Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Maaike on wo 17-02-2016 at 13:58:30,32. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Maaike\Downloads\zoek (3).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2016-02-13-005227.log 9356 bytes ==== Empty Folders Check ====================== C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Acrobat Reader DC - Nederlands Adobe Refresh Manager Advanced SystemCare 9 ATI Catalyst Install Manager Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Definition Update for Microsoft Office 2013 (KB3114731) 64-Bit Edition Do Your Data Recovery Trial 4.1 Driver Booster 3.2 ESET Smart Security GetDataBack for NTFS Google Chrome Google Update Helper Handy Recovery 4.0 HP Support Assistant HP Support Solutions Framework IObit Malware Fighter 3 IObit Uninstaller KMSpico Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft .NET Framework 4.6.1 Microsoft Access MUI (Dutch) 2013 Microsoft DCF MUI (Dutch) 2013 Microsoft Excel MUI (Dutch) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared 32-bit MUI (Dutch) 2013 Microsoft Office Shared MUI (Dutch) 2013 Microsoft OneNote MUI (Dutch) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Microsoft Word MUI (Dutch) 2013 Outils de v‚rification linguistique 2013 de Microsoft Office˙- Fran‡ais Realtek HDMI Audio Driver for ATI Security Update for Microsoft .NET Framework 4.6.1 (KB3122661) Security Update for Microsoft .NET Framework 4.6.1 (KB3127233) Security Update for Microsoft Excel 2013 (KB3114734) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3039734) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3039798) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3054816) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3085572) 64-Bit Edition Security Update for Microsoft Publisher 2013 (KB3085561) 64-Bit Edition Security Update for Microsoft Word 2013 (KB3114724) 64-Bit Edition Smart Defrag 4 Surfing Protection Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Update for Microsoft Access 2013 (KB3114505) 64-Bit Edition Update for Microsoft InfoPath 2013 (KB3039714) 64-Bit Edition Update for Microsoft InfoPath 2013 (KB3114353) 64-Bit Edition Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition Update for Microsoft Office 2013 (KB2889863) 64-Bit Edition Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition Update for Microsoft Office 2013 (KB3023052) 64-Bit Edition Update for Microsoft Office 2013 (KB3023068) 64-Bit Edition Update for Microsoft Office 2013 (KB3039701) 64-Bit Edition Update for Microsoft Office 2013 (KB3039720) 64-Bit Edition Update for Microsoft Office 2013 (KB3039766) 64-Bit Edition Update for Microsoft Office 2013 (KB3039778) 64-Bit Edition Update for Microsoft Office 2013 (KB3039800) 64-Bit Edition Update for Microsoft Office 2013 (KB3054783) 64-Bit Edition Update for Microsoft Office 2013 (KB3054785) 64-Bit Edition Update for Microsoft Office 2013 (KB3054805) 64-Bit Edition Update for Microsoft Office 2013 (KB3054819) 64-Bit Edition Update for Microsoft Office 2013 (KB3054856) 64-Bit Edition Update for Microsoft Office 2013 (KB3054941) 64-Bit Edition Update for Microsoft Office 2013 (KB3055006) 64-Bit Edition Update for Microsoft Office 2013 (KB3055007) 64-Bit Edition Update for Microsoft Office 2013 (KB3055011) 64-Bit Edition Update for Microsoft Office 2013 (KB3085479) 64-Bit Edition Update for Microsoft Office 2013 (KB3085482) 64-Bit Edition Update for Microsoft Office 2013 (KB3085506) 64-Bit Edition Update for Microsoft Office 2013 (KB3085570) 64-Bit Edition Update for Microsoft Office 2013 (KB3085578) 64-Bit Edition Update for Microsoft Office 2013 (KB3101487) 64-Bit Edition Update for Microsoft Office 2013 (KB3114715) 64-Bit Edition Update for Microsoft Office 2013 (KB3114717) 64-Bit Edition Update for Microsoft Office 2013 (KB3114727) 64-Bit Edition Update for Microsoft Office 2013 (KB3114736) 64-Bit Edition Update for Microsoft OneDrive for Business (KB3114509) 64-Bit Edition Update for Microsoft OneNote 2013 (KB3114344) 64-Bit Edition Update for Microsoft Outlook 2013 (KB3114729) 64-Bit Edition Update for Microsoft Outlook Social Connector 2013 (KB3054854) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB3114716) 64-Bit Edition Update for Microsoft Project 2013 (KB3114739) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition Update for Skype for Business 2015 (KB3039776) 64-Bit Edition Update for Skype for Business 2015 (KB3114732) 64-Bit Edition ==== Running Processes ====================== C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Maaike\Downloads\zoek (3).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} not found C:\Users\Maaike\AppData\Roaming\ProductData deleted C:\PROGRA~3\ProductData deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 1789 MB CPU Info: AMD Sempron(tm) M100 CPU Speed: 2018,6 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: AMD M880G with ATI Mobility Radeon HD 4200 | AMD M880G with ATI Mobility Radeon HD 4200 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Atheros AR9285 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVDRAM GT20L Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 284,2GB | D: 13,4GB Hard Disks - Free: C: 234,2GB | D: 439,5MB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 10/10/09 | HPQOEM - 3 Time Zone: West-Europa (standaardtijd) Motherboard *: Quanta 363F Country: Nederland Language: NLD ==== System Specs (Software) ====================== SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Persoonlijke firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} Default Browser: Google Chrome 48.0.2564.109 Internet Explorer Version: 11.0.9600.18204 Google Chrome version: 48.0.2564.109 Adobe Reader version: 15.9.20077.160923 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-02-09 21:50:43 9D77CC4A36FEEA644D002CFB9B2D42C0 3231232 ----a-w- C:\Windows\explorer.exe ====== C:\Users\Maaike\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-02-11 22:31:22 B51A17A1820E8940C0F99D5CCE6CD97E 6656 ----a-w- C:\Windows\SysWOW64\KBDAZEL.DLL 2016-02-11 22:31:19 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\SysWOW64\locale.nls 2016-02-11 22:31:19 A326E8C5F54D675AC83639FC9ADA8CDA 69120 ----a-w- C:\Windows\SysWOW64\nlsbres.dll 2016-02-11 22:31:19 4D1ED276529A0EA7177A6830BC842A92 6656 ----a-w- C:\Windows\SysWOW64\kbdgeoqw.dll 2016-02-11 22:31:19 4768E74F674F6DF9AEF172F738A1342B 7168 ----a-w- C:\Windows\SysWOW64\KBDAZE.DLL 2016-02-09 22:26:46 BE97A22AA001C112729BC6C20710EB95 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll 2016-02-09 22:26:46 AEC354F085817A1EDF09354F187F04F7 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-02-09 22:26:46 79875578EBB8F8ACAF339301A0F0B663 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-02-09 22:26:45 57499EAC0ECCB7537D15011FECCCAE98 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-02-09 22:26:44 9A974C50E003639FED1F4540D606277E 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-02-09 22:26:44 72E9450D57439BFB285333C216D4D689 341200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-02-09 22:26:44 2D1D550594CDDC6F384AFCF702F333BB 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-02-09 22:26:43 FA063E55773A925EA50BB6C32BDA6A4D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-02-09 22:26:43 83C2C80E6F582B2B3B657DB7AD3D8025 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-02-09 22:26:43 6F24910AC7C489AEBC9B07B1C7B95055 687104 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-02-09 22:26:37 8C4AF7FA8E097BEE33AD430D335F942A 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-02-09 22:26:37 711E2340B245214EC8EE7028646AE69B 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-02-09 22:26:37 6483EA614DA752566A20EC8CB20E7B3F 2050560 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-02-09 22:26:36 A5E6C79B466BBEB5795F59E1B1DE634C 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-02-09 22:26:35 A34630CC8CE946941F7145AA7EE358B4 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-02-09 22:26:35 27BDBE4BC3AE6011480E0B3ACD20C527 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-02-09 22:26:34 9D3DF899B79050492962D0B9256DCB57 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-02-09 22:26:27 5FEA0799C84EDA2A4B1EBE5C3D2D0730 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-02-09 22:26:26 CB4959DB1E0D9D60FB271474DFDE303C 4611072 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-02-09 22:26:26 11733FDE983323DD1F7493B5576FC84F 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-02-09 22:26:25 C7CC591E41287CEB01FDBC425DAEF043 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-02-09 22:26:25 5CB71C6DB91BAC78E1F0E9953CAB8969 2120704 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-02-09 22:26:25 381FCCE72078D0FD6CDE012F7383825A 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-02-09 22:26:25 0C8336742D48676B47B9A94B6AF5673F 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-02-09 22:08:07 F681617A48EC4FA8E560D4F8F98DD94F 216064 ----a-w- C:\Windows\SysWOW64\InkEd.dll 2016-02-09 22:07:08 E0F8B86E21CE366C41FD641A5904B399 2280448 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-02-09 22:07:07 5AA6B93A3561DD11BE89A0E994C78B9E 20366848 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-02-09 22:07:04 31129AB73DE8B2C7AA60B04EE2931717 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-02-09 22:07:03 A80DB9FC25D728E990E4F183BBFB0B46 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-02-09 22:07:03 05DC4CD07D10626D4EF38AB7A9F45771 1312256 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-02-09 22:07:02 C65C32F73DB0FF40CD0B07A378ED7E31 12857856 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-02-09 22:07:00 C2974E63D8C9B6A2914EF4F8BF986A0D 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-02-09 21:59:30 6B2BCCCF3BE6C29A72397ED1BDBEFE33 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2016-02-09 21:59:30 4006F0B422E19AA0E459A85C612A9F9D 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2016-02-09 21:59:29 F595AD526491E0787BD070B2E968AFAE 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2016-02-09 21:59:29 3FE0CD5FAA51481051B8D21D68C5CBC9 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2016-02-09 21:59:29 318AEAAF2A4F5488A3740005CA841FC5 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2016-02-09 21:57:48 E00604CE082BA387AC1D354C45F7EDEC 1413632 ----a-w- C:\Windows\SysWOW64\ole32.dll 2016-02-09 21:56:15 3F37385824263575518137EB6D60C90B 642048 ----a-w- C:\Windows\SysWOW64\CPFilters.dll 2016-02-09 21:56:14 6AF4B613D9EAC33034D2B5776B89394D 535040 ----a-w- C:\Windows\SysWOW64\EncDec.dll 2016-02-09 21:56:11 65FAD1A0049B6101F37BBFE7682DFE4C 1314328 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2016-02-09 21:56:10 8D8374FD723FEB2800305A8A66CD1ABA 3993536 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-02-09 21:56:09 C8D06454D122EE572A117CB2BD198E2E 114176 ----a-w- C:\Windows\SysWOW64\mtxoci.dll 2016-02-09 21:56:09 A9AE21C45FBF6CE1E6B5C5FEBB38004C 3938752 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-02-09 21:56:09 8E906BEE0415C2D4689305B8406B5E07 642560 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2016-02-09 21:56:08 1682569FCB2BD576B7F8BCC5506BAF24 176128 ----a-w- C:\Windows\SysWOW64\msorcl32.dll 2016-02-09 21:56:08 024D25AC7C7A17868A85786D54FADA1F 553472 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2016-02-09 21:56:07 3ECF55A5D03F20BAF2189DE7C334E7F9 275456 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2016-02-09 21:56:03 B1D78C40DFB3D3AB0B24F4C452AF2D32 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2016-02-09 21:56:02 AF9A6DDDAF80F06854774B97A5CABACD 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2016-02-09 21:56:02 986235D261FEADC0825CC4287CA2FD61 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2016-02-09 21:56:01 FE2F52304F3B5BD8281350DC69E13063 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2016-02-09 21:56:01 D2CB5AE05C05A22428D0D241B1B93615 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll 2016-02-09 21:56:01 D12750DF9F955B9C8FB18C9B26BC8FA8 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2016-02-09 21:56:01 B01C6902EBFDC171D4AC3B55B695F017 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2016-02-09 21:56:00 D860E93BA9E5B4332C87159D7EA46343 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-02-09 21:56:00 973475BA1F197D8AA7B9DC10046C80BA 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2016-02-09 21:56:00 8A4577DE02C55182ED46202BA2E06DA5 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2016-02-09 21:56:00 67BCCAF06AD5F12DC7599AC02A2C40E7 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2016-02-09 21:56:00 5595E457CCB6FAEBC0244F1C20E8761F 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2016-02-09 21:56:00 375BC0AA1E753C96D97D20444017F083 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2016-02-09 21:56:00 2A7DDF3441564E2615A88A840ECC19ED 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2016-02-09 21:56:00 2A49D72DC3627DA7E90FD6673549E5F4 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2016-02-09 21:55:56 B76BE60C53603EBBF65957CB95B3EF7A 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-02-09 21:55:56 35CAEF79BE44688A750CFDA3FAE7AC45 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-02-09 21:55:55 E88699C4C98E249DD2F13B315F6A199B 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2016-02-09 21:55:55 B6ACF0FA1236D1F89205DB4AFF1F6BB4 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-02-09 21:55:55 95CDF95F17CBC4038235DA5525DE8A39 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2016-02-09 21:55:54 BD8774545A855B6559FD70E609830685 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2016-02-09 21:55:54 5BF47EDE7A7D9143E5CB299FEB0173A2 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2016-02-09 21:50:43 F4AC739D8C76DD13CA2EBF638D030B2D 12877824 ----a-w- C:\Windows\SysWOW64\shell32.dll 2016-02-09 21:50:41 2A156D5EBF221EF2A6AE7CE452324DAC 2973184 ----a-w- C:\Windows\SysWOW64\explorer.exe 2016-02-09 21:50:40 7335DD3AB298309DD343DD0785144E59 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll 2016-02-09 21:50:39 B4ABC755C1CB8066DA8EE29100C78FC4 1498624 ----a-w- C:\Windows\SysWOW64\ExplorerFrame.dll 2016-02-09 18:29:05 4FA66A573E9A45D05AD5A25B1E76A35D 103120 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-02-11 22:31:22 8A4415ED740AA7303FDC98853F7DF6C2 7168 ----a-w- C:\Windows\Sysnative\KBDAZEL.DLL 2016-02-11 22:31:19 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\Sysnative\locale.nls 2016-02-11 22:31:19 E77440D732DA943BA77C38BD9C8FF75D 7168 ----a-w- C:\Windows\Sysnative\kbdgeoqw.dll 2016-02-11 22:31:19 CD33834D9CADE5847806EF981888811C 69120 ----a-w- C:\Windows\Sysnative\nlsbres.dll 2016-02-11 22:31:19 307C6A4E1A08B232E6E6A1A0839C5616 7168 ----a-w- C:\Windows\Sysnative\KBDAZE.DLL 2016-02-11 22:26:55 2CE2E6C71FD01B1DF8992EE5768A8CAD 22528 ----a-w- C:\Windows\Sysnative\icaapi.dll 2016-02-09 22:26:46 B96B87565BAFE37CB4ADC2B3DB4E4918 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-02-09 22:26:45 F53C5CD60B0C574F420AC23D04629CD4 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-02-09 22:26:45 6D87E73C26D1A17C077EE52C9F17F600 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-02-09 22:26:44 28BB2A430DF3FBEF849DA23DCE091E0C 107520 ----a-w- C:\Windows\Sysnative\inseng.dll 2016-02-09 22:26:44 0FDC94FE7AF583F1F251DB2F8AA775FB 718336 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-02-09 22:26:43 4730E75B886E79785D98F3B52F70E857 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-02-09 22:26:37 9C790C93BDCEC5357763A0D76769A532 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-02-09 22:26:37 2204FE30C9DB8CE0C9D2766E7B36C3FB 387784 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-02-09 22:26:36 EF331A0C738A3DB59910426166F7AA6F 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-02-09 22:26:34 FC9C018B47585694C1FDEE9315A00811 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-02-09 22:26:34 855087A6E66B7F26DDB4DD0AAC8F2002 798208 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-02-09 22:26:34 66E9C715417016B5E8844BAD52ECEC1F 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-02-09 22:26:31 933A0F38EA8562C6FBFBCC7DB8403E49 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-02-09 22:26:31 2E147B50D120FFAA29B8AEF4AA251DD6 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-02-09 22:26:29 31BFBD55D80391FE1F57C5F08520AB19 2123264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-02-09 22:26:26 167C24BD00918779F6FB2A143EB881C9 571904 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-02-09 22:26:25 31D8B409C26258A622886818B8446319 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-02-09 22:26:23 4F6A864F5AEEC16B871275FBD2ED9507 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-02-09 22:26:20 D5D3113FE5FEC7E17AF441116DFD0AA5 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-02-09 22:26:19 8781623BFFDB7373B6BE21D6BB0CF091 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-02-09 22:26:18 A53BA92BB2AD12CD588D608653D837FA 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-02-09 22:26:18 30F1422DE58ECA22EFF68E32EE230FB3 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-02-09 22:26:17 2C76A9F160B31AD4B6BEB0E6AEDF0051 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-02-09 22:26:17 2465699318A732E42243FDA8B9E53EBD 6052352 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-02-09 22:26:16 CB10939701B2B334E5AC019823FD43EF 2597376 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-02-09 22:26:14 01F62BB0005ECEFC807CCAE071568DC7 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-02-09 22:26:13 F1B946B1C712A670705A4FEFFD7B20E9 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-02-09 22:26:13 7B83F058C60F64D992D664C09AC97D68 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-02-09 22:18:48 245A41B147F849134F05848BC7590911 3215360 ----a-w- C:\Windows\Sysnative\win32k.sys 2016-02-09 22:08:07 799E20ADF08BB7EB5D0FF784C311F4B3 275456 ----a-w- C:\Windows\Sysnative\InkEd.dll 2016-02-09 22:08:06 313E9727FD22B721E356B3E75D3B7FDD 24576 ----a-w- C:\Windows\Sysnative\jnwmon.dll 2016-02-09 22:07:21 8451F5DB58916753D1574F394931B2CA 677376 ----a-w- C:\Windows\Sysnative\generaltel.dll 2016-02-09 22:07:21 677E1065159AE6E895A2FCCE3C405C3B 1162240 ----a-w- C:\Windows\Sysnative\aeinv.dll 2016-02-09 22:07:21 497DA176FCEAEC2D3C0F8664474FEA3F 1362944 ----a-w- C:\Windows\Sysnative\appraiser.dll 2016-02-09 22:07:20 C0B408465FD3981832D0ED8F9ADF9827 25024 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2016-02-09 22:07:20 A6E72DCF9A575C56021037C0500D8396 499200 ----a-w- C:\Windows\Sysnative\devinv.dll 2016-02-09 22:07:20 9F50126D50691F89C3ADD4A3060D41EF 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll 2016-02-09 22:07:20 3D71FAD5B40B3249333C6AEF4F889C61 696320 ----a-w- C:\Windows\Sysnative\invagent.dll 2016-02-09 22:07:09 7B755E401A318D3136948C72CD8AAB32 2887680 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-02-09 22:07:07 FFF68D1EA1C9B09091D91D4D493F00CD 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-02-09 22:07:00 D7733D44A51BD06CD3D4E8EFFA00F1DB 1547264 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-02-09 22:06:59 1F386DDDF890891B4FA29D1EE066A4C7 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-02-09 22:06:59 1162B324D878C71ADFB97392888266E7 14458368 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-02-09 22:06:57 1E6D1853706F8DE25F07823A97E714EB 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-02-09 22:06:56 748391D06E84EA371ADE4B10E38D54E9 25839104 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-02-09 21:59:30 A57F0922744677D2196AB6D51547546A 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2016-02-09 21:59:30 863E3C01F7C2EB0C2E7A87005219A78F 3169792 ----a-w- C:\Windows\Sysnative\wucltux.dll 2016-02-09 21:59:30 837A9343D4189DD27899C0E1F0DDDCB0 709120 ----a-w- C:\Windows\Sysnative\wuapi.dll 2016-02-09 21:59:30 3D4032E6A5885C007AEF4BA816AB4032 2610176 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2016-02-09 21:59:29 C0494660BB55A8378A2BE3B4DAA35ED7 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2016-02-09 21:59:29 BD2BD297693266EED05053BEA303A6EA 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2016-02-09 21:59:29 B0A43EC743402EDBA9527365291708A3 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2016-02-09 21:59:29 ACE31C1714B290EABEDEAFF347ED0CE4 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2016-02-09 21:59:29 A074D8FDDA2E42170AA073C60DC6877B 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll 2016-02-09 21:59:29 7EB6752403FDC5C9737E2A942D041705 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe 2016-02-09 21:59:29 0C14B42D43673DF46D915E57843B85ED 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2016-02-09 21:59:16 AC69F6A26A7AAA42E62BBCD52D843626 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll 2016-02-09 21:59:16 5A856B0FBB74E353973A9AEE105B604A 3180544 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2016-02-09 21:59:16 45B77AA9D455A8291D957CEDADDB08C1 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll 2016-02-09 21:57:53 E8089A2512554E3C97423D89F3253CD0 2085888 ----a-w- C:\Windows\Sysnative\ole32.dll 2016-02-09 21:56:15 EC51D04CF0ED31C8B0FDEB00A7155596 723968 ----a-w- C:\Windows\Sysnative\EncDec.dll 2016-02-09 21:56:15 3D0AB0FA5B425420B6F6AD261874200D 961024 ----a-w- C:\Windows\Sysnative\CPFilters.dll 2016-02-09 21:56:14 DDC8747E8EA0D44C1DCB14B872F07AD8 5573056 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2016-02-09 21:56:13 EDD3A375BAEC5B67227EF91E767D1383 1733592 ----a-w- C:\Windows\Sysnative\ntdll.dll 2016-02-09 21:56:12 613E5CBB94EF8F2EB15812EB003BC667 422400 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2016-02-09 21:56:11 C66C5B5793F458807AE043E73440EB47 159744 ----a-w- C:\Windows\Sysnative\mtxoci.dll 2016-02-09 21:56:11 BB3249DA371BC3D18F71684E4274B853 730112 ----a-w- C:\Windows\Sysnative\kerberos.dll 2016-02-09 21:56:09 748F82A2222C49C3FED6D1695083716A 880128 ----a-w- C:\Windows\Sysnative\advapi32.dll 2016-02-09 21:56:09 0547E50F916294862FDAF11A4D701547 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2016-02-09 21:56:05 EB4B3461CCF52627D0DDF6C5EA6706D1 1461248 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2016-02-09 21:56:03 C96D13751309F1099FF89347F0289789 1214464 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2016-02-09 21:56:03 8B240443503DC920964A9AD0216DA10F 344064 ----a-w- C:\Windows\Sysnative\schannel.dll 2016-02-09 21:56:03 789035A84618AC25CEDC91606029A4A2 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2016-02-09 21:56:02 DFC485D181251BBD363A01C7FB26BC31 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2016-02-09 21:56:02 D37FFF32F1F5CE52B0C5C527E8E7F213 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll 2016-02-09 21:56:02 B9721CADDD9B4D06913F9954A0BF9143 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2016-02-09 21:56:02 B7657890A3CC88B07034BABEB9CA70D4 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2016-02-09 21:56:02 AC90998CB8B16566102AA50E64A595E5 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2016-02-09 21:56:02 96AEEE466EA56AF34AE4AD5E55DAD164 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2016-02-09 21:56:02 41BF4D76AF0228B658DF37DE900B56E0 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2016-02-09 21:56:02 0BC3CBABA9A24F52176929563A4B6829 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2016-02-09 21:56:01 B62C3D440D413A31F55D6E917C45C520 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2016-02-09 21:56:01 AF4737408711F28233FDA52000AF463D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2016-02-09 21:56:01 6B7C61834990694B9A0E1620ABDFCCAC 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2016-02-09 21:56:01 5673794F254FE312AF62D9DA32805A2F 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2016-02-09 21:56:01 51F4A1B05E04EEAB0856A2C97958656C 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2016-02-09 21:56:01 0164AB7D14560DCE1B879E4F7CDB2FAF 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2016-02-09 21:56:00 EF831C8EA02FCD61982C1ADCD7771003 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2016-02-09 21:56:00 BDABFB9F7588C20ECA9CB7848000F471 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2016-02-09 21:56:00 B19AF473CF32091B62C5B0260A0F059F 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2016-02-09 21:56:00 83A5E8CC7663573BFFF420CE8E3C2A68 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2016-02-09 21:56:00 5A71F01035A69E3C00B5D7CA99410A0F 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2016-02-09 21:56:00 54ADDA9F5DA7E7470B11066AD9F4AED8 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2016-02-09 21:56:00 171925BA54D712707770738C71287F88 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2016-02-09 21:55:55 C16168C644D59D08556286A46637253D 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2016-02-09 21:55:55 AB2716613CE2FCE51E91A9CA0F019B2F 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2016-02-09 21:55:54 D2F5A80E0EF6B319FD8795914A0AAB70 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2016-02-09 21:55:54 805F5BF7343F4FED5AEBF458BCF04AC8 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2016-02-09 21:50:46 BE2A89D0652666AE9DE606B1063DBF01 14179840 ----a-w- C:\Windows\Sysnative\shell32.dll 2016-02-09 21:50:41 AEDC4464B75A44811F18A312392E4B22 1866752 ----a-w- C:\Windows\Sysnative\ExplorerFrame.dll 2016-02-09 21:50:40 94B4047E4646C15B893271BAA6A55953 1940992 ----a-w- C:\Windows\Sysnative\authui.dll 2016-02-09 18:29:05 52ED64BF80D360B0EA2B6E5F1504CDFF 124624 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\Sysnative\drivers ===== 2016-02-11 22:26:55 19BEDA57F3E0A06B8D5EB6D619BD5624 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2016-02-09 21:59:37 D7ADC2B83CA0B0381F75A98351F72CEE 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2016-02-09 21:56:08 7BDDD24C5A148534D3737DBFA96B3E69 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-02-09 21:56:07 BA500732D160C61E889E8180EE53C86F 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-02-09 21:56:03 355DF71D1DD1999E8AEDF986534B233C 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-02-09 21:56:02 A16FC9323A85CAEA5804D04646A91CF9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-02-09 21:56:01 2539BE615440BA1EA4CF84A66B6C0AF9 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-02-05 21:48:21 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-02-11 15:21:36 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Maaike\AppData\Roaming ====== 2016-02-17 15:20:43 -------- d-----w- C:\Users\Maaike\AppData\Roaming\ProductData ====== C:\Users\Maaike ====== 2016-02-17 15:20:43 -------- d-----w- C:\ProgramData\ProductData 2016-02-12 22:49:59 7A1EFC058324169EC6083AD10CDC9939 735328 ----a-w- C:\Users\Maaike\Downloads\chromeinstall-8u73.exe 2016-02-11 15:41:10 54F27C9764AD5E1DA35F5FFFB061B539 1508352 ----a-w- C:\Users\Maaike\Downloads\adwcleaner_5.033.exe 2016-02-11 15:19:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Maaike\Downloads\RSITx64.exe 2016-02-11 12:45:29 E38F964D09275CAB0DA2383F5BBC0868 6828320 ----a-w- C:\Users\Maaike\Downloads\ccsetup_514.exe ====== C: exe-files == 2016-02-13 00:51:45 2B48F69517044D82E1EE675B1690C08B 455576 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_PROGRA~3_Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe 2016-02-13 00:51:36 05230AFDEEB13718E926FD654DE63F12 225448 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_Program Files_KMSpico\driver\tap-windows-9.21.0.exe 2016-02-13 00:51:10 30C7E8E918403B9247315249A8842CE5 731809 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_Program Files_KMSpico\unins000.exe 2016-02-13 00:51:10 245824502AEFE21B01E42F61955AA7F4 30208 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_Program Files_KMSpico\UninsHs.exe 2016-02-13 00:51:10 0CBE2081CAC41BD0093AF69E167B6559 966336 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_Program Files_KMSpico\Service_KMS.exe 2016-02-13 00:51:09 154944C9FCA5121A9857566E98883185 1087680 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_Program Files_KMSpico\KMSELDI.exe 2016-02-13 00:51:05 32EB6532B59AE00571940904935C2984 966336 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3323630489-560071777-3598343887-1000\$RFAYXTX\C_Program Files_KMSpico\AutoPico.exe 2016-02-11 20:20:31 21D97B116F2ADC4B45152E23453B3B64 44335696 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.109\48.0.2564.109_chrome_installer.exe 2016-02-11 15:21:37 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Maaike.exe 2016-02-11 13:29:34 4EA829EA903E51AA70767753757E621F 2519960 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.109\48.0.2564.109_48.0.2564.103_chrome_updater.exe === C: other files == ==== Orphaned Tasks deleted from Registry ====================== ASC9_PerformanceMonitor deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3323630489-560071777-3598343887-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 9"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 9"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-12-2015 23:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ASC9_SkipUac_Maaike" ["C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac] "C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\Driver Booster Scheduler" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Maaike)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SmartDefrag4_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe] "C:\Windows\SysNative\tasks\SmartDefrag4_Update" [C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Maaike" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe"] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== Google Slides - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Star Gazer - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme Chrome Web Store Payments - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ProductivityBoss - Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie ==== Chromium Fix ====================== C:\Users\Maaike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Maaike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Maaike\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie deleted successfully C:\Users\Maaike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_poickeeehimalfeceghopkmbjdbpbpie_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Maaike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Maaike\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=251 folders=87 2383792 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Maaike\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Maaike\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 17-02-2016 at 19:27:44,98 ======================