Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Hans on za 16/01/2016 at 17:30:39,35. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hans\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 16/01/2016 17:31:45 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\Users\Hans\AppData\Local\VirtualStore deleted successfully C:\Users\Petra\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Creative Cloud Adobe Digital Editions 4.5 Adobe Flash Player 20 ActiveX Adobe Flash Player 20 NPAPI Adobe InCopy CC 2015 Adobe Refresh Manager Adobe Shockwave Player 12.1 Belgium e-ID middleware 4.1.5 (build 1639) Citrix Online Launcher Dell 2155 Color MFP Adresboek-bewerker Ver.1.0.3.0 Dell 2155 Color MFP ScanKnop-manager Ver.1.0.1.0 Dell Printersoftware Dragon NaturallySpeaking 13 Elektronisch Groene Boekje Elite Dangerous Launcher version 0.4.4084.0 ESDNOW Software Protection Technology v2.1.4 Fences Google Chrome Google Update Helper Intel(R) Chipset Device Software Intel(R) Management Engine Components Intel(R) ME UninstallLegacy Intel(R) Network Connections 19.1.51.0 Intel(R) Rapid Storage Technology Intel(R) USB 3.0 eXtensible Host Controller Driver Intel© Trusted Connect Service Client Java 8 Update 66 Java 8 Update 66 (64-bit) Java Auto Updater K-Lite Codec Pack 11.2.8 Full McAfee SecurityCenter McAfee Virtual Technician McAfee WebAdvisor memoQ 2015 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Office 365 - nl-nl Microsoft OneDrive Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Microsoft WSE 2.0 SP3 Runtime MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA-configuratiescherm 353.30 NVIDIA 3D Vision controllerstuurprogramma 352.65 NVIDIA 3D Vision stuurprogramma 353.30 NVIDIA Grafisch stuurprogramma 353.30 NVIDIA HD Audio-stuurprogramma 1.3.34.3 NVIDIA Install Application NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA Stereoscopic 3D Driver Office 16 Click-to-Run Extensibility Component Office 16 Click-to-Run Licensing Component Office 16 Click-to-Run Localization Component Open XML SDK 2.0 for Microsoft Office Open XML SDK 2.5 for Microsoft Office PaperPort Image Printer 64-bit PDFCreator Realtek High Definition Audio Driver Scansoft PDF Professional SDL Language Cloud Add-ins SDL MultiTerm 2014 SP2 - Remove suite of products SDL MultiTerm 2014 SP2 Convert SDL MultiTerm 2014 SP2 Core SDL MultiTerm 2014 SP2 Desktop SDL MultiTerm 2014 SP2 Word Integration SDL Trados 2014 SP2 - Remove suite of products SDL Trados 2015 - Remove suite of products SDL Trados Legacy Compatibility Module for Studio 2014 SDL Trados Studio 2014 SP2 SDL Trados Studio 2015 SDL WorldServer Components Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) SkypeT 7.6 Software voor Intel© Chipset-apparaten Stardock Fences 2 Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5) swMSM Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TeamViewer 10 Van Dale Groot woordenboek technische update 2015 Van Dale Grote woordenboeken (set) 6.10 VLC media player WinRAR 5.21 (64-bit) ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe C:\Program Files (x86)\SDL\SDL Language Cloud Add-ins\BCMConverterWindowsService.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Windows\SysWOW64\nalserv.exe C:\Windows\SysWOW64\nlssrv32.exe C:\Program Files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe C:\Program Files (x86)\SDL\SDL Trados Studio\Studio3\ProductTelemetricsService\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Users\Hans\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\ProgramData\FLEXnet\Connect\11\agent.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\pdfPro5Hook.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Users\Hans\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Hans\AppData\Local\RAIDar deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\RENF024.tmp deleted C:\Windows\Syswow64\~.tmp deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 16327 MB CPU Info: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz CPU Speed: 3621,9 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce GT 730 | NVIDIA GeForce GT 730 | NVIDIA GeForce GT 730 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 2048 X 1152 - 32 bit Network: Network Present Network Adapters: Intel(R) Ethernet Connection (2) I218-V CD / DVD Drives: 1x (D: | ) D: ASUS DRW-24F1ST a Ports: COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 232,8GB Hard Disks - Free: C: 84,6GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/19/15 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. H97M-PLUS Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: McAfee Antivirus en antispyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Antivirus en antispyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} Default Browser: Google Chrome 47.0.2526.111 Internet Explorer Version: 11.0.9600.18163 Google Chrome version: 47.0.2526.111 Adobe Reader version: 15.10.20056.167417 Sun Java version: 1.8.0_66 (32-bit) Sun Java version: 1.8.0_66 (64-bit) Flash Player version: 20.0.0.267 Shockwave Player version: 12.1.9r159 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Hans\AppData\Local\Temp ==== 2016-01-13 19:27:23 2504A1F4DA3B06B47CF2F81AFB365B79 585824 ----a-w- C:\Users\Hans\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-01-09 15:25:39 0F316043BFD136A509347148D203D541 151368 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\ISBEW64.exe 2016-01-09 15:25:27 FC49EDA1E0DC491E8CE4A4E0E814F1F1 346456 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\_isres_0x0407.dll 2016-01-09 15:25:27 B4AD99AB766542884E5C7576F4817593 342360 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\_isres_0x0410.dll 2016-01-09 15:25:27 94D918F4F4B75E63D52E7FBE58A35948 346456 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\_isres_0x040a.dll 2016-01-09 15:25:27 8AC078212DE9D00591C55E6F7B61AFF0 286536 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\ISRT.dll 2016-01-09 15:25:27 82DD4895BD7386CBC66F0BC557584E9C 342360 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\_isres_0x0413.dll 2016-01-09 15:25:27 82BE49BF0A5E2746D2F867F51ADCEF98 346456 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\_isres_0x040c.dll 2016-01-09 15:25:27 671750B16CF399F641DEDAC50F003F13 331080 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\ISBEWI64.exe 2016-01-09 15:25:27 585C8136645966DE70395843DAAFD3F6 559560 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\_isres_0x0409.dll 2016-01-09 15:25:27 0F316043BFD136A509347148D203D541 151368 ----a-w- C:\Users\Petra\AppData\Local\Temp\{2941C652-412D-4D2D-A7A6-840A84536CA0}\ISBEWX64.exe 2016-01-09 13:56:56 DE395ADB369470A953A11B8C300697E2 35680 ----a-w- C:\Users\Hans\AppData\Local\Temp\i4jdel0.exe 2016-01-08 18:00:43 1BD443BE12DA7D61B9FD10B14C7593F3 4096 ----a-w- C:\Users\Petra\AppData\Local\Temp\3m01seze.dll ====== Java Cache ===== 2016-01-13 19:30:36 4F85459CEC4F78A3987FFFD5B6A816C5 605 ----a-w- C:\Users\Hans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-5dce37a3 2016-01-13 19:30:36 4C4521CD31CF3F02965F32A14F715734 428 ----a-w- C:\Users\Hans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-78e96a5ccf5c5b6a29dcdffe1d16c989d010904d54059e7b28aad8dacf6a56c9-6.0.lap 2016-01-13 19:30:36 C9588417B10E1D770E3E5DA1F3510AE5 8425 ----a-w- C:\Users\Hans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-1439722c 2016-01-13 19:30:39 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Hans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-7d5d0f06 ====== C:\Windows\SysWOW64 ===== 2016-01-13 11:48:54 BBCD95BC468665A596D7ED2D6233A34E 509952 ----a-w- C:\Windows\SysWOW64\qedit.dll 2016-01-13 11:48:54 4489D5077C5D2396E3A94D652ADAE1CA 14336 ----a-w- C:\Windows\SysWOW64\fixmapi.exe 2016-01-13 11:48:54 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapistub.dll 2016-01-13 11:48:54 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapi32.dll 2016-01-13 11:48:53 FEAEA5182DB9072EBD493466F8608EB8 1568768 ----a-w- C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-13 11:48:53 EDCAA72A69E36517F1493F09B8A834F7 829952 ----a-w- C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-13 11:48:53 EDB8F80672DBF24C6C522A29F5854F14 153600 ----a-w- C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-13 11:48:53 D1450810490EB170A182C4AC915CB87C 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-13 11:48:53 B25C60E9ED641AFF18198CBF6C288DB8 740352 ----a-w- C:\Windows\SysWOW64\wmpmde.dll 2016-01-13 11:48:53 B049A75BD074FC465D2BCE2BF5B15D75 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2016-01-13 11:48:53 A0448DC7978E550FE64B9A984522B963 815616 ----a-w- C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-13 11:48:53 96FF617934E6A87AA810719D1D911DA9 541184 ----a-w- C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-13 11:48:53 89FBB1C25E02767572AB1F136EE8CD04 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll 2016-01-13 11:48:53 7368176B23E9BE5D23ED9BFE1D58AC0C 902144 ----a-w- C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-13 11:48:53 71C9DDA9ED939361C1CA2CE21EA84DBF 665088 ----a-w- C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-13 11:48:53 65EED8B27B02573948434B583DACFB39 489984 ----a-w- C:\Windows\SysWOW64\evr.dll 2016-01-13 11:48:53 62851F0D13AD06F0042C8109E680421F 739328 ----a-w- C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 11:48:53 3CC0EF43C256D0A28C908F36AD06963D 970240 ----a-w- C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-13 11:48:52 FEB2B13697D1C482D84FB626A0F1F73A 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll 2016-01-13 11:48:52 D6A767B747F4D58EBDAAD1925DC863FA 206848 ----a-w- C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 11:48:52 BE2D4165A6845FEE05CBD36D8B41E518 193536 ----a-w- C:\Windows\SysWOW64\ksproxy.ax 2016-01-13 11:48:52 BBE4D9B89B3FBC97C0F381C2F9C4ADEF 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2016-01-13 11:48:52 A7FAA81D1622D6AF4467A81B42D30DBE 241152 ----a-w- C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-13 11:48:52 A4C85F362EBB7815676F1CD9CFC5BA59 4608 ----a-w- C:\Windows\SysWOW64\ksuser.dll 2016-01-13 11:48:52 936E6F6F76136BC73B13D25A254BC84B 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2016-01-13 11:48:52 92BBFF13DE00F30DABC03CFF59D8678E 609280 ----a-w- C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 11:48:52 8A2A7AA90CBA77DD44FBAE713B4B3877 415744 ----a-w- C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-13 11:48:52 7C135C38EC6586F7562CFBC184A514E2 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-01-13 11:48:52 78E7D511C9FB80ADC9A1DD22CCF66C0E 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2016-01-13 11:48:52 6B1BB70E72B573EBDF1235B77DF5706D 1325056 ----a-w- C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 11:48:52 66EB4C814BF7BD76CF7CBC7F562234BA 67584 ----a-w- C:\Windows\SysWOW64\devenum.dll 2016-01-13 11:48:52 5DCE986C8D7E91B455FB3D57BF955A2A 79872 ----a-w- C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-13 11:48:52 5CF623B21998B8F1D081D55910A0BDA7 206848 ----a-w- C:\Windows\SysWOW64\qasf.dll 2016-01-13 11:48:52 5342DCCA8EA8ED193ACAAD14A5046982 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll 2016-01-13 11:48:52 4FBCDC326769C31CB283981A51C867F3 53248 ----a-w- C:\Windows\SysWOW64\mfvdsp.dll 2016-01-13 11:48:52 41BAC1A440EAA15AD4CC15B0C7870AB0 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll 2016-01-13 11:48:52 2C838797F2F6138EF36C8964487775B9 358400 ----a-w- C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-13 11:48:52 24D74CF313DC62C65EEA4726AE2EB3F8 154112 ----a-w- C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-13 11:48:52 0697FF546D6D70AE7F77EF6398004153 241152 ----a-w- C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-13 11:48:50 D47060A0923B50FB9E4DD5D9DE0C7402 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-01-13 11:48:50 D120251F43699D6C08E13950C3C72978 20367360 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-01-13 11:48:50 CA0F8D2342A719DEA69C7840B0BB5F4B 2280448 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-01-13 11:48:50 C5B72E7048DEEE1B264D7155C77241C5 341192 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-01-13 11:48:50 B26FB4205FDB1542166C1D8D7D1968C0 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-01-13 11:48:50 AB90455CBD34BDE95F463C02C4D3FF50 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-01-13 11:48:50 A786A11EE4C05BC3AE924344F10275DE 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-01-13 11:48:50 8E5DD507EC43B5C738EB0289A9663670 687104 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-01-13 11:48:50 67527FD222AD6842F98A733DF52C8416 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-01-13 11:48:50 49FBB053E3AC19EEE92AE8492CDA7E91 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-01-13 11:48:50 3C9399B72F7FFB9EE63BB173B481340E 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-01-13 11:48:50 18B231ACA137116CF16DBE3EBD7FDB5D 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-01-13 11:48:50 06CEABA53DA48B45C2B23F52C8C9EA72 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-13 11:48:49 DAEFD0F03CA94242ACB5C3C1359176D3 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-01-13 11:48:49 D1348E7209031F20BC8864DA8CA2F955 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-01-13 11:48:49 CFA5159B0C90A82D28314571E8B64775 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-01-13 11:48:49 C5BF6D661A8EFB996AD5E4B88FFBD7FD 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-01-13 11:48:49 C2806F9A73E738CDC0718E5D7375BDCB 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-01-13 11:48:49 9DA0FD6D5B8E2FAD8967A617FD142C6D 2050560 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-01-13 11:48:49 862FF89AEF127D001ADBF75095D5ECB1 12856320 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-01-13 11:48:49 83F409B2EC14007F6D7E2EA485E6B7D9 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-01-13 11:48:49 73C47A23B212481ABF01924B5C74C140 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-01-13 11:48:48 FFA261B9252C71A6910B4F19FDC1EA57 2011136 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-01-13 11:48:48 D5E9072573EEE8DFEF63CD38640F6D35 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-01-13 11:48:48 6D7983A5DFD58E54159D2A03558D4BCE 4610560 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-01-13 11:48:48 424300DDB7A1B24199C9B481438F55E9 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-01-13 11:48:48 2C10833C0180FEE2AEB6DAEB76FD16E7 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-01-13 11:48:48 21784CDE61E83DBCB42DA6C2A374D69A 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-01-13 11:48:48 0DABE887449758C9E70FFB253A787D44 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-01-13 11:48:48 063A81A53400EA55D27AFC77C49A5B4B 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-01-13 11:48:37 E8D68D619AAF4E78850DF96B5E53EA03 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2016-01-13 11:48:36 7FD1DCF4F11C61621AE9279E26FADCF3 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2016-01-13 11:48:34 ED43479669D84DC8A4385E6AC2CF5A7F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2016-01-13 11:48:34 ECA0236432A1C2E695FD50C3AC4CAFCE 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2016-01-13 11:48:34 E149FE1FD23748986551F4E1F5752090 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2016-01-13 11:48:34 DC9222A325ACFC29E019013505AE33DB 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2016-01-13 11:48:34 D92212049589535FBB25B806FF8A20C5 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2016-01-13 11:48:34 CE283E9E462E8FC95F7DC5DAF39D09FA 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2016-01-13 11:48:34 BFDCF4944CC86AB5A59B605637C82090 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2016-01-13 11:48:34 BC5142F61047916EA677908F98F3A7C2 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2016-01-13 11:48:34 B9E8D6170C3325895EF3E1E5699A6F8B 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2016-01-13 11:48:34 AFCF45621028D4B6D252B1429A07A530 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll 2016-01-13 11:48:34 AE6E759632A0F931CFB626EED55C3E99 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-01-13 11:48:34 A8D4C2B034947F2445F5099E6B3173C8 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-01-13 11:48:34 9E02351A74A6F1FA0F46405583525959 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2016-01-13 11:48:34 8E3915AF90315E4ED96D4CAE316E8F21 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-01-13 11:48:34 80497842956847806BC7DAD11A18D9D4 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2016-01-13 11:48:34 69048141035DEDA0D3AFB28367622130 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2016-01-13 11:48:34 68EC4300B8EF8D7E2B857FABB91F3EFB 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2016-01-13 11:48:34 678A679C5E416A93A71DA3D4241692B0 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2016-01-13 11:48:34 5A3BF056627B6A7C348FD7AF420741E1 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2016-01-13 11:48:34 59541469E828B311B1E5EEA77E6F6BE7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-01-13 11:48:34 4743B91B77F4B8CEF891ABF00C1E0055 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2016-01-13 11:48:34 41560C9C4CCA31FC3B0CA192B113F68F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2016-01-13 11:48:34 16A3C3CCDB7ECFD2A72DAFED734B22BB 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2016-01-13 11:48:34 1615874D0262DA99E565D4FE6F74F7DD 3993536 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-01-13 11:48:34 1418C1A502A9540A4726B4935229E7B9 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-01-13 11:48:34 119F46197BABD04BE1E2DDD50E782DAC 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2016-01-13 11:48:33 EA5A0A356F6DB3D4177568FF084AD367 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-01-13 11:48:54 EC1E743D4DB6C6EBEDCEB4B4C8E1905A 1164800 ----a-w- C:\Windows\Sysnative\aeinv.dll 2016-01-13 11:48:54 D33DF59002203FED8DE6087256DFDE89 624640 ----a-w- C:\Windows\Sysnative\qedit.dll 2016-01-13 11:48:54 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapistub.dll 2016-01-13 11:48:54 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapi32.dll 2016-01-13 11:48:54 2FFBA1EAE28B45A92E2EA70C61C66F14 17920 ----a-w- C:\Windows\Sysnative\fixmapi.exe 2016-01-13 11:48:54 27221616A71A25E0B7065926FCC417A7 1307136 ----a-w- C:\Windows\Sysnative\msmpeg2adec.dll 2016-01-13 11:48:53 FF5D49FAA86DBD9033DABC1ABCEA3429 1232896 ----a-w- C:\Windows\Sysnative\WMADMOD.DLL 2016-01-13 11:48:53 E6A0093D872D860BEA437DF6C666DF89 632320 ----a-w- C:\Windows\Sysnative\evr.dll 2016-01-13 11:48:53 DB018B9F38BC34E9AE21C01448E810D2 1575424 ----a-w- C:\Windows\Sysnative\WMSPDMOE.DLL 2016-01-13 11:48:53 BF9CFEE3D22CE61E5B57C9B8A14F172D 1026048 ----a-w- C:\Windows\Sysnative\wmpmde.dll 2016-01-13 11:48:53 B7CBAC1F4175C1D59B197020268A290B 1153024 ----a-w- C:\Windows\Sysnative\WMADMOE.DLL 2016-01-13 11:48:53 B62CEF4A731EE983D440804A2B9DA0B1 642048 ----a-w- C:\Windows\Sysnative\WMVXENCD.DLL 2016-01-13 11:48:53 91E1D7BE8513032B5CCA26AFD0BF0ADC 666112 ----a-w- C:\Windows\Sysnative\WMVSDECD.DLL 2016-01-13 11:48:53 82AB148A0E747855F83F332FC83B254F 1573888 ----a-w- C:\Windows\Sysnative\quartz.dll 2016-01-13 11:48:53 759DF4479855EED0D78249798325D373 1955328 ----a-w- C:\Windows\Sysnative\WMVENCOD.DLL 2016-01-13 11:48:53 60957C2BD1C03CF395006FDBC29D2569 189952 ----a-w- C:\Windows\Sysnative\COLORCNV.DLL 2016-01-13 11:48:53 5EA57A6AD59D0785C9A390DF14736899 978944 ----a-w- C:\Windows\Sysnative\WMSPDMOD.DLL 2016-01-13 11:48:53 5BAEB6D045DA253787F3F1984B712835 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL 2016-01-13 11:48:53 55C3F89354C086EFFF1C5AAD1E808134 1160192 ----a-w- C:\Windows\Sysnative\MSMPEG2ENC.DLL 2016-01-13 11:48:53 530B3A72692DB253DE8BB8E8C11468DD 1010688 ----a-w- C:\Windows\Sysnative\mcmde.dll 2016-01-13 11:48:53 3B6466686CDC57453592E6188C3FA4DC 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2016-01-13 11:48:52 F094FCE25E33140B5F7AEE2E5BDF6931 3211264 ----a-w- C:\Windows\Sysnative\win32k.sys 2016-01-13 11:48:52 D66AE152C1EE7DA2548EC2AF4203025D 653824 ----a-w- C:\Windows\Sysnative\MP4SDECD.DLL 2016-01-13 11:48:52 D624DE0DED716916F69D495807C9D787 254464 ----a-w- C:\Windows\Sysnative\qasf.dll 2016-01-13 11:48:52 C62B3D8C69437192AA58AD6E380E4BC3 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll 2016-01-13 11:48:52 BEFEDC65A88D44153983455C699F81C8 100864 ----a-w- C:\Windows\Sysnative\MP3DMOD.DLL 2016-01-13 11:48:52 ACA7F078CAD7D225D4F2D973C9812225 250880 ----a-w- C:\Windows\Sysnative\ksproxy.ax 2016-01-13 11:48:52 A64D697EA82530530693AA2102FCA420 292352 ----a-w- C:\Windows\Sysnative\VIDRESZR.DLL 2016-01-13 11:48:52 A54381C84F3CEBF4D339778339D141F0 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2016-01-13 11:48:52 A2877C3165FCD229D1BFC9CC4FFC2B2E 2048 ----a-w- C:\Windows\Sysnative\mferror.dll 2016-01-13 11:48:52 9A2DCBE0A803AF0DF58D8B3EB041065E 447488 ----a-w- C:\Windows\Sysnative\WMVSENCD.DLL 2016-01-13 11:48:52 9524717B1B183A066E0516BFF2888D51 70144 ----a-w- C:\Windows\Sysnative\mfvdsp.dll 2016-01-13 11:48:52 8B995A315448ABFC6E41A200079E7DBA 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe 2016-01-13 11:48:52 777654DB4C306B22A5A54690A258650D 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe 2016-01-13 11:48:52 6D21051C8EA17C1DD0A6FD07CCAB8232 5120 ----a-w- C:\Windows\Sysnative\ksuser.dll 2016-01-13 11:48:52 6C6CF29B05DBCA772AED1551AF0DF6DF 76288 ----a-w- C:\Windows\Sysnative\devenum.dll 2016-01-13 11:48:52 6727B79444C3C8362DB4045E86152707 206848 ----a-w- C:\Windows\Sysnative\mfps.dll 2016-01-13 11:48:52 65BA8738CC3C21C62E746A1DDF04EC74 223744 ----a-w- C:\Windows\Sysnative\MP43DECD.DLL 2016-01-13 11:48:52 3AECE087DB6F663C2B7F538C81C60F64 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll 2016-01-13 11:48:52 2F0BA9348CB8D62FF8C28B4B83D57FA3 378880 ----a-w- C:\Windows\Sysnative\SysFxUI.dll 2016-01-13 11:48:52 2A8760952F296D6208FE5FC358ECD59A 484864 ----a-w- C:\Windows\Sysnative\MFWMAAEC.DLL 2016-01-13 11:48:52 294B7F30B70E0D7867F5EB69E630884A 225792 ----a-w- C:\Windows\Sysnative\RESAMPLEDMO.DLL 2016-01-13 11:48:52 18A11A96B3C1C9E2FD1E6137C8BD4018 224768 ----a-w- C:\Windows\Sysnative\MPG4DECD.DLL 2016-01-13 11:48:50 FEB22838B5A1EA29FAEBBEEA14107049 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-01-13 11:48:50 E8CA48B9CB7F0ACEA28DDDE9EFF22C80 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-01-13 11:48:50 E341F64F351629296178A872C7666620 718336 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-01-13 11:48:50 DA52C6C0BA729466416B3F086C97B570 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-01-13 11:48:50 5794608757509D090F5B48B0A1F7A192 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-01-13 11:48:50 16D24DE8CB771F481152CA186814CA16 2887168 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-01-13 11:48:49 D9A22C7E960A41500D5B76C31D3222D0 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-01-13 11:48:49 A32269075B35C5C9C2A3641A0E7AA0A5 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-01-13 11:48:49 7A566BAD311137B88DDF444D13C1C594 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-01-13 11:48:49 5794E3E7388205B0D7E87D665054A12A 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-01-13 11:48:49 4718E9DE3101969567EC0F148BF66006 387784 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-01-13 11:48:49 359B81512F7A45213180DD3D821F11BB 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-01-13 11:48:49 26509D490CC4DFE3291DC5E3847EBB14 798208 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-01-13 11:48:49 20773DBF4A2DC49785831FDA12530A0A 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-01-13 11:48:48 CF6B70A265ADA05CC55D57D9DE8B06E0 2123264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-01-13 11:48:48 B67D37636216B98F70064C3A2B295EF7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-01-13 11:48:48 9C9E498EA2527F96EC7ADDF3634BF624 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-01-13 11:48:48 7300C7AB7EF1CDE5C19EEB6970C71473 571904 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-01-13 11:48:48 65CCD789E06B82989596D584D1AE6D46 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-01-13 11:48:47 F66091A35F4810BD501CD7B65778D4B1 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-01-13 11:48:47 F604E67A3B37B21485DEE9CC14AA2AAB 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-01-13 11:48:47 AC8410A5877FFBC98D1ECFF949A2E0A4 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-01-13 11:48:47 9E30C99BBB024E1CFC4B9A387132B0BE 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-01-13 11:48:47 80322AAB422075922A0EA3CFEA35061C 14457856 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-01-13 11:48:47 789E93204829D6519F55D5A61586B7B5 6051328 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-01-13 11:48:47 65E6158EF33AE88A412D3CEB33A20F47 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-01-13 11:48:47 207D3D17F61029FD0FB7B6DF1244E5E2 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-01-13 11:48:47 0236A801C4907B13E5BADEE62EB3284B 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-01-13 11:48:46 FB3047038F1800A0891B4D35F40E4F59 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-01-13 11:48:46 DD2AC5827D111001E805C19786D2DE41 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-01-13 11:48:46 8100C63E02EC310C0E8712D6603E3DBA 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-01-13 11:48:46 6AEBA30A9AF45D0C83385F48EC943426 25837568 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-01-13 11:48:46 5F08FC1143F907E990F0E1EB4C8E77F2 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-01-13 11:48:46 1258BDEE548BCD771DD35485CDD176EA 2487808 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-01-13 11:48:37 35A6E891DF89085216F18F5B998D6CB4 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll 2016-01-13 11:48:36 FD94F46A5B1A1F7638F52F0C98819DD4 705536 ----a-w- C:\Windows\Sysnative\invagent.dll 2016-01-13 11:48:36 CB1854DDBDDB963A5F189252E696BB43 1381376 ----a-w- C:\Windows\Sysnative\appraiser.dll 2016-01-13 11:48:36 C96B880CE00D71939A9E982307589029 210432 ----a-w- C:\Windows\Sysnative\aepic.dll 2016-01-13 11:48:36 C2CA43A7E2B9D47B2DAC703CAC6281B5 505856 ----a-w- C:\Windows\Sysnative\devinv.dll 2016-01-13 11:48:36 BD09F16C81099AC527F1C9CD7DB8119F 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll 2016-01-13 11:48:36 AD46BED774CF502E9C0100CFC29C1F82 405504 ----a-w- C:\Windows\Sysnative\gdi32.dll 2016-01-13 11:48:36 5510E75671B909D0D3FAB008144646B9 25024 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2016-01-13 11:48:36 3F4B89439044001B6E984DFA9A98B38C 792064 ----a-w- C:\Windows\Sysnative\generaltel.dll 2016-01-13 11:48:35 CD2249AEDD225CAB5CC88B40126C987F 344064 ----a-w- C:\Windows\Sysnative\schannel.dll 2016-01-13 11:48:35 35D570D5191EE48A6D5091033C71B7CE 729600 ----a-w- C:\Windows\Sysnative\kerberos.dll 2016-01-13 11:48:35 2E4FF62CC7B88ABBF59C242DED7F919F 5572544 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2016-01-13 11:48:35 1E22F3C99BB02A51179F9CCFEE242925 1214464 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2016-01-13 11:48:34 FE0C67D8D5D54F37B3A92E129A15C03A 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2016-01-13 11:48:34 FAF7892DD731F0649046B3AA3A5166AA 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll 2016-01-13 11:48:34 FACF1586F756E0B154EE6887FA017446 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2016-01-13 11:48:34 FA792622268EE423FC5E6AE23FB43599 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2016-01-13 11:48:34 FA3E172432AFA1A7D43847C7AC58812B 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2016-01-13 11:48:34 F6BD25ED678D2A5866FFC3355EC1E2C2 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2016-01-13 11:48:34 F557804C926BE42B0DCF0CB2AC138156 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll 2016-01-13 11:48:34 D55C59AD1C93B728AB508F4F6529ED8F 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2016-01-13 11:48:34 D23C252F866CE3599336D547722B4A9D 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2016-01-13 11:48:34 CE14A4BBF890A7D4C898CF886D145EC9 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2016-01-13 11:48:34 CB2A49FFC4390EC0C757B1FC07A07E17 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2016-01-13 11:48:34 CB0E57424A776C51EF42469064ADBF08 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2016-01-13 11:48:34 BBF3E0FAFE3179FFED231D2266247476 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2016-01-13 11:48:34 B29C53B81C690394A2327AB2609B55FE 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2016-01-13 11:48:34 B25B3DE2FA73735074CA62AFEFE4AE47 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2016-01-13 11:48:34 A582574464654555D17338C6657EF69B 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2016-01-13 11:48:34 928F79CDCE323CFEB221C7D2D539F86A 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2016-01-13 11:48:34 8645BD647D1ECEB0E6F90E01A4C412EA 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2016-01-13 11:48:34 7AC830607D940A3DABB8E5EB6EB22DF2 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2016-01-13 11:48:34 6872BBF984E6FA0AA910926D2F127372 1461248 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2016-01-13 11:48:34 5EBDD597DDCD94AE47CEFE6AFE41874A 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2016-01-13 11:48:34 5CB16703E4E4203C5B1D0717D16D48D6 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2016-01-13 11:48:34 56157CA130B661080B9DC97FE63F6D50 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2016-01-13 11:48:34 5124EA325CF0806FFA9514DC11593DA9 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2016-01-13 11:48:34 50AC63ADB9F92D5141703986C66AB61C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2016-01-13 11:48:34 499545FF756FA6AFFB4F6679EA88BCB1 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2016-01-13 11:48:34 2E479BB995A0C130D6FF9F55E7DDA61F 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2016-01-13 11:48:34 28E55B4DA450C29326A25BE29C72FB1B 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2016-01-13 11:48:34 10DDB11D4451AAB9A32FFCEE8045BA6F 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2016-01-13 11:48:33 377FEC833CC924E83029A83F99230663 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll ====== C:\Windows\Sysnative\drivers ===== 2016-01-13 11:48:52 C51B07394A087DA666A410DBFD26663A 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys 2016-01-13 11:48:52 647599CAE8CA0EF2FB09C4B150BC97FF 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys 2016-01-13 11:48:52 26FE888505E5A945B0536AF9A2A27A6F 5632 ----a-w- C:\Windows\Sysnative\drivers\drmkaud.sys 2016-01-13 11:48:34 C49F1C4CA74FC52AFB2E892D8E50EA39 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-01-13 11:48:34 A572BEF41F3C55D7DAF24D2340C91FEC 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-01-13 11:48:34 32B85C4923D895B2FB35821A799BA38D 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-01-13 11:48:34 28E75F316CCCD79337E4957C53017D4B 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-01-13 11:48:34 0F776895884B8DC430A307D57FD867BB 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-01-14 18:26:52 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-01-16 07:20:16 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2016-01-13 19:28:36 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-01-09 15:38:18 -------- d-----w- C:\PROGRA~2\COMMON~1\IVA 2016-01-09 15:38:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Nuance 2016-01-09 15:37:55 -------- d-----w- C:\PROGRA~2\Nuance ======= C: ===== ====== C:\Users\Hans\AppData\Roaming ====== 2016-01-13 19:49:15 -------- d-----w- C:\Users\Hans\AppData\Roaming\SDL 2016-01-12 07:54:23 -------- d-----w- C:\Users\Petra\AppData\Local\Apps 2016-01-11 19:17:18 -------- d-----w- C:\Users\Hans\AppData\Roaming\MPC-HC 2016-01-09 18:56:47 0742955BCA91F5B8793D5B461E5FBCC5 1435 ----a-w- C:\Users\Hans\AppData\Roaming\SAS7_000.DAT 2016-01-09 15:47:16 11AD9F3295F1F9A747F974E554C6D5EB 1475 ----a-w- C:\Users\Petra\AppData\Roaming\SAS7_000.DAT 2016-01-09 15:42:19 -------- d-----w- C:\Users\Petra\AppData\Roaming\Nuance 2016-01-09 13:32:54 -------- d-----w- C:\Users\Hans\AppData\Local\Diagnostics 2016-01-08 18:30:32 -------- d-----w- C:\Users\Petra\AppData\Local\Stardock 2016-01-08 18:28:36 -------- d-----w- C:\Users\Hans\AppData\Local\Stardock ====== C:\Users\Hans ====== 2016-01-14 18:26:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Hans\Desktop\RSITx64.exe 2016-01-13 19:09:20 95F9F318AEAC1187CA641E520280DF96 211312 ----a-w- C:\Users\Hans\Downloads\mvt.exe 2016-01-09 15:39:43 -------- d---a-w- C:\ProgramData\TEMP 2016-01-09 15:38:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 2016-01-09 15:37:56 -------- d-----w- C:\ProgramData\Macrovision 2016-01-09 13:53:27 84FFD9FAAD2E27DE9BA53230A7BCDDD8 2749240 ----a-w- C:\Users\Hans\Desktop\RAIDar.exe 2016-01-08 18:28:36 -------- d-----w- C:\ProgramData\Stardock 2016-01-08 18:25:10 A205D800B39E46BAD0C26142551284FD 9439496 ----a-w- C:\Users\Hans\Downloads\Fences2-cnet-setup.exe 2016-01-08 18:03:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDL Trados Studio 2015 Apps 2016-01-08 18:02:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDL Trados Studio 2015 ====== C: exe-files == 2016-01-16 07:19:39 876EA198EC46612A7AEE8C472EE2A348 118976 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE 2016-01-16 07:19:39 5466A5A28C60C354A40440A0D1EB690C 185536 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE 2016-01-16 07:19:38 DEAA020242A5BCE48C2DE8C324AF4092 223936 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLED.EXE 2016-01-16 07:19:38 93AE91192BC6D29AFF05EAC4D8786455 5469376 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CMigrate.exe 2016-01-16 07:19:37 D38CCE4669F50723EB69356B1422B057 8023744 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CMigrate.exe 2016-01-16 07:19:34 99155992F132B08F0FBAEEC6915BD4BA 49856 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe 2016-01-16 07:19:34 49BED6D8174D41DBE70330D4824F119F 10304192 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\PDFREFLOW.EXE 2016-01-16 07:19:34 36B9D0A6095B153EB278B80F21D31BF7 103104 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE 2016-01-16 07:19:33 B475E430AEE7B2EC8A5E50CB564FD58C 131776 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe 2016-01-16 07:19:33 55E925E51FAE416DED7EDBF531E63132 202928 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE 2016-01-16 07:19:33 1D1B195EC0D9BBF3FFEBB264491BC74B 192704 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOSQM.EXE 2016-01-16 07:19:33 0DC51B073B32104F3D21B1EA648AF8EE 19648 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\SmartTagInstall.exe 2016-01-16 07:19:32 454290BE1325874C115A4C9FC8CDF9B2 615592 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOICONS.EXE 2016-01-16 07:19:31 583A9527FC48A684EFB4945CCB2489CA 184552 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE 2016-01-16 07:19:31 53660CCFDDC26059C844B3ABE084BDD7 945872 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE 2016-01-16 07:19:31 3F41FD26E867FEA713DD119D54446A10 286384 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE 2016-01-16 07:19:31 266B8BF35A74DA2324BF4E7C14E9C793 3016360 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE 2016-01-16 07:19:29 BDE749E36C5D1DA2763F5105BD29E2CF 3686568 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE 2016-01-16 07:19:29 A957312105032D6D59F5C1C8C5F78317 317632 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE 2016-01-16 07:19:29 8DF686E8793DB2225CDB906B553ACD6B 1937600 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE 2016-01-16 07:19:29 21A77EC480B2A713413D6387839C12F8 38080 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe 2016-01-16 07:19:28 9ED92AB116FF9560F618EF7AD9E76574 1859776 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE 2016-01-16 07:19:27 E38719C2DB9903B03868FDA7863799B6 66752 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE 2016-01-16 07:19:27 CC6F770FF99FBF54FC87301993D12639 375488 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE 2016-01-16 07:19:27 B3E2DC6204056BFBE7C59A52C0D85360 3510440 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE 2016-01-16 07:19:27 9DB5A6B6401059A854BB375B16445285 752832 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\protocolhandler.exe 2016-01-16 07:19:27 5B62A250FB2B76C0A1F4F08772B3B394 57536 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE 2016-01-16 07:19:26 441FEA826550BEE726E8AE7E2874D493 576704 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE 2016-01-16 07:19:26 330E56384C1A712C91BF8F22DC5BB00E 24261312 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE 2016-01-16 07:19:25 DE75B94B30842DA7F533106991C31C45 773312 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\FIRSTRUN.EXE 2016-01-16 07:19:25 C8F21666EE357BCFC47E23D120DB01E2 533184 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOUC.EXE 2016-01-16 07:19:25 B5575EB4238AB5E41DB432EEBF786C26 201920 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe 2016-01-16 07:19:25 AF1A81C71866F7CCB15062B137B38289 111296 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE 2016-01-16 07:19:25 91C45FD990EAED6D5668FB2A08D13D74 466624 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE 2016-01-16 07:19:25 8259763329AF1F272F6D8737E17C8A6B 716480 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE 2016-01-16 07:19:25 3A805764D8D72C5DA665E7749F898B32 1691840 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE 2016-01-16 07:19:25 37C306DCE8477E53246EAA87D0A1133A 4417728 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE 2016-01-16 07:19:25 33CA2C9E7FB3AE8805057AB646458E3F 15765184 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE 2016-01-16 07:19:25 2804D3E30747810E2A6BB6DF858AB786 168640 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE 2016-01-16 07:19:25 1731048427149E2BAB8FB1BDCE3D855D 10657472 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE 2016-01-16 07:19:24 EF82F663F917ECBD48CB71EB2A447E25 25736896 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\excelcnv.exe 2016-01-16 07:19:24 D57676A5ABAC540FC36AB44B645FA549 88256 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE 2016-01-16 07:19:24 B3F69E67759EF07EBAA59576BA7BCF84 1027752 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe 2016-01-16 07:19:23 ABCB8675435D266569F8AC9E8B935D74 389824 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE 2016-01-16 07:19:23 07BA600CFFD7247EA72246D2BABBC47C 177856 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE 2016-01-16 07:19:23 0301F45687CCD31CA2ACEEDC98A90EB0 29121728 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE 2016-01-16 07:19:22 CA7751C680E844070E397A2A1370BD77 232640 ----a-w- C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE 2016-01-16 07:19:22 5655A952C17E3FD0C5EF1D734824A992 44224 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Flattener\Flattener.exe 2016-01-16 07:19:22 2F63172E69D7667C26ACF32985B69CFB 2435280 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe 2016-01-16 07:19:22 02C8A5812A775690EA0E37DC2A70FB6E 3749032 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE 2016-01-16 07:19:08 DD19FEBA5F9F0929388A1E3587AC9F56 369296 ----a-w- C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe 2016-01-16 07:19:06 0D9F31563931209E24E1FA31906FD755 324264 ----a-w- C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe 2016-01-15 10:21:01 2CD8036AD34515A24C2A8B3538B335F0 1194435 ----a-w- C:\Program Files (x86)\Kilgray\memoQ-2015\unins000.exe 2016-01-15 06:24:31 72697B93E08FC7F425611F2D38F340CF 2776656 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\47.0.2526.111\47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe 2016-01-14 18:26:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Hans.exe 2016-01-14 18:26:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Hans\Desktop\RSITx64.exe 2016-01-13 19:28:23 F948700C1608702A35C78F825C7B10EB 197216 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\unpack200.exe 2016-01-13 19:28:23 E676A5AFB989929D535F3B8C4CC4BA0E 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe 2016-01-13 19:28:23 E1986B8E464A286A977F50B936158AFA 34400 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe 2016-01-13 19:28:23 A5F8282844E4B37853ABFA76DFAA7456 76896 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe 2016-01-13 19:28:23 A521CA509657B3B3716742C9A4484841 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe 2016-01-13 19:28:23 9A30E54E729FD77AF55E8C4B5DC1CF54 206944 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe 2016-01-13 19:28:23 86A7F56741B77053F486A0D63B86A5F4 100448 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe 2016-01-13 19:28:23 86453A890FD5AC165BDFC02298579B8C 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe 2016-01-13 19:28:23 716BE1F83A461AC60D835C8465C81B4E 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\keytool.exe 2016-01-13 19:28:23 6DD10D3985B60D7E740AB681AB78FDE7 66144 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe 2016-01-13 19:28:23 6D177291A520FB8D78C3011B4A4DBCF7 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe 2016-01-13 19:28:23 63D0DFAED2011A65BB9A847B085FB7B6 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe 2016-01-13 19:28:23 5C3EFB3A8A05A565AF0E838F8D0729B1 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe 2016-01-13 19:28:23 57D76D580DA8DDBCB98B4B29D6541F94 206944 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\java.exe 2016-01-13 19:28:23 54314BBBF22E467B7AAF5C652D871599 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe 2016-01-13 19:28:23 46A80A1A3010D724314A865C7FC3E896 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\klist.exe 2016-01-13 19:28:23 4469222719118D5BAB0787CAA9527279 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe 2016-01-13 19:28:23 3C2C2700B5BBFBEAEEA10B1D1E58103B 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe 2016-01-13 19:28:23 3682B664E17476BD16970CD69B2D1065 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\kinit.exe 2016-01-13 19:28:23 23AD78B8B095D3658521F2F7DD71121C 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\pack200.exe 2016-01-13 19:28:23 214FB286F364B2DECCB4B58FE59E0605 326752 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe 2016-01-13 19:28:03 FDF059C05249FAEA0221ED65CD59A9C8 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe 2016-01-13 19:28:03 F003BBCB09CACF8A9F4CE0C67A2D6E63 278624 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaws.exe 2016-01-13 19:28:03 EFC80BC662BCC20B0B09700636FDC732 30816 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jabswitch.exe 2016-01-13 19:28:03 D8EEED21B06866E85DA30485F5059FF6 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\servertool.exe 2016-01-13 19:28:03 CA51FB3FE5012E21D9A14AC071527866 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2launcher.exe 2016-01-13 19:28:03 ADAF1151B29D2D1691FA027B6C55B3D7 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssvagent.exe 2016-01-13 19:28:03 A9E84AD3536425BC68263B723C2442E4 191072 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\java.exe 2016-01-13 19:28:03 8977B87AB10AB1DA8769CA0053B401B0 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jjs.exe 2016-01-13 19:28:03 7BE9BE6E15653824A28F5CED6B273588 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\klist.exe 2016-01-13 19:28:03 7BDD7F1BC2A20971DEE17B6920D61BBC 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaw.exe 2016-01-13 19:28:03 73368169BFD965EC6257E77C23CED879 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\rmiregistry.exe 2016-01-13 19:28:03 525027DF51378DDA25F0F52C20BCB132 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\kinit.exe 2016-01-13 19:28:03 46AB480B01CD30801B3AE89B5AAE75A8 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\orbd.exe 2016-01-13 19:28:03 3B306D41F07396975ECE34A860BD9036 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\pack200.exe 2016-01-13 19:28:03 36A44033C6B970F95E2A1448F4481CEA 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\keytool.exe 2016-01-13 19:28:03 28FB06FC63D5817153B5502A49DF3F00 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\ktab.exe 2016-01-13 19:28:03 17A8DD2484DC26E38DFE3209C8B36980 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\policytool.exe 2016-01-13 19:28:03 0B82777B13B81417E5520DF7B1E8C319 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\rmid.exe 2016-01-13 19:28:03 0A3936FE18FC04350159A1E647201501 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\tnameserv.exe 2016-01-13 19:28:03 092F4D3C25F3086D4C7FDEC79DD71302 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\unpack200.exe 2016-01-13 19:28:03 04D67FF5044A605F1E7D923A1D6F1751 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\java-rmi.exe 2016-01-13 19:27:23 2504A1F4DA3B06B47CF2F81AFB365B79 585824 ----a-w- C:\Users\Hans\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-01-13 19:09:20 95F9F318AEAC1187CA641E520280DF96 211312 ----a-w- C:\Users\Hans\Downloads\mvt.exe 2016-01-13 11:48:54 4489D5077C5D2396E3A94D652ADAE1CA 14336 ----a-w- C:\Windows\SysWOW64\fixmapi.exe 2016-01-13 11:48:54 2FFBA1EAE28B45A92E2EA70C61C66F14 17920 ----a-w- C:\Windows\System32\fixmapi.exe 2016-01-13 11:48:52 BBE4D9B89B3FBC97C0F381C2F9C4ADEF 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2016-01-13 11:48:52 936E6F6F76136BC73B13D25A254BC84B 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2016-01-13 11:48:52 8B995A315448ABFC6E41A200079E7DBA 55808 ----a-w- C:\Windows\System32\rrinstaller.exe 2016-01-13 11:48:52 777654DB4C306B22A5A54690A258650D 24576 ----a-w- C:\Windows\System32\mfpmp.exe 2016-01-13 11:48:50 FEB22838B5A1EA29FAEBBEEA14107049 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2016-01-13 11:48:50 E341F64F351629296178A872C7666620 718336 ----a-w- C:\Windows\System32\ie4uinit.exe 2016-01-13 11:48:50 40234FBF2AC1FE6BB16BF967782C124C 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2016-01-13 11:48:49 C9B76533B304B3FEE41ED5C2500A0668 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2016-01-13 11:48:49 B778A5AAE66E7F1AC3414DDF41E4359E 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2016-01-13 11:48:49 359B81512F7A45213180DD3D821F11BB 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-01-13 11:48:49 0E5C2FBD4CF9CB08DCDA586247195FF2 815304 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2016-01-13 11:48:48 EDA0948BAA8ED2FCF64942026A0B3457 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2016-01-13 11:48:48 CB76755799B821A9D8779DA004840E9C 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2016-01-13 11:48:48 424300DDB7A1B24199C9B481438F55E9 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-01-13 11:48:47 AC8410A5877FFBC98D1ECFF949A2E0A4 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2016-01-13 11:48:36 CCF0EAACC822EC72830AB56EA29D952F 88256 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2016-01-13 11:48:36 5510E75671B909D0D3FAB008144646B9 25024 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2016-01-13 11:48:35 2E4FF62CC7B88ABBF59C242DED7F919F 5572544 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-01-13 11:48:34 FA792622268EE423FC5E6AE23FB43599 112640 ----a-w- C:\Windows\System32\smss.exe 2016-01-13 11:48:34 CB0E57424A776C51EF42469064ADBF08 30720 ----a-w- C:\Windows\System32\lsass.exe 2016-01-13 11:48:34 AE6E759632A0F931CFB626EED55C3E99 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-01-13 11:48:34 A8D4C2B034947F2445F5099E6B3173C8 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-01-13 11:48:34 8E3915AF90315E4ED96D4CAE316E8F21 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-01-13 11:48:34 7AC830607D940A3DABB8E5EB6EB22DF2 338432 ----a-w- C:\Windows\System32\conhost.exe 2016-01-13 11:48:34 5EBDD597DDCD94AE47CEFE6AFE41874A 64000 ----a-w- C:\Windows\System32\auditpol.exe 2016-01-13 11:48:34 59541469E828B311B1E5EEA77E6F6BE7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-01-13 11:48:34 50AC63ADB9F92D5141703986C66AB61C 296960 ----a-w- C:\Windows\System32\rstrui.exe 2016-01-13 11:48:34 1615874D0262DA99E565D4FE6F74F7DD 3993536 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-01-13 11:48:34 1418C1A502A9540A4726B4935229E7B9 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-01-12 06:34:49 3CC5D43E1D79BF5FB5923BD85FC8E909 1232000 ------w- C:\ProgramData\SDL\SDL Trados Studio\Studio4\Updates\StudioUpdateClient.exe === C: other files == 2016-01-13 19:28:23 BD583BE68BB32408A9C6942CFC85F6FB 14130 ----a-w- C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip 2016-01-13 19:28:03 4DB4B1F67E583B41F841F48254BE38E3 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\lib\deploy\ffjcext.zip 2016-01-13 11:48:52 F094FCE25E33140B5F7AEE2E5BDF6931 3211264 ----a-w- C:\Windows\System32\win32k.sys 2016-01-13 11:48:52 C51B07394A087DA666A410DBFD26663A 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys 2016-01-13 11:48:52 647599CAE8CA0EF2FB09C4B150BC97FF 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys 2016-01-13 11:48:52 26FE888505E5A945B0536AF9A2A27A6F 5632 ----a-w- C:\Windows\System32\drivers\drmkaud.sys 2016-01-13 11:48:34 C49F1C4CA74FC52AFB2E892D8E50EA39 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-01-13 11:48:34 A572BEF41F3C55D7DAF24D2340C91FEC 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-01-13 11:48:34 32B85C4923D895B2FB35821A799BA38D 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-01-13 11:48:34 28E75F316CCCD79337E4957C53017D4B 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-01-13 11:48:34 0F776895884B8DC430A307D57FD867BB 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-01-11 15:41:32 F6DAEE2171621802EDE79D10760F027E 297201368 ----a-w- C:\Users\Petra\Downloads\catalogue-marque-2016-V9.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3269628419-2187823807-1317198216-1002\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "OneDrive"="C:\Users\Hans\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "IndexSearch"="C:\Program Files (x86)\Dell Printers\paperport\PaperPort\IndexSearch.exe" "PaperPort PTD"="C:\Program Files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe" "PDFHook"="C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\pdfpro5hook.exe" "PDF5 Registry Controller"="C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\RegistryController.exe" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler" "DNS7reminder"="C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe -r C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "OneDrive"="C:\Users\Hans\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" "DLUPDR"="C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" "DLQLU"="C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE /S" "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe /startup" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer] ==== Startup Folders ====================== 2015-12-18 08:29:39 1281 ----a-w- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/01/2016 21:44] C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3269628419-2187823807-1317198216-1001.job --a------ C:\Users\Petra\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe [31/12/2015 10:36] C:\Windows\tasks\G2MUploadTask-S-1-5-21-3269628419-2187823807-1317198216-1001.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/07/2015 13:55] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/07/2015 13:55] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-PC_PETRA-Petra" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-PETRA-Petra" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-3269628419-2187823807-1317198216-1001" [C:\Users\Petra\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe] "C:\Windows\SysNative\tasks\G2MUploadTask-S-1-5-21-3269628419-2187823807-1317198216-1001" [C:\Users\Petra\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse" [C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe] "C:\Windows\SysNative\tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse" [C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe] "C:\Windows\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [23/11/2015 11:53] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02/12/2015 10:37] Google Slides - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap SiteAdvisor - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Docs Offline - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap SiteAdvisor - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Docs Offline - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.marinetraffic.com_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.marinetraffic.com_0.localstorage-journal deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.marinetraffic.com_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.marinetraffic.com_0.localstorage-journal deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage deleted successfully C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{825CFA77-DF68-444E-A9D3-A33CC8855742}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKCU\SearchScopes\{825CFA77-DF68-444E-A9D3-A33CC8855742} - https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\Bin\PlusIEContextMenu.dll O2 - BHO: Bho - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Dell Printers\paperport\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\RegistryController.exe O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [OneDrive] "C:\Users\Hans\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe O23 - Service: BCM Converter Service (BCMConverterService) - Unknown owner - C:\Program Files (x86)\SDL\SDL Language Cloud Add-ins\BCMConverterWindowsService.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Dragon Logger service (DragonLoggerService) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: memoQ 7.8 Auto Update Helper (memoQauhlp78) - Kilgray - C:\Program Files (x86)\Kilgray\memoQ-2015\MemoQ.AutoUpdate.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: Nalpeiron Control Service (NalServ) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nalserv.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SDL Customer Feedback Service (Sdl.ProductTelemetrics.v1) - SDL - C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe O23 - Service: SDL Trados Studio 2014 SP2 Customer Feedback Service (Sdl.Studio.ProductTelemetrics.v1) - SDL - C:\Program Files (x86)\SDL\SDL Trados Studio\Studio3\ProductTelemetricsService\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=24 folders=2 1741214 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Hans\AppData\Local\Temp will be emptied at reboot C:\Users\Petra\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Hans\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 16/01/2016 at 17:45:19,62 ======================