
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Hilaire on wo 09/03/2016 at  9:48:56,68.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Hilaire\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2016-02-29-155832.log	55528 bytes
C:\zoek-results2016-03-01-101026.log	6397 bytes
C:\zoek-results2016-03-01-104740.log	82934 bytes
C:\zoek-results2016-03-01-124322.log	14059 bytes
C:\zoek-results2016-03-02-152954.log	25313 bytes
C:\zoek-results2016-03-03-103256.log	2870 bytes

==== Empty Folders Check ======================

C:\Users\Hilaire\AppData\Local\NetworkTiles deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 

==== Deleting Files \ Folders ======================

C:\zoek_backup deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-02-28 09:03:59	CA2A8AF1DBAD0F31F9B33A2827DFBC16	207	----a-w-	C:\WINDOWS\tweaking.com-regbackup-DESKTOP-8LD8VJ2-Windows-10-Home-(64-bit).dat
====== C:\Users\Hilaire\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-02-29 09:14:01	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\WINDOWS\SysWOW64\config.nt
2016-02-28 16:15:02	6E64487FA9D1C12B9F4B7CC026AB35E4	1811360	----a-w-	C:\WINDOWS\SysWOW64\combase.dll
2016-02-28 16:14:57	FB9F2F9B5A54B55513BD631C347E5539	5156352	----a-w-	C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-28 16:14:51	FA240A6CA214E45D32589C12F6BDD198	9889280	----a-w-	C:\WINDOWS\SysWOW64\twinui.dll
2016-02-28 16:14:50	13909B042F9108BDB579EDD047E30BDC	100352	----a-w-	C:\WINDOWS\SysWOW64\hlink.dll
2016-02-28 16:14:49	E8268D6315EDF8AE7D962BDA4385C2E4	11263488	----a-w-	C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-28 16:14:48	655845C5F595DF0B978B397DC98C23C4	1531368	----a-w-	C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-28 16:14:47	9F6A8D14CD6FD0AFA80857EF2C3B9793	1180696	----a-w-	C:\WINDOWS\SysWOW64\msctf.dll
2016-02-28 16:14:45	6F2A9DBCB9295C7AD7C7CCF832E68C5F	3580416	----a-w-	C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-28 16:14:42	62773199218A030BFD31FC8967956F8C	2316800	----a-w-	C:\WINDOWS\SysWOW64\wininet.dll
2016-02-28 16:14:41	B8E38AE9C00193295EE7331DE9C40C98	162304	----a-w-	C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-28 16:14:41	78C5657DEE058300494BCC7DF7494171	809336	----a-w-	C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-28 16:14:40	C204D78728669D166035B33DDC198BF3	19324928	----a-w-	C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-28 16:14:37	A9B86710997E59E5474288C304F7A09D	18802176	----a-w-	C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-28 16:14:34	608BFE4138C129C8C889642875C9CC8C	5457408	----a-w-	C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-28 16:14:34	233A638C899D0894DECA3264F1055608	768000	----a-w-	C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-28 16:14:33	FEB5ECF1846398328CEE17D9637D4B43	123392	----a-w-	C:\WINDOWS\SysWOW64\rasman.dll
2016-02-28 16:14:33	A322E7E192B8B0EBCFC966F738658F59	1535032	----a-w-	C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-28 16:14:31	9B90B988D38860415441623BE38C919E	118272	----a-w-	C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-28 16:14:30	B72147A118DE90254FE5623BE0D8B547	1380864	----a-w-	C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-28 16:14:30	3BAD13EE0D5C042FB94D18D582B2876C	678400	----a-w-	C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-28 16:14:27	12E6F604E01E7FD9924FFE06633F329B	29696	----a-w-	C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-28 16:14:24	BDD9E4DD40FEF5DDCC19DAF2DDFD0B55	574464	----a-w-	C:\WINDOWS\SysWOW64\Chakradiag.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-03-09 08:45:00	6940F05C42D375FACB71289030E6535F	16148	----a-w-	C:\WINDOWS\Sysnative\DESKTOP-8LD8VJ2_Hilaire_HistoryPrediction.bin
2016-02-28 16:15:02	D952D556E91D9632E78D86486A852480	2601160	----a-w-	C:\WINDOWS\Sysnative\combase.dll
2016-02-28 16:15:01	C946AEE8429FF768B83370B8622228FD	24593920	----a-w-	C:\WINDOWS\Sysnative\mshtml.dll
2016-02-28 16:14:59	35F8ACECDEB73AFDD735024D487B9733	21873152	----a-w-	C:\WINDOWS\Sysnative\edgehtml.dll
2016-02-28 16:14:58	05194EC3EE2C52C8FB56934DF04342FD	6787072	----a-w-	C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2016-02-28 16:14:56	2430B1820D4E03796F672E3D47B88E64	3793408	----a-w-	C:\WINDOWS\Sysnative\rdpcorets.dll
2016-02-28 16:14:55	E6AAA1D03A335E9FD0DAC571D34A11B2	11557888	----a-w-	C:\WINDOWS\Sysnative\twinui.dll
2016-02-28 16:14:54	702F35D9C55C2542167D095E5E04DA4C	109056	----a-w-	C:\WINDOWS\Sysnative\hlink.dll
2016-02-28 16:14:53	D8B483512EE10CFF928B48DD170EED20	12504576	----a-w-	C:\WINDOWS\Sysnative\ieframe.dll
2016-02-28 16:14:50	C434FCF543A695C61473B89C0AA0E266	1951872	----a-w-	C:\WINDOWS\Sysnative\KernelBase.dll
2016-02-28 16:14:47	759D0783E28D36F5F1940D8B034F4116	1420392	----a-w-	C:\WINDOWS\Sysnative\msctf.dll
2016-02-28 16:14:46	E8CDFD9848A322710381BDD02318391F	4791808	----a-w-	C:\WINDOWS\Sysnative\jscript9.dll
2016-02-28 16:14:44	D877CE1C83D65C7B56A43A23279578DD	1248896	----a-w-	C:\WINDOWS\Sysnative\WinTypes.dll
2016-02-28 16:14:44	9AD8FCCC95B68BC3129AA2318CE55717	680448	----a-w-	C:\WINDOWS\Sysnative\rasmans.dll
2016-02-28 16:14:44	2FE47060B982C6581625B8F7B5C348DA	2237952	----a-w-	C:\WINDOWS\Sysnative\wuaueng.dll
2016-02-28 16:14:43	71EF55BA035CD459D8230501D067D2F8	2849792	----a-w-	C:\WINDOWS\Sysnative\wininet.dll
2016-02-28 16:14:42	9B5AD01707BCB13C0210F23783EB52DF	7525376	----a-w-	C:\WINDOWS\Sysnative\Chakra.dll
2016-02-28 16:14:38	51751637A4D2E4FE7D78D09200F783F4	3588096	----a-w-	C:\WINDOWS\Sysnative\win32kfull.sys
2016-02-28 16:14:35	B3DF06FB336015D10F8465CC1A757588	237056	----a-w-	C:\WINDOWS\Sysnative\NetworkDesktopSettings.dll
2016-02-28 16:14:35	4755CB0DFC71A5E7BED76F06AF4FB043	1824880	----a-w-	C:\WINDOWS\Sysnative\ntdll.dll
2016-02-28 16:14:32	DA61908DEEA93778F734F7CACD56D374	784384	----a-w-	C:\WINDOWS\Sysnative\wuapi.dll
2016-02-28 16:14:32	A7BDBC49FF5872021DF41DA9A41E21E9	1602560	----a-w-	C:\WINDOWS\Sysnative\urlmon.dll
2016-02-28 16:14:32	1AA2F04762F406D278F01C987FAB64A1	141312	----a-w-	C:\WINDOWS\Sysnative\rasman.dll
2016-02-28 16:14:31	F656227BF2A48E6AE961D4F3CA72D6B4	950272	----a-w-	C:\WINDOWS\Sysnative\kerberos.dll
2016-02-28 16:14:31	82C3C86BC2C549DBC2EB9D9F25A927FA	147456	----a-w-	C:\WINDOWS\Sysnative\mtxoci.dll
2016-02-28 16:14:29	732E6047741D56DEB021EBC5874F5730	79360	----a-w-	C:\WINDOWS\Sysnative\rdpudd.dll
2016-02-28 16:14:29	5629C5C03B4AC4F775107871B81BD566	291840	----a-w-	C:\WINDOWS\Sysnative\microsoft-windows-system-events.dll
2016-02-28 16:14:28	961550B1BA8C3920992BDE9D4FCEE10F	366592	----a-w-	C:\WINDOWS\Sysnative\wuuhext.dll
2016-02-28 16:14:27	03995D643D7F17888FAB5D481EB61BE9	34816	----a-w-	C:\WINDOWS\Sysnative\ztrace_maps.dll
2016-02-28 16:14:26	52BF5D90F5A412B35AAD7F78F1AAD6E9	33280	----a-w-	C:\WINDOWS\Sysnative\wups2.dll
2016-02-28 16:14:25	EC0CC3AAD8D75D9A7A7FD890606662B8	771072	----a-w-	C:\WINDOWS\Sysnative\Chakradiag.dll
2016-02-28 16:14:25	796F2E05D1500D7005064AE84F0AE329	47616	----a-w-	C:\WINDOWS\Sysnative\wups.dll
2016-02-28 16:14:24	A117F0406DAA8ABDEF0E393E084DDA3E	88064	----a-w-	C:\WINDOWS\Sysnative\ngckeyenum.dll
2016-02-28 11:03:05	6FB144600FAE112D455DC5792091B42A	301728	------w-	C:\WINDOWS\Sysnative\MpSigStub.exe
====== C:\WINDOWS\Sysnative\drivers =====
2016-02-28 16:14:32	8E3F4C3A8EA2E787E6089618675501D0	143872	----a-w-	C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2016-02-27 17:53:24	2D5DC68D64757C1F4147E655F33B73DA	431382	----a-w-	C:\WINDOWS\Sysnative\drivers\vsconfig.xml
2016-02-26 17:49:23	F803473CD0E5D36D02EB58109F1294CD	62080	----a-w-	C:\WINDOWS\Sysnative\drivers\PSKMAD.sys
2016-02-26 17:47:37	AA0BA747EC0431EB104BB2FF6440DD66	173488	----a-w-	C:\WINDOWS\Sysnative\drivers\PSINAflt.sys
2016-02-26 17:47:37	65A7D90A0C1E8B972CB0C99A4C8DB6B1	146352	----a-w-	C:\WINDOWS\Sysnative\drivers\PSINProt.sys
2016-02-26 17:47:36	868F4F576974830118E1DDBF129511E2	117168	----a-w-	C:\WINDOWS\Sysnative\drivers\PSINReg.sys
2016-02-26 17:47:25	D8B1D430406F95B761D67C4AD1914D8F	133552	----a-w-	C:\WINDOWS\Sysnative\drivers\PSINProc.sys
2016-02-26 17:47:24	EA50EC24E63CB1011AB6D47A80804478	129456	----a-w-	C:\WINDOWS\Sysnative\drivers\PSINFile.sys
2016-02-26 17:47:24	C62E122E2D40C403CA1C7D2382319C1E	207280	----a-w-	C:\WINDOWS\Sysnative\drivers\PSINKNC.sys
2016-02-13 01:46:22	190FE0CE4D43AD8EED97AAA68827E2C6	461792	----a-w-	C:\WINDOWS\Sysnative\drivers\vsdatant.sys
2016-02-09 09:39:13	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-02-09 09:38:39	CFBC6C6D8A492697CABD1D353EE64933	25816	----a-w-	C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-02-09 09:38:39	42B3F5C9FBC9B3F0E0BA6B5D7FC8E849	109272	----a-w-	C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2016-02-09 09:38:39	08DECFCB9BA97786165A69AB1015BC30	64216	----a-w-	C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-02-09 09:25:15	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
====== C:\WINDOWS\Tasks ======
2016-03-01 16:31:23	5736BF24C9853ECC2F2D5E1AFFFC0997	434	---ha-w-	C:\WINDOWS\Tasks\{15EBE6BA-40FB-4221-859E-5802D30CC073}.job
2016-03-01 16:31:23	1C8D250DEB6238576ED5A29C29DCEF1A	3382	----a-w-	C:\WINDOWS\Sysnative\Tasks\{15EBE6BA-40FB-4221-859E-5802D30CC073}
2016-03-01 15:51:10	84C3223B103EE9410133E5F4D851DC17	4204	----a-w-	C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{1B7E5B5F-CF77-4BA8-8183-7102E23D66B7}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-02-27 18:07:50	--------	d-----w-	C:\Program Files\Common Files\AV
2016-02-24 17:09:09	--------	d-----w-	C:\Program Files\trend micro
2016-02-09 16:20:50	--------	d-----w-	C:\Program Files\Recuva
======= C:\PROGRA~2 =====
2016-03-06 13:51:36	--------	d-----w-	C:\PROGRA~2\COMMON~1\Memeo
2016-03-06 13:51:16	--------	d-----w-	C:\PROGRA~2\Memeo
2016-02-28 10:00:42	--------	d--h--w-	C:\PROGRA~2\Uninstall Information
2016-02-27 17:45:37	--------	d-----w-	C:\PROGRA~2\CheckPoint
2016-02-25 16:12:23	--------	d-----w-	C:\PROGRA~2\KeePass Password Safe
2016-02-25 15:10:16	--------	d-----w-	C:\PROGRA~2\ESET
2016-02-24 09:39:27	--------	d-----w-	C:\PROGRA~2\Google
2016-02-18 11:23:52	--------	d-----w-	C:\PROGRA~2\HP
2016-02-11 18:05:37	--------	d-----w-	C:\PROGRA~2\Microsoft SQL Server Compact Edition
======= C: =====
====== C:\Users\Hilaire\AppData\Roaming ======
2016-03-06 13:51:50	--------	d-----w-	C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\ServiceTest
2016-03-01 16:01:59	--------	d-----w-	C:\Users\Hilaire\AppData\Local\speech
2016-03-01 15:24:41	--------	d-----w-	C:\Users\Hilaire\AppData\Local\Diagnostics
2016-03-01 10:10:07	--------	d-----w-	C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles
2016-03-01 10:06:56	--------	d-----w-	C:\Users\Hilaire\AppData\Local\Temp
2016-02-29 17:15:54	--------	d-----w-	C:\Users\Hilaire\AppData\Local\LogMeIn Rescue Calling Card
2016-02-28 12:56:37	8AF124A660754CDCFC0CE1B90EBAF043	806344	----a-w-	C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2016-02-24 16:50:19	--------	d-----w-	C:\Users\Hilaire\AppData\Local\ElevatedDiagnostics
2016-02-24 09:39:27	--------	d-----w-	C:\Users\Hilaire\AppData\Local\Google
2016-02-18 11:44:16	--------	d-----w-	C:\Users\Hilaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations
2016-02-18 11:44:16	--------	d-----w-	C:\Users\Hilaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2016-02-18 11:20:55	--------	d-----w-	C:\Users\Hilaire\AppData\Local\HP
====== C:\Users\Hilaire ======
2016-03-08 13:36:07	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Hilaire\Downloads\RSITx64.exe
2016-03-06 13:51:46	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2016-02-27 18:53:04	--------	d-----w-	C:\WINDOWS\serviceprofiles\Localservice\winhttp
2016-02-27 17:53:05	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-02-27 17:45:19	--------	d-----w-	C:\ProgramData\CheckPoint
2016-02-26 17:48:39	--------	d-----w-	C:\ProgramData\panda_url_filtering
2016-02-26 17:46:58	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-02-18 11:25:44	--------	d-----w-	C:\ProgramData\Visan
2016-02-18 11:25:14	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-02-18 11:22:06	B68E18B11BEEA5D95FE8D9C889CC4B9C	57	----a-w-	C:\ProgramData\Ament.ini
2016-02-18 11:16:50	--------	d-----w-	C:\ProgramData\HP

====== C: exe-files ==
2016-03-08 13:36:43	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Hilaire.exe
2016-03-08 13:36:07	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Hilaire\Downloads\RSITx64.exe
2016-03-07 17:23:33	E4D26B91BBDC51ADF460F371323AECD1	8076992	----a-w-	C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2016-03-07 17:23:33	E4D26B91BBDC51ADF460F371323AECD1	8076992	----a-w-	C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\OneDriveSetup.exe
2016-03-07 17:23:09	092405FB2D6BC20668BEA02647FE2393	164040	----a-w-	C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe
2016-03-07 17:23:06	1E9D2587344160BB2AF16C503F062868	171712	----a-w-	C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe
2016-03-06 15:38:32	8104A6A03D9DFA42A5CCDFA93E38CBE2	74019224	----a-w-	C:\Users\Hilaire\AppData\Roaming\DropboxOEM\download\5k5zes3s.sdb\DropboxFull_3.14.7.exe
2016-03-06 13:52:18	2800A5DC4150FFE342B414C98084B980	124532	----a-w-	C:\Program Files (x86)\Memeo\AutoSync\uninstall.exe
2016-03-06 13:51:46	5DC26E4555BF501262D442C5789EA2D9	154511	----a-w-	C:\Program Files (x86)\Memeo\AutoBackup\uninstall.exe
=== C: other files ==
2016-03-07 17:23:05	8CF4163521FDB8E53482003C7EFA7121	5850	----a-w-	C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\CollectOneDriveLogs.bat
2016-03-07 15:29:54	1251109F551FCD387A3B88FC25CE950B	213232	----a-w-	C:\ProgramData\Hewlett-Packard\HP Active Health\History\Compressed\WindowsEvents_1457364594.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO"

[HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
"Uninstall C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"isa"="C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe"
"PowerDVD14Agent"="C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray"
"ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
"Uninstall C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Hilaire\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtServer"="C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [10/02/2016 18:16]
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/02/2016 18:16]
C:\WINDOWS\tasks\HPCeeScheduleForHilaire.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [16/06/2015 09:51]
C:\WINDOWS\tasks\{15EBE6BA-40FB-4221-859E-5802D30CC073}.job --ah------- C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [22/11/2015 06:32]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{1B7E5B5F-CF77-4BA8-8183-7102E23D66B7}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{15EBE6BA-40FB-4221-859E-5802D30CC073}" [C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hilaire\AppData\Roaming\Mozilla\Firefox\Profiles\n2g1j2ww.default
- Panda Security Toolbar - %ProfilePath%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Hilaire\AppData\Roaming\Mozilla\Firefox\Profiles\n2g1j2ww.default
B5CFBB8AC7C0069D80DBEAA72F3CE9E2	- C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll -	Shockwave for Director / Shockwave for Director
0216FCE16072CCFD7A060603CD730CB5	- C:\Users\Hilaire\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll -	RocketLife Secure Plug-In Layer


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== C:\zoek_backup content ======================

C:\zoek_backup (files=
==== EOF on wo 09/03/2016 at 10:00:01,66 ======================