EC18A77CBE5505019AF1BEB6CE824D 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-11-04 17:29:58 95E4E6C645175731B1DC8084329121AA 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-11-04 17:29:58 8F15F0D6F42A2B8A58EDD1AA55D7FB98 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-11-04 17:29:58 8260FD420E49C1E3DD6539BCEA2B376E 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-11-04 17:29:58 78461527B753B9A6043038AEF25745D3 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-11-04 17:29:58 5424EC756808C1002457033D969115C7 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-11-04 17:29:58 4E10C0CD94FD2E9F04B0AA11C4DB1592 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-11-04 17:29:58 3CF93F8BA5016A86073F7ACE4A225D69 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2015-11-04 17:29:58 23682AD752DE308760672C84A7E74554 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-11-04 17:29:57 023394934150F7EC547EBCC2107EEA5F 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-11-04 17:29:56 DD01EBF9D35E614CAEA1BF4876B07134 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-11-04 17:29:56 B5D2DF46AB955A070F67FF192C52E7BD 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-11-04 17:29:56 7CDA2FE5F02370B5879DF8D35133B0E1 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-11-04 17:29:34 F62A6979E13872D744BA69F4F78109B8 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-11-04 17:29:34 CDBE532602413E7FB0C395024749C7AA 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-11-04 17:29:34 C64959F2D2EE6EDB96916902962D48B9 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-11-04 17:29:34 B2AA75E472BAB24818915342E44FF2AD 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-11-04 17:29:34 9D3A6E1660B3D6BF63E83A901D1109BB 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-11-04 17:29:34 500B7A762291EC4EE4B445337956BDBC 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2015-11-04 17:29:34 4AA4838D59A51B3B5A6C2BFC2092FDEC 3168768 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-11-04 17:29:34 3E89AD28893A8E9C1F01D2A162C7D457 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-11-04 17:29:34 361845875ED8ED13086E7F37265C45DA 2608128 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-11-04 17:29:34 24E1CD4E823628943540A63187AC282E 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-11-04 17:29:34 246FD89B6B5521AD2CE1C560D666BAD7 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-11-04 17:29:28 885B08E5EC912D2680F533094B87770D 14176768 ----a-w- C:\Windows\Sysnative\shell32.dll 2015-11-04 17:29:26 0F08BB62CD162883E9A3004BBE7914BD 1866752 ----a-w- C:\Windows\Sysnative\ExplorerFrame.dll 2015-11-04 17:29:24 24E487B411B159BC2DE05476DE4C1B44 3210240 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-11-04 17:29:21 F03EA93F045D009830C890010750B34A 25432 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-11-04 17:29:21 AFE7905DD772DEA54B9C443C6634740A 700416 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-11-04 17:29:21 9F780E22C79AACBF3A93F6ACDE2A4E0A 766464 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-11-04 17:29:21 952D66DCA6CB744381B7298F8AAE994F 73216 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-11-04 17:29:21 21C89857E5671990BBF2B430BD75B9C9 1291264 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-11-04 17:29:21 1AC3E0E57844764B0CA6D2BF0F76C773 503808 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-11-04 17:29:21 14A5CC0EE60278D483A88124B88F3524 1163776 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-11-04 17:27:36 87FEDB1FF42C3A10FFE2CE95AB2AF306 616360 ----a-w- C:\Windows\Sysnative\winresume.efi 2015-11-04 17:27:36 541B7C53EDA8F84790A593B13FB32E56 692672 ----a-w- C:\Windows\Sysnative\winload.efi 2015-11-04 17:27:35 B6C85437FDC8EC6464BE359D41BBC3F7 59392 ----a-w- C:\Windows\Sysnative\appidapi.dll 2015-11-04 17:27:35 B17B1E5FB5CE63DA4DB4D49E3683487F 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2015-11-04 17:27:35 ABC373B9C6275D45F17DB559408FFD1B 32768 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2015-11-04 17:27:35 7503BAD9B2A08B8A95319F7C0CA9F869 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2015-11-04 17:27:35 7030F95F994B2F2CCC1C521E342369DB 147456 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe ====== C:\Windows\Sysnative\drivers ===== 2015-11-04 17:30:01 3A8C03156C3E31E70EF84E48CA179B46 97112 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-11-04 17:29:59 C6330F7C2E92A00E6773E82F79078AFC 157016 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-11-04 17:29:58 ACB6782973BD93760D597FC7BB37E692 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-11-04 17:29:58 8C0376974AA28398FF501E78C04ACB30 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-11-04 17:29:58 262BF7BB7D0E44CFAA9B12A1E0A6EDF1 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-11-04 17:27:35 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2015-10-19 12:32:18 A77AF0ABA67969E7AC28B34E686ACC5C 315312 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-11-08 15:55:15 -------- d-----w- C:\Program Files\StudioPortable ======= C:\PROGRA~2 ===== 2015-11-08 13:59:54 -------- d-----w- C:\PROGRA~2\7-Zip ======= C: ===== ====== C:\Users\Cronos\AppData\Roaming ====== 2015-11-06 21:49:37 -------- d-----w- C:\Users\Cronos\AppData\Local\transmission 2015-11-04 17:29:41 -------- d-----w- C:\Users\Cronos\AppData\Local\GWX 2015-11-04 17:23:12 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software 2015-11-04 17:23:12 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-11-04 17:21:47 -------- d-----w- C:\Users\Cronos\AppData\Local\Avg ====== C:\Users\Cronos ====== 2015-11-08 23:49:01 5E5AF17D82EC74646B33587B54F94D4A 1712128 ----a-w- C:\Users\Cronos\Downloads\AdwCleaner.exe 2015-11-08 14:13:44 D801FF09E22A8A6B27D0505ABF1B72C3 1310075 ----a-w- C:\Users\Cronos\Downloads\YUMI-2.0.1.9.exe 2015-11-08 13:59:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-08 13:59:41 D808CCD899F1F1B477CB3D1D8BC4AAE2 1091659 ----a-w- C:\Users\Cronos\Downloads\7z1510.exe 2015-11-08 11:23:28 E4DD18766FEACC72FA0C3588664622DC 3503616 ----a-w- C:\Users\Cronos\Downloads\Fotowall 0.9 WinXP Vista 7.exe ====== C: exe-files == 2015-11-08 23:49:01 5E5AF17D82EC74646B33587B54F94D4A 1712128 ----a-w- C:\Users\Cronos\Downloads\AdwCleaner.exe 2015-11-08 14:13:44 D801FF09E22A8A6B27D0505ABF1B72C3 1310075 ----a-w- C:\Users\Cronos\Downloads\YUMI-2.0.1.9.exe 2015-11-08 13:59:54 CD7B31AD979FAD578CC97C579C0C70AA 14336 ----a-w- C:\Program Files (x86)\7-Zip\Uninstall.exe 2015-11-08 13:59:54 C8DCF04597C913AF685A770572EA2A8E 264704 ----a-w- C:\Program Files (x86)\7-Zip\7z.exe 2015-11-08 13:59:54 96605355231C8AD668CD822D51F6B2E9 332800 ----a-w- C:\Program Files (x86)\7-Zip\7zG.exe 2015-11-08 13:59:54 5A454EDB2CC2D5B406ED973E83DD4B39 489984 ----a-w- C:\Program Files (x86)\7-Zip\7zFM.exe 2015-11-08 13:59:41 D808CCD899F1F1B477CB3D1D8BC4AAE2 1091659 ----a-w- C:\Users\Cronos\Downloads\7z1510.exe 2015-11-08 11:23:28 E4DD18766FEACC72FA0C3588664622DC 3503616 ----a-w- C:\Users\Cronos\Downloads\Fotowall 0.9 WinXP Vista 7.exe 2015-11-04 17:30:28 9AEE2A881FD10E6A463588303D8027AD 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-11-04 17:30:27 BF8A5B4E696F4E8F3B2B5E9902467418 720896 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-11-04 17:30:27 1A480EC5EFC71B92735BB420E2B92348 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-11-04 17:30:26 7FD2748E2B08B5E9FD6FF73669B2ECBF 818264 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-11-04 17:30:26 2D59CD5D6C1DCB3507431281BDBF935F 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-11-04 17:30:26 2A898891EB7FBCF0774F0B96AAD05561 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-11-04 17:30:26 03AE49CC0AD731C579E4041921450266 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-11-04 17:30:25 E4509963A72F1941B17DA730BB94AD20 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-11-04 17:30:25 5F95E34F57E2E85295510EEEF724012D 815720 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-11-04 17:30:25 17B66052348D3A3681A9411EDD839E18 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-11-04 17:30:23 B0917E6238C1675E48CFE64947DD9FD9 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-11-04 17:30:03 C19537A50B723E0F7B53D413163B35EE 3936192 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-04 17:30:03 3FE5671328B8A655F766D872D12DC373 5569472 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-11-04 17:30:02 63FD03CED9739062E9B94F0D1E54A406 3990976 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-04 17:30:00 5B9427E47B86AFDA813A8D252713FC35 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-11-04 17:30:00 5401C9D2F4B0A98B60259C621DDF1EB6 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-11-04 17:29:58 D2E2A613EBD0C959E72556C3A63A6B4A 112640 ----a-w- C:\Windows\System32\smss.exe 2015-11-04 17:29:58 C00E4CD3AC3A0D8E339635E06546B77D 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-11-04 17:29:58 95E4E6C645175731B1DC8084329121AA 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-11-04 17:29:58 5FC0F48FD38D0AC7FC54EBEFBC3F69C5 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-11-04 17:29:58 5424EC756808C1002457033D969115C7 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-11-04 17:29:57 B421B311420FD650BE3B25EAC217E685 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-11-04 17:29:56 09BA6677E9CCBB1884CD0FB24F6EF584 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-11-04 17:29:34 CDBE532602413E7FB0C395024749C7AA 140288 ----a-w- C:\Windows\System32\wuauclt.exe 2015-11-04 17:29:34 B35154CD5A10368ED3DB277BB38012B3 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-11-04 17:29:34 9D3A6E1660B3D6BF63E83A901D1109BB 37888 ----a-w- C:\Windows\System32\wuapp.exe 2015-11-04 17:29:23 D8AF0D6A806ADA9660C55DD891E80AF2 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe 2015-11-04 17:29:23 4FCAED5CA1A9C704DBF172283A283B53 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 2015-11-04 17:29:21 F03EA93F045D009830C890010750B34A 25432 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2015-11-04 17:27:35 B17B1E5FB5CE63DA4DB4D49E3683487F 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe 2015-11-04 17:27:35 7030F95F994B2F2CCC1C521E342369DB 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe 2015-11-04 17:26:10 D3F0E4F448CFD98F60D55D01A97939E7 707072 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe 2015-11-04 17:26:10 A45BD2EFB89B0870E8D46E36A101FA50 418304 ----a-w- C:\Windows\System32\GWX\GWXUX.exe 2015-11-04 17:26:10 8C1FAC4BA4A1A3F4991763FA01527CB9 523264 ----a-w- C:\Windows\System32\GWX\GWX.exe 2015-11-04 17:26:10 7E925A9A931C8AE2B15EC801BE0183D6 388400 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe 2015-11-04 17:26:10 26A2294858EA67A297D8A4920A0AF71C 360960 ----a-w- C:\Windows\System32\GWX\GWXDetector.exe 2015-11-04 17:26:10 0D400710E06F502D715853A5AF1FF98C 445952 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe 2015-11-04 17:21:44 359E0E559B0169051CEA6FE796804C04 360872 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgndisa.exe 2015-11-04 17:20:49 CB49115481D5CDE6F5B44FA424A7C3BF 24488 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe 2015-11-04 17:20:49 BB04EE204FBB5F925F408B0857994DAF 25512 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe 2015-11-04 17:20:49 922C08C5DFDE261049CEB8189F1EE3BA 6922928 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe 2015-11-04 17:20:49 357FD727079C5F0E1C7DC11B4DB9D3DB 71592 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe === C: other files == 2015-11-08 16:07:23 697A2E19D62AF33EFA62D7732B2CBF65 25612 ----a-w- C:\Program Files\StudioPortable\Data\Spoon\Sandbox\Spoon Studio\12.0.340.17\local\stubexe\0xD54F27C412938BF7\Studio.com 2015-11-06 21:49:55 B3902CA8BDDA92DDB4E1DBA8178B906F 1406 ----a-w- C:\Users\Cronos\AppData\Local\transmission\cache\favicons\desync.com 2015-11-06 21:49:55 914EE9B48A579FB7FE651E699759C602 99678 ----a-w- C:\Users\Cronos\AppData\Local\transmission\cache\favicons\demonii.com 2015-11-04 17:30:01 3A8C03156C3E31E70EF84E48CA179B46 97112 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-11-04 17:29:59 C6330F7C2E92A00E6773E82F79078AFC 157016 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-11-04 17:29:58 ACB6782973BD93760D597FC7BB37E692 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-11-04 17:29:58 8C0376974AA28398FF501E78C04ACB30 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-11-04 17:29:58 262BF7BB7D0E44CFAA9B12A1E0A6EDF1 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-11-04 17:29:24 24E487B411B159BC2DE05476DE4C1B44 3210240 ----a-w- C:\Windows\System32\win32k.sys 2015-11-04 17:27:35 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\System32\drivers\appid.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3820229090-3648224812-387460116-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Greenshot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Greenshot" "hkey"="HKLM" "command"="C:\\Program Files\\Greenshot\\Greenshot.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/11/2015 12:39] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{87DF1520-7E0F-464F-AA28-F8646DAC7CF2}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\l8n7map7.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.search.defaultenginename", "Google Default"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\l8n7map7.default - WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - ImageHost Grabber - %ProfilePath%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi - Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi - Google Image Search - %ProfilePath%\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Cronos\AppData\Roaming\Mozilla\Firefox\Profiles\l8n7map7.default D13E512E46959CF40CE623247D047EB0 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_195.dll - Shockwave Flash ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cronos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cronos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Cronos\AppData\Local\Mozilla\Firefox\Profiles\l8n7map7.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=37 folders=25 9907220 bytes) ==== Empty Temp Folders ====================== C:\Users\Cronos\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Cronos\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 09/11/2015 at 17:28:53,86 ======================