Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Patric on vr 15/04/2016 at 9:53:34,65. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJYYMBR0\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 15/04/2016 9:56:38 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Lenovo deleted successfully C:\Users\Patric\AppData\Roaming\13103 deleted successfully C:\Users\Patric\AppData\Roaming\17495 deleted successfully C:\Users\Patric\AppData\Local\Lenovo deleted successfully C:\Users\Patric\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 64 Bit HP CIO Components Installer Adobe Acrobat Reader DC - Nederlands Adobe Flash Player 11 Plugin Adobe Flash Player 21 ActiveX Adobe Refresh Manager ASUS Power4Gear Hybrid AVG AVG 2016 AVG Protection Belgium e-ID middleware 4.0.7 (build 7466) Bluetooth Stack for Windows by Toshiba CCleaner CDBurnerXP Conexant Polaris Unused CIR Function Dassault Systemes Software Prerequisites x86-x64 Dassault Systemes Software VC9 Prerequisites x86-x64 ETDWare PS/2-x64 7.0.5.9_WHQL Fast Boot ffdshow v1.2.4422 [2012-04-09] FMW 1 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Haali Media Splitter HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP Officejet 4500 G510n-z HP Smart Web Printing 4.60 HP Solution Center 13.0 ImgBurn Intel(R) Turbo Boost Technology Monitor Java 8 Update 77 Java Auto Updater Malwarebytes Anti-Malware versie 2.1.8.1057 Metric Collection SDK 35 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Application Error Reporting Microsoft Office Enterprise 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft OneDrive Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft_VC100_CRT_SP1_x64 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86_x64 MSVC80_x64_v2 MSVC90_x64 Nero Update Network64 Nitro PDF Reader NVIDIA-configuratiescherm 268.83 NVIDIA Grafisch stuurprogramma 268.83 NVIDIA Install Application NVIDIA Optimus 1.0.23 NVIDIA Update Components OCR Software by I.R.I.S. 13.0 Opera Stable 35.0.2066.92 Paint.NET v3.5.11 PowerISO Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4.5.2 (KB3122656) Security Update for Microsoft .NET Framework 4.5.2 (KB3127229) Security Update for Microsoft .NET Framework 4.5.2 (KB3135996) Shop for HP Supplies Skype Click to Call SkypeT 7.21 SRS Premium Sound Control Panel Startup Delayer v3.0 (build 363) Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) supra IPCam Temp File Cleaner Video Grabber Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Windows-stuurprogrammapakket - Nokia Modem (02/25/2011 4.7) Windows-stuurprogrammapakket - Nokia Modem (02/25/2011 7.01.0.9) Windows-stuurprogrammapakket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Windows 7 USB/DVD Download Tool Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Language Selector Windows Live MIME IFilter Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Mobile Apparaatcentrum Windows Phone app for desktop WinRAR archiver ==== Running Processes ====================== C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\Av\avgidsagent.exe C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\AVG\Av\avgui.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJYYMBR0\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("yahoo.ytff.general.dontshowhpoffer", true); ---- FireFox user.js and prefs.js backups ---- prefs_20161504_1015_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Lenovo not found C:\Users\Patric\AppData\Local\Lenovo not found C:\Users\Patric\AppData\Local\CodecPerformer deleted C:\Users\Patric\AppData\Local\MatroskaSplitter deleted C:\Users\Patric\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\{379B8DEC-7302-4D17-B3E0-9AE327602CF2} deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Patric\Desktop\Facebook.lnk deleted C:\Users\Patric\AppData\Roaming\SUPRAUpdatePaket.exe deleted C:\Users\Patric\AdwCleaner.exe deleted "C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default\yahooToolbarSettings" deleted "C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted ==== Registry Search Results for "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner] "CLSID"="{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\PROTOCOLS\Handler\linkscanner] "CLSID"="{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3886 MB CPU Info: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz CPU Speed: 2234,5 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | NVIDIA GeForce GT 325M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Atheros AR9285 Wireless Network Adapter CD / DVD Drives: 2x (E: | F: | ) E: HL-DT-STDVDRAM GT30N | F: Ports: COM6 | COM7 | COM10 | COM11 | COM12 | COM13 | COM14 | COM20 | COM21 | COM22 | COM40 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 116,4GB | D: 334,7GB Hard Disks - Free: C: 21,9GB | D: 290,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 06/15/09 | _ASUS_ - 6222004 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer INC. N61Jv Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE} Default Browser: Opera Internet Browser 35.0.2066.92 Internet Explorer Version: 11.0.9600.18282 Mozilla Firefox version: 32.0.3 (x86 en-US) Opera Browser version: 35.0.2066.92 Google Chrome version: 49.0.2623.112 Adobe Reader version: 15.10.20056.167417 Sun Java version: 1.8.0_77 (32-bit) Sun Java version: 1.8.0_77 (64-bit) Flash Player version: 11.8.800.94 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Patric\AppData\Local\Temp ==== 2016-04-10 04:33:32 F2CEB7D5DB17762405ABD5CC739E985F 46964352 ----a-w- C:\Users\Patric\AppData\Local\Temp\SkypeSetup.exe ====== Java Cache ===== 2016-03-25 17:08:57 4F85459CEC4F78A3987FFFD5B6A816C5 605 ----a-w- C:\Users\Patric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-5accf209 2016-03-25 17:08:57 6ACCDD15096E75C302F397A8660D5A3C 428 ----a-w- C:\Users\Patric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-78e96a5ccf5c5b6a29dcdffe1d16c989d010904d54059e7b28aad8dacf6a56c9-6.0.lap 2016-03-25 17:08:57 C9588417B10E1D770E3E5DA1F3510AE5 8425 ----a-w- C:\Users\Patric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-55c6a684 2016-03-25 17:09:08 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Patric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-4c0c1277 ====== C:\Windows\SysWOW64 ===== 2016-04-13 17:06:24 C86AFCDD4584CFDF7B57335FEC7546E4 111616 ----a-w- C:\Windows\SysWOW64\mtxoci.dll 2016-04-13 17:06:24 936AF75B1A7A663C24F999029A84142C 176128 ----a-w- C:\Windows\SysWOW64\msorcl32.dll 2016-04-13 17:06:09 E1DEB2313E5527B721514570756A33C8 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-04-13 17:06:09 E08CCC70F5520717E764A966A7BA22EF 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-04-13 17:06:09 B49EBDC69A49D67A3F20C583DDC7BF5D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-04-13 17:06:09 55E69CE386E20BE89CB62FD5A205D5A1 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll 2016-04-13 17:06:09 4949ACC87CA50A42863676CEA35147EA 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-04-13 17:06:08 E90EF76CB74E7AECB0355AF44B6B1B78 346320 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-04-13 17:06:08 DDD0F1861689EC17F8CA0CD8E46B8D5A 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-04-13 17:06:08 8C99981E6B4209ABC8BCF887BDEBCE53 20352512 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-04-13 17:06:08 7A24C77D85DE57C80D300A2F241F1721 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-04-13 17:06:08 79E4D96CCB1E68A3CE18B6E8E3F3B705 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-04-13 17:06:08 340F204F636FB15D8C52DC1FFBD88F51 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-04-13 17:06:08 28009063B84E8F9C8479D34AD32BF7D2 693248 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-04-13 17:06:08 145A62FF0E34A8DC81DC45954EBD7EE9 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-04-13 17:06:07 65BC52D21BBCED6B6538378E11439850 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-04-13 17:06:06 E34AB80B40980408CE370070512AB6AB 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-04-13 17:06:06 C0C84BA8E2C98159BC0847BE36B05D47 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-04-13 17:06:06 B68217807ABBCA26B08D33E7315F4566 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-04-13 17:06:06 96537B3B2E17273D4B4DB5A061B5D07B 2056192 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-04-13 17:06:06 49E51E0E5A6BF6B893017578CEB42B2D 2285056 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-04-13 17:06:06 2CBA7EBF49FF867C7F116BF66C0049BF 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-04-13 17:06:06 2AEBB3308B4AACDC0BB548EF5560AACF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-04-13 17:06:05 A0701B16086577DD3D592AE7D28EFAB6 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-04-13 17:06:05 795F250FBBC41FC616557767E4FD63EF 13811712 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-04-13 17:06:05 720DCF5A80B0D37865CBB58333961335 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-04-13 17:06:03 CBDA03CEE7784F2A3D3C3E197B5C3784 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-04-13 17:06:03 9A94A96401F9E8D777145C4A10E2F068 4611072 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-04-13 17:06:03 3E816997AA0924BE8C1F957BB0B6A2AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-04-13 17:06:03 39E2397EE90CBC724567B9E6906E1AFC 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-04-13 17:06:02 EE3825FFE3F31B7FCB7B4A284197361B 2121216 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-04-13 17:06:02 7C06F83E73201DE87B471917E8C9BCBD 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-04-13 17:06:02 26597D00E5A4A022D5D4C4459967BF30 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-04-13 17:05:26 D25FCA441C69C3E6E78DE1BBCBF97BBC 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2016-04-13 17:05:26 8007E4C5C9B40FB30F816F6E74284DF1 1240576 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2016-04-13 17:05:21 F1CA4530A435A6741346A1ECF3FE10E9 3943144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-04-13 17:05:21 E518B37F8C82A4320732352E4DA9BF41 1414144 ----a-w- C:\Windows\SysWOW64\ole32.dll 2016-04-13 17:05:21 5C47821CC760ED48EA66A28465BD35E4 3998952 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-04-13 17:05:19 F7DF39F60CCB70AD4551BAC41C18ACA1 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2016-04-13 17:05:19 E8618EF4CB8D38462D4D8A4ED7DA9850 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2016-04-13 17:05:19 C8AE40931A2AC87E30E05C75E4A61796 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2016-04-13 17:05:19 B782F44A047D0D9459F0078A98AA8542 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2016-04-13 17:05:19 B52C499A81A73E8F74938ACA42734331 275456 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2016-04-13 17:05:19 AAF65CD3A15EF6ECB0F4EF32F0D461B8 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2016-04-13 17:05:19 A3ECF0CFA0BFE509A77F0514885EA608 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll 2016-04-13 17:05:19 9F55E7A647A793A4D8C89A32B9543799 644096 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2016-04-13 17:05:19 972332B4F1AC8EF3A42AE45BF65D3B60 141312 ----a-w- C:\Windows\SysWOW64\rpchttp.dll 2016-04-13 17:05:19 8DCFB284FC896E2F6F02134298A8F1E1 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-04-13 17:05:19 88B9000A87883C908F927AF5036B8309 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2016-04-13 17:05:19 6B69810EDAEBBC68B205F5BBFD625E84 553984 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2016-04-13 17:05:19 6B0E139FEF3B7C0061983C1502AE0CA3 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2016-04-13 17:05:19 47B6BE9CDF6888B7F9FDC5B2DB41B107 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2016-04-13 17:05:19 40A0F37C85DFA5D6E963FFD496439661 1314112 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2016-04-13 17:05:19 405B50ED43C2D73B32056168494DEA24 666112 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2016-04-13 17:05:19 361F32EEFC326C7D34CD2CCF05C469FC 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2016-04-13 17:05:19 28B998D3ACC5AF930B78A982B4698CB8 260608 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2016-04-13 17:05:19 2610C8EF506344326F7250691093A3B9 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll 2016-04-13 17:05:19 2347F9D5227F8751527C0AA0CDBA7375 342528 ----a-w- C:\Windows\SysWOW64\certcli.dll 2016-04-13 17:05:19 19E838D8DD2CB5576707259C8281EA78 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2016-04-13 17:05:19 002E17D37479281C5D241A189F973C5F 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2016-04-13 17:05:18 F5042159B95FD2748F55D89E08A89B48 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2016-04-13 17:05:18 BCF50CD5076E765200740A97FCB4D74F 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-04-13 17:05:18 866254892512D27510475080EEC15748 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-04-13 17:05:18 6DB3EFE1174B79571A28355A732B3337 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-04-13 17:05:18 4DD90351DB68847F9048133E45004B2F 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2016-04-13 17:05:18 38958A47AEE19E4CD89A0850640217C3 690688 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2016-04-13 17:05:18 1FCAFC14E7B1BA3569DD1E483E486998 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2016-04-13 17:05:04 C2E392F3CE66FE21ADB7CA1158790BAA 15360 ----a-w- C:\Windows\SysWOW64\tbs.dll 2016-04-13 17:04:55 795F356F6027FCA3FD4AD5F3CCD904B7 60416 ----a-w- C:\Windows\SysWOW64\samlib.dll 2016-04-13 17:04:51 386E748E484BA802FCCBF00FC90729C4 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-04-13 17:06:25 A575C471CCFC7CBF32F446FA305E7341 156672 ----a-w- C:\Windows\Sysnative\mtxoci.dll 2016-04-13 17:06:09 F734019D02F9BA24764F5D98E31B100D 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-04-13 17:06:09 9AB123A730E48BBEB355FDFF8A940605 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-04-13 17:06:09 5A5C52E1349D8DFFB24C23715C2235DC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-04-13 17:06:08 6A80D021EBD77CFEF88836E796C3EF05 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-04-13 17:06:08 5E3FC3737471E4F9C4836EBC7F8DFFFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-04-13 17:06:08 1FD2417B253AAF8D3E73A5B3F5660253 107520 ----a-w- C:\Windows\Sysnative\inseng.dll 2016-04-13 17:06:08 04AA1E7E50F9769EC7839EB76E7BA9F5 725504 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-04-13 17:06:06 D664D27231EC3E73A2D36811508539D3 394952 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-04-13 17:06:06 6526575EEFF97F225F64D80633B555A3 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-04-13 17:06:06 5938B49B3D83028409AC08F5979D793D 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-04-13 17:06:06 43DD53A9F55C8FA28E78E7FEE177EE09 1547264 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-04-13 17:06:05 DC3C6F43A83BC90A1AC77E7369A24971 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-04-13 17:06:05 876DCA7F8F58E6F5F9CA0BD2C09AF134 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-04-13 17:06:05 2B1E9C2199882E0C3BB598DBA0FC421C 806400 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-04-13 17:06:04 CD397ADCD899BF08450D9EDDAC873232 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-04-13 17:06:04 873DFCA620963C330BC8E3E37B972A96 2131968 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-04-13 17:06:04 855B804B5CC55D371DD34614B0A1831A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-04-13 17:06:03 4E58493C10022CC28C99D7E4ABAD74EC 571904 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-04-13 17:06:03 3E0CD58E1F313D3BBF58CCE38D4955DA 2892800 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-04-13 17:06:02 903C5D4331CF4B0BEB3A778B0EF7C7D4 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-04-13 17:06:01 A633F1A4D75A8435C62A77ED741D2329 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-04-13 17:06:01 6597570F5E74FB9B1474741678AF0003 15415808 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-04-13 17:06:01 10BDB7F57DEE499D54F94F1ED261E5FF 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-04-13 17:06:00 EEE42684C753083B01D3F72FA252B88C 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-04-13 17:06:00 8FC9C6E4F1CE587C735A06F0CFFEE619 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-04-13 17:06:00 8975E4521C293E751031B6EFCAA6E17A 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-04-13 17:06:00 7D8316FE73C06E03A308BA0BFACC189F 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-04-13 17:06:00 726A9338C34B1598422609822FE4E58A 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-04-13 17:06:00 40FA30AE9CAEC38F3E753A934BE66AFD 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-04-13 17:05:59 D2E3B1DEDF6F6177D8C32B2516703A93 2596864 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-04-13 17:05:59 97BC9545A72A88E6B952301AF5D22316 6052352 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-04-13 17:05:59 0DB95DBB77C611BEE1A476977A3B3DE3 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-04-13 17:05:58 E5390387D51FDA7CF4FB5F1C3C8E1049 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-04-13 17:05:58 472E445AB61201546ABCFF7220DCA4C5 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-04-13 17:05:58 31C8C489E5C51A72B52CC0F0B292FB3B 25817600 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-04-13 17:05:28 622C96AFB07BB82C8650B47172137AC4 511488 ----a-w- C:\Windows\Sysnative\rpcss.dll 2016-04-13 17:05:26 F8A05F48B79CB5C087F089BA6C0659FB 1885696 ----a-w- C:\Windows\Sysnative\msxml3.dll 2016-04-13 17:05:26 D303AC584429678DB27DEBD4282CA1DF 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2016-04-13 17:05:21 ADFFC3B4418247A562E8727C66DE4428 5551336 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2016-04-13 17:05:21 7BE74B8A4BA6D27137E5557229EB83E3 631176 ----a-w- C:\Windows\Sysnative\winresume.efi 2016-04-13 17:05:21 6FCB62DDF2575ADFFD577A6648B25377 1464320 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2016-04-13 17:05:21 10F466EF4048CA32CAF98FE4A3A16982 2084864 ----a-w- C:\Windows\Sysnative\ole32.dll 2016-04-13 17:05:20 7AE8440A7C8B7E7078EE2654DDB8D21F 1732864 ----a-w- C:\Windows\Sysnative\ntdll.dll 2016-04-13 17:05:19 EF34A098DD383766689A2F21BA2A990E 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2016-04-13 17:05:19 CB7E479501BC4C55328D242D41C1D074 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2016-04-13 17:05:19 C9F6BB175A7392A851FD86F2A3359088 463872 ----a-w- C:\Windows\Sysnative\certcli.dll 2016-04-13 17:05:19 C47B6624AF9AEE4146743DCB133A159D 34816 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2016-04-13 17:05:19 BEEC56A8B8B5707B0E7139C6D9D57217 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2016-04-13 17:05:19 BEAD4B03B375B8F02C8C205E25A7CF0A 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2016-04-13 17:05:19 B46D03BABD31B23E6FCB226CB22D4D6B 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2016-04-13 17:05:19 B3A62D12B93A49189EA8CE51D186FC61 880640 ----a-w- C:\Windows\Sysnative\advapi32.dll 2016-04-13 17:05:19 AE9981D722DA386FBDDC78BEE6E41E56 419840 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2016-04-13 17:05:19 9D8F5EBE48750AF80C5EB5542BEC448B 59904 ----a-w- C:\Windows\Sysnative\appidapi.dll 2016-04-13 17:05:19 9C73710485E2E1540D869BDB8A8A68CA 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2016-04-13 17:05:19 97C1D81250E9E73F7FC8568EF622017A 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2016-04-13 17:05:19 841BF993597DCD498247684B5D3AE845 215552 ----a-w- C:\Windows\Sysnative\winsrv.dll 2016-04-13 17:05:19 81AA2961530A4F036046CC627B4A90BC 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2016-04-13 17:05:19 811D9D4242A3E53D6DA86A400CCD63D0 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2016-04-13 17:05:19 7F9ADD80DE0B27B5EF2ACA7B19EAA3E5 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2016-04-13 17:05:19 7BBBB5DE05EFEEF2E45A48F9A943B6B0 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2016-04-13 17:05:19 77372D87A1A5E170C366E436990C6CB5 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2016-04-13 17:05:19 7407A5C092DAD554A3FC768B9859A847 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll 2016-04-13 17:05:19 682586CACD78EF53EF7301B4180EB595 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2016-04-13 17:05:19 626BE7CD27F44185AA4DCD3603830312 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2016-04-13 17:05:19 6199722CB619A0887BE81F16A4474538 190464 ----a-w- C:\Windows\Sysnative\rpchttp.dll 2016-04-13 17:05:19 59738954027D75A282D82680C8AFBC54 148480 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe 2016-04-13 17:05:19 593BC0F0D33A1905B5DC37FA756EB2BA 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2016-04-13 17:05:19 5817A07A72436A5658E48BF98A91137D 706280 ----a-w- C:\Windows\Sysnative\winload.efi 2016-04-13 17:05:19 54D7B147EB4E7691AA5A2FA110A38363 1212928 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2016-04-13 17:05:19 4F374ED543FC9F3BB17EC6A7C8DF39A1 344064 ----a-w- C:\Windows\Sysnative\schannel.dll 2016-04-13 17:05:19 487D19B284DAFCBAE811AE785CC8B603 731136 ----a-w- C:\Windows\Sysnative\kerberos.dll 2016-04-13 17:05:19 3D6AE177FAF7E3296251DDB05773618E 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2016-04-13 17:05:19 3B44D778B4719B1D5650FC6B1D90AA19 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2016-04-13 17:05:19 3B38C2EDA0D4854ED0E72BA3CBE8D72E 316416 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2016-04-13 17:05:19 3A2DF0CC19D68C60F434DA02E1ED01B3 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2016-04-13 17:05:19 2D99A0ECE8475367798F1313197C933D 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2016-04-13 17:05:19 1F8F134C7350EF16C79E1C42005BCDE9 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2016-04-13 17:05:19 0E4019A26AE3DB40461B5AA0C3AD6A68 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2016-04-13 17:05:19 0CBD4E2DBBADABB79BFB8289E6E6227F 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2016-04-13 17:05:18 DB651F0E6AC20C42348A9F0E8E7C42D5 690688 ----a-w- C:\Windows\Sysnative\adtschema.dll 2016-04-13 17:05:18 800AA696A0A773C039D1568F5828EFDE 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2016-04-13 17:05:18 6A019F8581D13BC1637DF9F2C92849DB 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2016-04-13 17:05:18 3D347AF86D2FDDEC5F30844537C355D1 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2016-04-13 17:05:08 1D0A5FF3C7C7EA7480429D16D38B60EA 3216896 ----a-w- C:\Windows\Sysnative\win32k.sys 2016-04-13 17:05:04 D99F8968C0C5CAD46A6B93A1FA6738B2 109568 ----a-w- C:\Windows\Sysnative\fveapibase.dll 2016-04-13 17:05:04 D1035B8EFC83165612F7AAB1816A81B4 451080 ----a-w- C:\Windows\Sysnative\fveapi.dll 2016-04-13 17:05:04 8F39E301AD8B219DADF83BD7DBE9842E 20480 ----a-w- C:\Windows\Sysnative\tbs.dll 2016-04-13 17:04:57 9AD833027AF42AEFCA1FE6CD64F31B22 38120 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2016-04-13 17:04:57 9282C7B69C15B072A9D9F9EDE0AA9C40 1169408 ----a-w- C:\Windows\Sysnative\aeinv.dll 2016-04-13 17:04:57 6E613496CC7CFAD37FA3D1EA86229A26 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll 2016-04-13 17:04:57 4AAF4B88EDABA4CA3ACA82C1A248A3F4 279040 ----a-w- C:\Windows\Sysnative\invagent.dll 2016-04-13 17:04:57 453EEF8F903DE266D9CB16313B5FA796 215040 ----a-w- C:\Windows\Sysnative\aepic.dll 2016-04-13 17:04:57 2A0822070B416170A690D5E061194907 698368 ----a-w- C:\Windows\Sysnative\generaltel.dll 2016-04-13 17:04:57 2816C405CD465CB1D3559D017284FD31 1386496 ----a-w- C:\Windows\Sysnative\appraiser.dll 2016-04-13 17:04:57 24AAC7624C0114C5DAC7DA794D38E18A 499200 ----a-w- C:\Windows\Sysnative\devinv.dll 2016-04-13 17:04:55 C91E969FDEB819E63E7D6BECF5A8B8D0 106496 ----a-w- C:\Windows\Sysnative\samlib.dll 2016-04-13 17:04:55 48AF282E07C70E053D4E3EE2C732AD0D 760320 ----a-w- C:\Windows\Sysnative\samsrv.dll 2016-04-13 17:04:51 83250E0CE090E705B826C17F3345C758 2048 ----a-w- C:\Windows\Sysnative\tzres.dll ====== C:\Windows\Sysnative\drivers ===== 2016-04-13 17:05:19 FB4397DDCC732DB6A7B33B747C7EB708 154344 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-04-13 17:05:19 B6C2FA7F5E5BC1A488A57C6344D29D64 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-04-13 17:05:19 ACEC16415275E1AD6F7983EF472810E3 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-04-13 17:05:19 A9FB80B0BBA6F765F4E691B7AD4963A7 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-04-13 17:05:19 1D4B7972375052F5B7877A6FD9BE33A0 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-04-13 17:05:19 0F276F2F2018296FABC7BD2BCCAAB40B 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-04-13 17:05:09 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows\Sysnative\drivers\disk.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-04-10 04:46:49 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2016-03-25 17:07:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Patric\AppData\Roaming ====== ====== C:\Users\Patric ====== 2016-03-19 11:30:54 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Downloads ====== C: exe-files == 2016-04-15 06:40:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\ZJYYMBR0\RSITx64.exe 2016-04-15 06:40:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJYYMBR0\RSITx64.exe 2016-04-13 17:06:09 5A5C52E1349D8DFFB24C23715C2235DC 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2016-04-13 17:06:08 4220C16D79E0386F9C684EEF5586699B 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2016-04-13 17:06:08 04AA1E7E50F9769EC7839EB76E7BA9F5 725504 ----a-w- C:\Windows\System32\ie4uinit.exe 2016-04-13 17:06:06 A00F16DFE1661B5BC5A2AFF02ED7BB78 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2016-04-13 17:06:06 3A3666314CA3CAB290DCD6C0445DDB12 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2016-04-13 17:06:06 0D509AB88C513DE28EF46B434AD3B1AA 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2016-04-13 17:06:05 876DCA7F8F58E6F5F9CA0BD2C09AF134 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-04-13 17:06:04 239E4651A281DBAA5B5CA3658D94AB78 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2016-04-13 17:06:03 B719287E7679AC28F5847197949D325B 814280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2016-04-13 17:06:03 3E816997AA0924BE8C1F957BB0B6A2AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-04-13 17:06:00 8975E4521C293E751031B6EFCAA6E17A 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2016-04-13 17:05:21 F1CA4530A435A6741346A1ECF3FE10E9 3943144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-04-13 17:05:21 ADFFC3B4418247A562E8727C66DE4428 5551336 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-04-13 17:05:21 5C47821CC760ED48EA66A28465BD35E4 3998952 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-04-13 17:05:19 BEEC56A8B8B5707B0E7139C6D9D57217 296960 ----a-w- C:\Windows\System32\rstrui.exe 2016-04-13 17:05:19 8DCFB284FC896E2F6F02134298A8F1E1 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-04-13 17:05:19 682586CACD78EF53EF7301B4180EB595 112640 ----a-w- C:\Windows\System32\smss.exe 2016-04-13 17:05:19 626BE7CD27F44185AA4DCD3603830312 30720 ----a-w- C:\Windows\System32\lsass.exe 2016-04-13 17:05:19 59738954027D75A282D82680C8AFBC54 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe 2016-04-13 17:05:19 3D6AE177FAF7E3296251DDB05773618E 338432 ----a-w- C:\Windows\System32\conhost.exe 2016-04-13 17:05:19 1F8F134C7350EF16C79E1C42005BCDE9 64000 ----a-w- C:\Windows\System32\auditpol.exe 2016-04-13 17:05:19 0E4019A26AE3DB40461B5AA0C3AD6A68 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe 2016-04-13 17:05:18 BCF50CD5076E765200740A97FCB4D74F 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-04-13 17:05:18 866254892512D27510475080EEC15748 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-04-13 17:05:18 6DB3EFE1174B79571A28355A732B3337 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-04-13 17:04:57 9AD833027AF42AEFCA1FE6CD64F31B22 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2016-04-13 17:04:51 2D98A2C9EC46ADE57B04DE54672DB205 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe 2016-04-13 15:34:50 F71E0250F483B6BDBE886D0C7BAD7A3C 78608 ----a-w- C:\ProgramData\Avg\Setup\av\avguirux.exe 2016-04-13 15:34:50 107C9276E9553D5E54F01B32AE53EB0A 6069152 ----a-w- C:\ProgramData\Avg\Setup\av\avgmfapx.exe 2016-04-12 04:43:55 55BEEABD97E0D556E08A463A58FC17FF 2547800 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.112\49.0.2623.112_49.0.2623.110_chrome_updater.exe 2016-04-10 04:33:32 F2CEB7D5DB17762405ABD5CC739E985F 46964352 ----a-w- C:\Users\Patric\AppData\Local\Temp\SkypeSetup.exe === C: other files == 2016-04-13 17:05:19 FB4397DDCC732DB6A7B33B747C7EB708 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-04-13 17:05:19 B6C2FA7F5E5BC1A488A57C6344D29D64 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-04-13 17:05:19 ACEC16415275E1AD6F7983EF472810E3 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-04-13 17:05:19 A9FB80B0BBA6F765F4E691B7AD4963A7 62464 ----a-w- C:\Windows\System32\drivers\appid.sys 2016-04-13 17:05:19 1D4B7972375052F5B7877A6FD9BE33A0 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-04-13 17:05:19 0F276F2F2018296FABC7BD2BCCAAB40B 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-04-13 17:05:09 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows\System32\drivers\disk.sys 2016-04-13 17:05:08 1D0A5FF3C7C7EA7480429D16D38B60EA 3216896 ----a-w- C:\Windows\System32\win32k.sys ==== Orphaned Tasks deleted from Registry ====================== Opera N deleted Opera N Saturday deleted Opera N Sunday deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="C:\Windows\system32\igfxpers.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS WebStorage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ASUS WebStorage" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\SERVICE\\AsusWSService.exe MySyncFolder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ASUSWebStorage" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.143.296\\AsusWSPanel.exe /S" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NokiaSuite.exe" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OneDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OneDrive" "hkey"="HKCU" "command"="\"C:\\Users\\Patric\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PC Suite Tray" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Shareaza] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Shareaza" "hkey"="HKCU" "command"="\"C:\\Nieuwe map\\Shareaza.exe\" -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartupDelayer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartupDelayer" "hkey"="HKLM" "command"="\"C:\\Program Files\\r2 Studios\\Startup Delayer\\Startup Launcher.exe\" /LaunchType=Auto /LaunchApps=Common" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local\Microsoft] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\amd64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Patric\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6006.0718_1\\amd64" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Patric\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6006.0718_1\\amd64\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\Patric\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2010.0530_1\\amd64" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\Patric\\AppData\\Local\\Microsoft\\SkyDrive\\17.0.2010.0530_1\\amd64\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Mobile Device Center" "hkey"="HKLM" "command"="%windir%\\WindowsMobile\\wmdc.exe" ==== Startup Folders ====================== 2015-07-20 17:12:54 956 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk 2015-07-20 17:12:54 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk 2015-07-20 17:12:54 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2015-07-20 17:12:54 2855 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25/03/2016 19:29] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001Core.job --a------ C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/06/2014 20:37] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001UA.job --a------ C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/06/2014 20:37] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 06:18] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 06:18] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Patric-PC-Patric" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\ASPG" [C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\ESTsoft RunAsStdUser 5855965Task" [C:\Program Files (x86)\ESTsoft\ALPlayer\ALPlayer.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001Core" [C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001UA" [C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1442163301" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe] "C:\Windows\SysNative\tasks\{148E43DD-4B9E-4D11-B8C6-E86E90029A85}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{39E9723E-5FCC-471B-A350-3ECE90161BA6}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{3AA1AC30-AAA6-46EA-95E1-6BFF4DD771C0}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{5C090A88-8B66-4895-98DE-61A73F7654EF}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.6.0.105/nl/go/help.faq.installer?source=lightinstaller&LastError=1638] "C:\Windows\SysNative\tasks\{5EE79F61-D6C2-48CC-93A0-28390A9D0942}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{67DD4874-EE61-45DC-A840-F34403547F2A}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{743BE903-654D-4736-A3AB-50FBEA61037A}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.6.0.105/nl/go/help.faq.installer?source=lightinstaller&LastError=1638] "C:\Windows\SysNative\tasks\{8CA99AF4-368B-4CBE-8B28-21C8C686B9FD}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{A2F73286-AB33-4A4D-97CB-632F7CC82B31}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.6.0.105/nl/go/help.faq.installer?source=lightinstaller&LastError=1603] "C:\Windows\SysNative\tasks\{A4BE2926-9911-4576-9176-25D6608FC2D9}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.4.0.102.259/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{A6B02370-77DC-4CE1-A2A9-7D19AC7AEE27}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.6.0.105/nl/go/help.faq.installer?source=lightinstaller&LastError=1638] "C:\Windows\SysNative\tasks\{ADCE2085-5AA2-48A4-9529-C1F789790A7B}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{C0972821-6DB9-498E-B596-C16BA9058662}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.5.0.102.259/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{C7E51459-BAAD-4E43-8884-8956DF076AC9}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{DFA19178-1CA5-44F9-8C8D-223B8C4D27D7}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{E02FB80E-062D-4276-8925-205ABBA9AE68}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{FE0C7E35-DF88-44F4-9E98-F422195A3441}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.5.0.102.259/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64 35" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "SearchAlgo"); user_pref("browser.search.selectedEngine", "SearchAlgo"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [19/03/2016 13:23] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default - Firefox Synchronisation Extension - %ProfilePath%\extensions\synchronize@nokia.suite AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default 2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Patric\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 11:47] Google Wallet - Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: FancyStart daemon.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SRS Premium Sound.lnk = ? O8 - Extra context menu item: Download with &Shareaza - res://C:\Nieuwe map\RazaWebHook32.dll/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Patric\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJYYMBR0 will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\ZJYYMBR0 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Patric\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=28 folders=12 140327442 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Patric\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Patric\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJYYMBR0" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\ZJYYMBR0" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on vr 15/04/2016 at 10:34:16,10 ======================