Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Leo on za 28/05/2016 at 12:09:21,65. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Leo\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 28/05/2016 12:10:41 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AppInsights deleted successfully C:\PROGRA~2\GUM1D2.tmp deleted successfully C:\PROGRA~2\GUMFD81.tmp deleted successfully C:\PROGRA~2\IObit deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Nalpeiron deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Leo\AppData\Local\ActiveSync deleted successfully C:\Users\Leo\AppData\Local\CrashDumps deleted successfully C:\Users\Leo\AppData\Local\NetworkTiles deleted successfully C:\Users\Leo\AppData\Local\Unity deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent Adobe Bridge CC (64 Bit) Adobe Flash Player 21 NPAPI Adobe Photoshop CC 2015 Adobe Update Management Tool Alien Skin Exposure X AMD Install Manager AMD Settings - Branding AMD Settings avstreamtools_ia64fre avstreamtools_x64fre avstreamtools_x86fre BD Sizer 3.3.3.0 BETA Belgium e-ID middleware 4.1.16 (build 1723) biometrictools_x64fre biometrictools_x86fre bluetoothtools_ia64fre bluetoothtools_x64fre bluetoothtools_x86fre Catalyst Control Center InstallProxy Catalyst Control Center Next Localization BR Catalyst Control Center Next Localization CHS Catalyst Control Center Next Localization CHT Catalyst Control Center Next Localization CS Catalyst Control Center Next Localization DA Catalyst Control Center Next Localization DE Catalyst Control Center Next Localization EL Catalyst Control Center Next Localization ES Catalyst Control Center Next Localization FI Catalyst Control Center Next Localization FR Catalyst Control Center Next Localization HU Catalyst Control Center Next Localization IT Catalyst Control Center Next Localization JA Catalyst Control Center Next Localization KO Catalyst Control Center Next Localization NL Catalyst Control Center Next Localization NO Catalyst Control Center Next Localization PL Catalyst Control Center Next Localization RU Catalyst Control Center Next Localization SV Catalyst Control Center Next Localization TH Catalyst Control Center Next Localization TR CCleaner chkinftool_x86fre dfx_ia64fre dfx_x64fre dfx_x86fre drvtools_ia64fre drvtools_x64fre drvtools_x86fre Exact Audio Copy 1.1 Eye-One Match 3.6.2 FastStone Image Viewer 5.5 FileHippo App Manager Garmin BaseCamp Garmin USB Drivers generaltools_ia64fre generaltools_x64fre generaltools_x86fre Google Chrome Google Update Helper HP Customer Experience Enhancements HP Deskjet 2540 series Basissoftware van het apparaat HP Deskjet 2540 series Help HP Photo Creations HP Support Assistant HP Support Solutions Framework HP Update i1_driver_installer_utility_i1Match version 1.0 Imagenomic Portraiture 2 Plug-in (build 2342) imagingtools_ia64fre imagingtools_x64fre imagingtools_x86fre Intel(R) Chipset Device Software Intel(R) Management Engine Components Intel(R) ME UninstallLegacy Intel(R) Rapid Storage Technology Intel© Security Assist Intel© Trusted Connect Service Client Kaspersky Fraud Prevention for Endpoint Kaspersky Total Security Kits Configuration Installer LibreOffice 5.1.3.2 Malwarebytes Anti-Malware versie 2.2.1.1043 Microsoft .NET Framework 4.5.1 Multi-Targeting Pack Microsoft .NET Framework 4.6 SDK Microsoft .NET Framework 4.6 Targeting Pack Microsoft .NET Framework 4.6.1 Developer Pack Microsoft .NET Framework 4.6.1 SDK Microsoft .NET Framework 4.6.1 Targeting Pack Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) Microsoft Help Viewer 2.2 Microsoft Silverlight Microsoft SQL Server 2014 Management Objects Microsoft SQL Server 2014 Management Objects (x64) Microsoft SQL Server 2014 T-SQL Language Service Microsoft SQL Server 2014 Transact-SQL ScriptDom Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft System CLR Types for SQL Server 2014 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918 Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918 Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918 Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918 Microsoft Visual Studio 2015 Shell (Minimum) Interop Assemblies Microsoft Visual Studio 2015 Update 2 Diagnostic Tools - ENU Microsoft Visual Studio 2015 Update 2 Diagnostic Tools - x86 Microsoft VisualStudio JavaScript Project System modemtools Mozilla Firefox 46.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 45.1.0 (x86 nl) Neat Image v7.6.0 Pro plug-in for Photoshop (64-bit) Nik Collection ON1 Photo 10 OpenOffice 4.1.2 Perfect Exposure Plugin 1.0.1 Photo Supreme 3.2.0.2075 pnptools_ia64fre pnptools_x64fre pnptools_x86fre powermanagement_ia64fre powermanagement_x64fre powermanagement_x86fre printtools_ia64fre printtools_x64fre printtools_x86fre Productverbeteringsonderzoek voor HP Deskjet 2540 series readme Realtek Card Reader Realtek High Definition Audio Driver REALTEK Wireless LAN Driver Recuva RegiStax 6 RegiStax 6.1.0.8 update Revo Uninstaller Pro 3.1.6 Roslyn Language Services - x86 sdv setuptools_ia64fre setuptools_x64fre setuptools_x86fre Software voor Intel© Chipset-apparaten Speccy Spotify Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5) SumatraPDF SyncBackFree toolindex Topaz Adjust 5 Topaz B&W Effects Topaz Clarity Topaz Clean 3 Topaz DeJpeg 4 Topaz DeNoise 5 Topaz DeNoise 6 Topaz Detail 3 Topaz Fusion Express 2 Topaz InFocus Topaz Lens Effects Topaz ReMask 4 Topaz ReStyle Topaz Simplify 4 Topaz Star Effects tracingtool_ia64fre tracingtool_x64fre tracingtool_x86fre TypeScript Tools for Microsoft Visual Studio 2015 Unchecky v0.4.3 Universal CRT Redistributable Universal CRT Tools x64 Universal CRT Tools x86 Visual C++ IDE Debugger Package VLC media player Wacom-tablet wdftools_ia64fre wdftools_x64fre wdftools_x86fre WebTablet FB Plugin 32 bit WebTablet FB Plugin 64 bit Windows Phone SDK 8.0 Assemblies for Visual Studio 2015 WinRAR 5.21 (64-bit) wpdtools_ia64fre wpdtools_x64fre wpdtools_x86fre wsdtool_ia64fre wsdtool_x64fre wsdtool_x86fre ZXPInstaller ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\ksm.exe C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe C:\Program Files\Tablet\Wacom\WacomHost.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\smui.exe C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Program Files\Tablet\Wacom\WacomHost.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Users\Leo\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AppInsights not found C:\PROGRA~2\GUM1D2.tmp not found C:\PROGRA~2\GUMFD81.tmp not found C:\PROGRA~2\IObit not found C:\Users\Leo\.android deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Leo\AppData\LocalLow\Unity deleted C:\WINDOWS\Syswow64\SET1B3.tmp deleted C:\WINDOWS\Syswow64\SET1DD9.tmp deleted C:\WINDOWS\Syswow64\SET1DEA.tmp deleted C:\WINDOWS\Syswow64\SETE5B.tmp deleted C:\WINDOWS\Syswow64\SETFAA3.tmp deleted C:\WINDOWS\Syswow64\SETFBFD.tmp deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 12245 MB CPU Info: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz CPU Speed: 3651,1 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon R7 240 | AMD Radeon R7 240 Monitors: 1x; Dell 2209WA(Digital) | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller #2 | Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter | Microsoft Wi-Fi Direct Virtual Adapter #3 CD / DVD Drives: 2x (I: | J: | ) I: hp CDDVDW SH-216DB | J: Linux File-Stor Gadget Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 911,0GB | D: 18,2GB | Z: 356,0MB Hard Disks - Free: C: 204,0GB | D: 2,3GB | Z: 262,0MB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 2B36 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Default Browser: Firefox 46.0.1 Internet Explorer Version: 11.306.10586.0 Mozilla Firefox version: 46.0.1 (x86 en-US) Google Chrome version: 51.0.2704.63 Flash Player version: 21.0.0.213 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-05-11 10:25:02 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\Leo\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-05-20 12:33:17 9573E0B62C25859955A39A69CEC13263 83632 ----a-w- C:\WINDOWS\SysWOW64\SFCOM.dll 2016-05-20 12:33:17 0607FACB8484E48E9A0CCA7D4ADE24D0 341160 ----a-w- C:\WINDOWS\SysWOW64\SRCOM.dll 2016-05-19 09:29:58 7759062F8D99AC02E74698A3D3C6B5A4 4446208 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe 2016-05-19 09:29:57 A1BF908CDC678570A82884819E80D61A 561664 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll 2016-05-19 09:29:57 5B8739EC4AB7F11782BA507AD44C6529 746496 ----a-w- C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll 2016-05-19 09:29:57 3AB622B0CC4A3DBA0B24724AEE268A8F 6584320 ----a-w- C:\WINDOWS\SysWOW64\DXCaptureReplay.dll 2016-05-19 09:29:56 B615B2C475716395E92E33F70C9C2D0C 655360 ----a-w- C:\WINDOWS\SysWOW64\DXCap.exe 2016-05-19 09:29:56 8B5D3239A953DBF08AF34A06C7A558A7 135168 ----a-w- C:\WINDOWS\SysWOW64\DXToolsMonitor.dll 2016-05-19 09:29:56 8846AB4B10B70B6FD8C734312690C70A 108544 ----a-w- C:\WINDOWS\SysWOW64\DXToolsReporting.dll 2016-05-19 09:29:56 1DACC8E6BF756345CAAEBED57415B6EF 763904 ----a-w- C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll 2016-05-19 09:29:56 00662A5EFD490D472E3CD5FE2EF3832F 119808 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll 2016-05-18 15:07:18 FCC8AA40AB542F060699B447FDE1FB78 39936 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll 2016-05-18 15:07:18 E66232E0885B86D8640FC21D2A0661A7 60416 ----a-w- C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll 2016-05-18 15:07:18 DA614A3CC00EC92BDFB13623193388A9 4533760 ----a-w- C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe 2016-05-18 15:07:18 CB23319D77B9BAB914A99552FD177322 97280 ----a-w- C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll 2016-05-18 15:07:18 BBF7C6AAA4F6CBFE66FE34322ABE9379 60416 ----a-w- C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll 2016-05-18 15:07:18 669C2B91A3EEB8BF98ED942AF39CB216 1064960 ----a-w- C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll 2016-05-18 15:07:18 5CF4536BD0C16B0D5FC5CDDF12237541 265216 ----a-w- C:\WINDOWS\SysWOW64\perf_gputiming.dll 2016-05-18 15:07:18 44C7D56540018EEB5B8781CEB8F8872D 349184 ----a-w- C:\WINDOWS\SysWOW64\DXCpl.exe 2016-05-18 15:07:18 3FE2A9936A9B71860B3503BF084CD583 2470912 ----a-w- C:\WINDOWS\SysWOW64\d3d12warp.dll 2016-05-18 15:07:18 39D25CD572C0BE8D241F220F74C7ABBC 235520 ----a-w- C:\WINDOWS\SysWOW64\DXGIDebug.dll 2016-05-18 15:07:18 2B293ED739D2CCBD1855511C1836EE71 349696 ----a-w- C:\WINDOWS\SysWOW64\d2d1debug3.dll ====== C:\WINDOWS\SysWOW64\drivers ===== 2016-05-20 12:23:17 EF558A02D734A1403583E95CCEEC2487 27552 ----a-w- C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS ====== C:\WINDOWS\Sysnative ===== 2016-05-20 12:37:58 B4412B85754E8FF74C8CFC5DE9D35C22 82544 ----a-w- C:\WINDOWS\Sysnative\RtNicProp64.dll 2016-05-20 12:33:17 934E59423F97E82F9C57CAD6EB961EFF 1435152 ----a-w- C:\WINDOWS\Sysnative\SRRPTR64.dll 2016-05-20 12:33:17 83A7B6D6BD1035EA9B042C50EB89B649 532384 ----a-w- C:\WINDOWS\Sysnative\SRSTSX64.dll 2016-05-20 12:33:17 832D8C1DF40B2A044863875BA9D8C59A 1330072 ----a-w- C:\WINDOWS\Sysnative\slcnt64.dll 2016-05-20 12:33:17 773B92F1B1ABADF8C227DB61AF3FD70E 2894976 ----a-w- C:\WINDOWS\Sysnative\RTSnMg64.cpl 2016-05-20 12:33:17 5F35C84C7B703EA6BF3F02F71BFC989F 1022872 ----a-w- C:\WINDOWS\Sysnative\sl3apo64.dll 2016-05-20 12:33:17 4691D75F9C89D135C609727DD1E47827 258504 ----a-w- C:\WINDOWS\Sysnative\slprp64.dll 2016-05-20 12:33:17 3A98A66F7911A0684300A34B4036F993 1943624 ----a-w- C:\WINDOWS\Sysnative\sltech64.dll 2016-05-20 12:33:17 2FE3C0CF6BBA92B7A06C183C562716F3 221976 ----a-w- C:\WINDOWS\Sysnative\SRSTSH64.dll 2016-05-20 12:33:17 1CA6476BB4334267A772E1AC4003FAE4 166208 ----a-w- C:\WINDOWS\Sysnative\SRSWOW64.dll 2016-05-20 12:33:17 1334F3C65D003683A68818CFDAF9CFC1 467168 ----a-w- C:\WINDOWS\Sysnative\SRAPO64.dll 2016-05-20 12:33:17 0607FACB8484E48E9A0CCA7D4ADE24D0 341160 ----a-w- C:\WINDOWS\Sysnative\SRCOM.dll 2016-05-20 12:33:17 004FA3D119140B703BFFAC38A49685AC 209536 ----a-w- C:\WINDOWS\Sysnative\SRSHP64.dll 2016-05-20 12:33:16 ED01F1E32F1FF167271940C2D3F6420B 214840 ----a-w- C:\WINDOWS\Sysnative\RTEED64A.dll 2016-05-20 12:33:16 BC4230CB39DF74D609BEBB3EF4F82794 689888 ----a-w- C:\WINDOWS\Sysnative\RtDataProc64.dll 2016-05-20 12:33:16 8982D2785275BB0D72B273AA4E7E4D87 387320 ----a-w- C:\WINDOWS\Sysnative\RTEEP64A.dll 2016-05-20 12:33:16 79F1F90EA9AF06C357D8937E36C81E81 2049664 ----a-w- C:\WINDOWS\Sysnative\RCoInstII64.dll 2016-05-20 12:33:16 70333104007413D08A3D50F829078408 88352 ----a-w- C:\WINDOWS\Sysnative\RTEEG64A.dll 2016-05-20 12:33:16 6BDA194E45325D8718223DB9456EC25B 3198720 ----a-w- C:\WINDOWS\Sysnative\RtPgEx64.dll 2016-05-20 12:33:16 61A46D53743D8F5FBA83294DFE9B85FC 110984 ----a-w- C:\WINDOWS\Sysnative\RTEEL64A.dll 2016-05-20 12:33:16 527B9B4856E14237E5B34E0D5D13189F 72203792 ----a-w- C:\WINDOWS\Sysnative\RCoRes64.dat 2016-05-20 12:33:16 51DAAF7348C97EC6EBC45E1E7CB8CAD9 321720 ----a-w- C:\WINDOWS\Sysnative\RP3DHT64.dll 2016-05-20 12:33:16 48803A330788D6790AC9CDC4D367E87C 343712 ----a-w- C:\WINDOWS\Sysnative\RtlCPAPI64.dll 2016-05-20 12:33:16 1DEBF241819DE91464566052636B463D 1356512 ----a-w- C:\WINDOWS\Sysnative\RTCOM64.dll 2016-05-20 12:33:16 0EDC1E295550F7118AC739B606B7ACD5 321720 ----a-w- C:\WINDOWS\Sysnative\RP3DAA64.dll 2016-05-20 12:33:15 D23712F2CA1482A4AFB8A778586168F9 3282032 ----a-w- C:\WINDOWS\Sysnative\FMAPO64.dll 2016-05-20 12:33:14 D8C5B063BA7EF27B7B660C6B40C1E53D 574760 ----a-w- C:\WINDOWS\Sysnative\AERTAC64.dll 2016-05-20 12:33:14 6BB639EBF57D8B4ABEB94E8B49724DCF 1601952 ----a-w- C:\WINDOWS\Sysnative\CX64APO.dll 2016-05-20 12:33:14 11417198C26612E6B5C13863995DC66D 122328 ----a-w- C:\WINDOWS\Sysnative\CONEQMSAPOGUILibrary.dll 2016-05-20 12:33:14 0F0F5A65542F8CF3F405BD9DEA179643 118600 ----a-w- C:\WINDOWS\Sysnative\AERTAR64.dll 2016-05-20 12:30:17 F19289062E5CCEEA718A72CFE9F7354D 8 ----a-w- C:\WINDOWS\Sysnative\CardDetect6361.bin 2016-05-20 12:30:17 DDDA2489940138D5F68F156EF016836D 8 ----a-w- C:\WINDOWS\Sysnative\CardDetect6420.bin 2016-05-20 12:30:17 B00577BC5FAFAAA1D611F379D0098096 8 ----a-w- C:\WINDOWS\Sysnative\CardDetect6366.bin 2016-05-20 12:30:17 8D2D7DF5BBD593088EDF373FE87F3E72 8 ----a-w- C:\WINDOWS\Sysnative\CardDetect6362.bin 2016-05-20 12:30:17 2D502CC7905BA09064D839C10B7D1227 12800 ----a-w- C:\WINDOWS\Sysnative\AmUStor2.dll 2016-05-19 09:29:58 E91F3017494D469824A62A7A9826D9BA 5562880 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsRemoteEngine.exe 2016-05-19 09:29:57 BA6996FDFF28F4036206777BA63B0E35 8574464 ----a-w- C:\WINDOWS\Sysnative\DXCaptureReplay.dll 2016-05-19 09:29:57 B94B1F89E9330F9AE5E81D3F6A35D4C9 727552 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsExperiment.dll 2016-05-19 09:29:57 08EBAAF763D26393EB77704320C95643 1001984 ----a-w- C:\WINDOWS\Sysnative\d3d12SDKLayers.dll 2016-05-19 09:29:56 EAC2CC422230188FE808066330E348B2 157184 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsCapture.dll 2016-05-19 09:29:56 570023599E9B0EF77332683DB1727995 1073664 ----a-w- C:\WINDOWS\Sysnative\DXToolsOfflineAnalysis.dll 2016-05-19 09:29:56 4A23A1DF1D5B580E84ACE28E70977F3C 159232 ----a-w- C:\WINDOWS\Sysnative\DXToolsReporting.dll 2016-05-19 09:29:56 3074ABC2862D68F92755560C2A92047E 889344 ----a-w- C:\WINDOWS\Sysnative\DXCap.exe 2016-05-19 09:29:56 04550E3892A78D032F5EB1F8B77F59A1 180224 ----a-w- C:\WINDOWS\Sysnative\DXToolsMonitor.dll 2016-05-18 15:07:18 FE22CA6530E180C20477C7EA411A1AAF 344576 ----a-w- C:\WINDOWS\Sysnative\DXGIDebug.dll 2016-05-18 15:07:18 EF9E1DF693A559D7456E8CE8783C84AD 430080 ----a-w- C:\WINDOWS\Sysnative\d2d1debug3.dll 2016-05-18 15:07:18 D53E8F9EB4E47A355955E2073BCFE4EF 80384 ----a-w- C:\WINDOWS\Sysnative\VSD3DWARP12Debug.dll 2016-05-18 15:07:18 CA5092B46CD441C2C57C5E2F4A500659 3292672 ----a-w- C:\WINDOWS\Sysnative\d3d12warp.dll 2016-05-18 15:07:18 B1A988982FC3B9B952838FBDEED19E62 369152 ----a-w- C:\WINDOWS\Sysnative\DXCpl.exe 2016-05-18 15:07:18 ABB9B5929D53A51F70F0D66C19960C03 80384 ----a-w- C:\WINDOWS\Sysnative\VSD3DWARPDebug.dll 2016-05-18 15:07:18 A93F5DF9CE88BD64D4FF92E01FE17702 90112 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsProxyStub.dll 2016-05-18 15:07:18 9FB7DC71200751134A0F268727344689 5667840 ----a-w- C:\WINDOWS\Sysnative\VsGraphicsDesktopEngine.exe 2016-05-18 15:07:18 72398A634F542B3AD9D5DCB45391197C 1339392 ----a-w- C:\WINDOWS\Sysnative\d3d11_3SDKLayers.dll 2016-05-18 15:07:18 2D062B4B379CC8CBCB595640B5F5C81C 346112 ----a-w- C:\WINDOWS\Sysnative\perf_gputiming.dll 2016-05-18 15:07:18 105034F70F4FD70D1202583C8FFC25D6 97280 ----a-w- C:\WINDOWS\Sysnative\DxToolsReportGenerator.dll 2016-05-15 19:10:16 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\Sysnative\bootdelete.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2016-05-26 15:42:46 CA864D504A5E56AF84A491B4AA1F8A98 328920 ----a-w- C:\WINDOWS\Sysnative\drivers\RtsP2Stor.sys 2016-05-26 15:42:46 5B8A2A5EF34109489D78BBB983B9242E 367320 ----a-w- C:\WINDOWS\Sysnative\drivers\RtsPStor.sys 2016-05-26 15:42:46 4FD2BAD595A2C366FC0312E30362E7AD 313048 ----a-w- C:\WINDOWS\Sysnative\drivers\RtsBaStor.sys 2016-05-26 15:42:46 390594592126D5EBE0C98C0A3094096E 777944 ----a-w- C:\WINDOWS\Sysnative\drivers\RtsPer.sys 2016-05-24 13:06:46 AE4607D7C7AA83A863BFA214483E8EE4 413912 ----a-w- C:\WINDOWS\Sysnative\drivers\RtsUer.sys 2016-05-20 12:33:16 D084C906633567FDD403340E3EF3BD06 5576400 ----a-w- C:\WINDOWS\Sysnative\drivers\RTAIODAT.DAT 2016-05-18 15:04:37 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf 2016-05-15 21:03:51 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\WINDOWS\Sysnative\drivers\revoflt.sys 2016-05-15 19:01:52 7FD586369B597798535C098E63818AAC 46960 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys 2016-05-14 12:11:09 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf 2016-05-11 10:24:59 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-05-11 10:24:50 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-05-11 10:24:45 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2016-05-11 10:24:42 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-05-11 10:24:41 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-05-11 10:24:41 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdport.sys 2016-05-11 10:24:35 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys 2016-05-11 10:24:35 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2016-05-11 10:24:34 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-05-11 10:24:34 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\WINDOWS\Sysnative\drivers\ufxsynopsys.sys 2016-05-11 10:24:33 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\WINDOWS\Sysnative\drivers\filecrypt.sys 2016-05-11 10:24:33 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\WINDOWS\Sysnative\drivers\UcmCx.sys 2016-05-11 10:24:33 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2016-05-11 10:24:31 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys 2016-05-03 09:41:27 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2016-05-03 09:31:30 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2016-05-03 09:31:30 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2016-05-03 09:31:30 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys ====== C:\WINDOWS\Tasks ====== 2016-04-30 11:02:09 BB84BF96C9B8983F31CDC5DFF8BC78E7 3652 ----a-w- C:\WINDOWS\Sysnative\Tasks\CreateExplorerShellUnelevatedTask ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-05-27 14:44:18 -------- d-----w- C:\Program Files\trend micro 2016-05-24 19:13:22 -------- d-----w- C:\Program Files\Athentech 2016-05-18 15:19:14 -------- d---a-w- C:\Program Files\Microsoft SQL Server Compact Edition 2016-05-18 15:06:17 -------- d-----w- C:\Program Files\Microsoft SQL Server 2016-05-17 18:31:56 -------- d---a-w- C:\Program Files\Speccy 2016-05-16 19:20:04 -------- d---a-w- C:\Program Files\LibreOffice 5 2016-05-15 21:03:50 -------- d-----w- C:\Program Files\VS Revo Group ======= C:\PROGRA~2 ===== 2016-05-27 09:42:08 -------- d---a-w- C:\PROGRA~2\Mozilla Thunderbird 2016-05-26 11:10:37 -------- d---a-w- C:\PROGRA~2\Belgium Identity Card 2016-05-18 15:19:12 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server Compact Edition 2016-05-18 15:12:23 -------- d-----w- C:\PROGRA~2\Microsoft Visual Studio 12.0 2016-05-18 15:09:00 -------- d-----w- C:\PROGRA~2\Microsoft Help Viewer 2016-05-18 15:06:18 -------- d---a-w- C:\PROGRA~2\Microsoft SQL Server 2016-05-18 15:03:11 -------- d-----w- C:\PROGRA~2\Microsoft SDKs 2016-05-18 14:45:01 -------- d-----w- C:\PROGRA~2\Windows Kits 2016-05-18 11:47:19 -------- d-----w- C:\PROGRA~2\COMMON~1\Microsoft KitSetup 2016-05-17 20:08:50 -------- d-----w- C:\PROGRA~2\Intel Driver Update Utility 2016-04-30 14:12:56 -------- d---a-w- C:\PROGRA~2\Unchecky ======= C: ===== 2016-05-15 22:11:04 4947BDC381588A492D23FA096770B6B2 1066 ----a-w- C:\DelFix.txt 2016-05-03 09:53:54 F8052AD1AEC2EEE9220542024D981916 1330 ----a-w- C:\malware.txt ====== C:\Users\Leo\AppData\Roaming ====== 2016-05-28 10:22:17 -------- d-----w- C:\Users\Leo\AppData\Local\CrashDumps 2016-05-27 09:42:18 -------- d-----w- C:\Users\Leo\AppData\Local\Thunderbird 2016-05-24 19:13:33 -------- d-----w- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Exposure Plugin 2016-05-20 18:16:50 -------- d-----w- C:\Users\Leo\AppData\Local\GMap.NET 2016-05-20 12:39:06 42E8F8D5C5150CAB332FED81D3A8C7C6 198456 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2016-05-19 15:37:37 -------- d-----w- C:\Users\Leo\AppData\Local\VSIXInstaller 2016-05-17 19:36:42 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2016-05-17 10:23:50 -------- d-----w- C:\Users\Leo\AppData\Local\LogMeIn Rescue Calling Card 2016-05-12 11:34:27 -------- d-----w- C:\Users\Leo\AppData\Local\Temp 2016-05-03 08:39:42 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Leo\AppData\Local\resmon.resmoncfg 2016-04-29 10:00:12 107C115CB3EFBF06575235B01887EB86 3584 ----a-w- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ====== C:\Users\Leo ====== 2016-05-27 14:43:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Leo\Desktop\RSITx64.exe 2016-05-26 11:10:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID 2016-05-24 19:13:32 -------- d-----w- C:\ProgramData\Athentech 2016-05-24 13:09:57 -------- d-----w- C:\Users\Leo\Intel 2016-05-20 11:34:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1 2016-05-18 11:46:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Driver Kits 2016-05-17 09:25:38 -------- d-----w- C:\ProgramData\SoundResearch 2016-05-15 21:03:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2016-05-15 19:01:28 -------- d-----w- C:\ProgramData\HitmanPro 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\USOShared 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\USOPrivate 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\regid.1991-06.com.microsoft 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\Package 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\Microsoft 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\Garmin 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\dir 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\Comms 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\cd 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\attrib 2016-05-03 08:52:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Leo\Apple 2016-04-30 14:12:56 -------- d-----w- C:\ProgramData\Unchecky 2016-04-30 14:12:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky ====== C: exe-files == 2016-05-27 14:44:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Leo.exe 2016-05-27 14:43:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Leo\Desktop\RSITx64.exe 2016-05-27 09:56:27 BAFE98D46BAB095F7935C444DBF9A884 4330200 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\RtCRU64.exe 2016-05-27 09:56:27 ABD6C51076B59E5698D7332574B41F84 91352 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\revcon64.exe 2016-05-27 09:56:27 04F1988DDAE69887B17AADBD676C642D 87256 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\revcon32.exe 2016-05-27 09:56:26 A199BB131AA3D1E387E99ED774CDAA54 42200 ------w- C:\Program Files (x86)\Realtek\Realtek Card Reader\SetEHCIKey.exe 2016-05-27 09:56:26 8B23FB9DD8CDF72B7C8A598FE9E1336C 563416 ------w- C:\Program Files (x86)\Realtek\Realtek Card Reader\Rmb.exe 2016-05-27 09:42:12 E9A76A3FA37249141D33605EFD5DC595 147400 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2016-05-27 09:42:09 E9A76A3FA37249141D33605EFD5DC595 147400 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice.exe 2016-05-27 09:42:09 A815F6A6E1D351E882942AF786530A4F 284104 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe 2016-05-27 09:42:09 8A222BB87BE38DACAAA20395EB752C44 165808 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe 2016-05-27 09:42:09 7F2B6BAA54D8D30967AC93771F34297A 303560 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updater.exe 2016-05-27 09:42:09 71C364A14091298B8857EF40D070FE5F 491464 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 2016-05-27 09:42:09 1630E3F76E2D897765F74B83343F35DE 883800 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe 2016-05-27 09:42:09 1367EFD820D29B431A325F78ABAFDB4E 22984 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\WSEnable.exe 2016-05-27 09:42:08 DB2DE79E6ECC6652E3555564B363C42F 288712 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.exe 2016-05-26 15:42:19 F0E454DBCEA967DC638D9871CE0F44E6 1193688 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\setup.exe 2016-05-26 15:42:19 BAFE98D46BAB095F7935C444DBF9A884 4330200 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin64\RtCRU64.exe 2016-05-26 15:42:19 ABD6C51076B59E5698D7332574B41F84 91352 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\Utility\revcon64.exe 2016-05-26 15:42:19 A199BB131AA3D1E387E99ED774CDAA54 42200 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\APBin\SetEHCIKey.exe 2016-05-26 15:42:19 8B23FB9DD8CDF72B7C8A598FE9E1336C 563416 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\APBin\Rmb.exe 2016-05-26 15:42:19 43A40908F978FF160600A9B709041117 3567320 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin32\RtCRU32.exe 2016-05-26 15:42:19 04F1988DDAE69887B17AADBD676C642D 87256 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\Utility\revcon32.exe 2016-05-26 15:41:34 F0E454DBCEA967DC638D9871CE0F44E6 1193688 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\setup.exe 2016-05-26 15:41:34 ABD6C51076B59E5698D7332574B41F84 91352 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\Utility\revcon64.exe 2016-05-26 15:41:34 04F1988DDAE69887B17AADBD676C642D 87256 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\Utility\revcon32.exe 2016-05-26 15:41:33 BAFE98D46BAB095F7935C444DBF9A884 4330200 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin64\RtCRU64.exe 2016-05-26 15:41:33 A199BB131AA3D1E387E99ED774CDAA54 42200 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\APBin\SetEHCIKey.exe 2016-05-26 15:41:33 8B23FB9DD8CDF72B7C8A598FE9E1336C 563416 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\APBin\Rmb.exe 2016-05-26 15:41:33 43A40908F978FF160600A9B709041117 3567320 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin32\RtCRU32.exe 2016-05-26 11:03:13 2EDB592E88C8A892F7EA652DD2085FB7 45775776 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\51.0.2704.63\51.0.2704.63_chrome_installer.exe 2016-05-24 19:13:33 EA06D768CCDBFF7D0CA3785406572955 170796 ----a-w- C:\Program Files\Athentech\Perfect Exposure\uninst.exe 2016-05-24 19:12:39 D06F99986F8DD7DE4382FEA33262324C 47586152 ----a-w- C:\Users\Leo\Downloads\Fotosoftware-legaal\Perfect_Exposure_v1.0.1.exe 2016-05-24 13:06:49 F0E454DBCEA967DC638D9871CE0F44E6 1193688 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe === C: other files == 2016-05-27 09:56:27 CA864D504A5E56AF84A491B4AA1F8A98 328920 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsP2Stor.sys 2016-05-27 09:56:27 AE4607D7C7AA83A863BFA214483E8EE4 413912 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsUer.sys 2016-05-27 09:56:27 5B8A2A5EF34109489D78BBB983B9242E 367320 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsPStor.sys 2016-05-27 09:56:27 4FD2BAD595A2C366FC0312E30362E7AD 313048 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsBaStor.sys 2016-05-27 09:56:27 390594592126D5EBE0C98C0A3094096E 777944 ----a-w- C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsPer.sys 2016-05-27 09:42:09 31F0398A1C0FA76BC0A381853B3C3C23 4650 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi 2016-05-26 15:42:46 CA864D504A5E56AF84A491B4AA1F8A98 328920 ----a-w- C:\Windows\System32\drivers\RtsP2Stor.sys 2016-05-26 15:42:46 5B8A2A5EF34109489D78BBB983B9242E 367320 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys 2016-05-26 15:42:46 4FD2BAD595A2C366FC0312E30362E7AD 313048 ----a-w- C:\Windows\System32\drivers\RtsBaStor.sys 2016-05-26 15:42:46 390594592126D5EBE0C98C0A3094096E 777944 ----a-w- C:\Windows\System32\drivers\RtsPer.sys 2016-05-26 15:42:19 E3E40DB4EA7761AFC47FE664ED5179F0 235736 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin32\RtsBaStor.sys 2016-05-26 15:42:19 CA864D504A5E56AF84A491B4AA1F8A98 328920 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin64\RtsP2Stor.sys 2016-05-26 15:42:19 C765FDE9D9E1986ADD9BC1DA87096542 279768 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin32\RtsPStor.sys 2016-05-26 15:42:19 B92835BE07E07F4DEF4611AC1548A910 247000 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin32\RtsP2Stor.sys 2016-05-26 15:42:19 AE4607D7C7AA83A863BFA214483E8EE4 413912 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin64\RtsUer.sys 2016-05-26 15:42:19 5B8A2A5EF34109489D78BBB983B9242E 367320 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin64\RtsPStor.sys 2016-05-26 15:42:19 51053B3D3CF8DB997C850D21E73A3983 302808 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin32\RtsUer.sys 2016-05-26 15:42:19 4FD2BAD595A2C366FC0312E30362E7AD 313048 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin64\RtsBaStor.sys 2016-05-26 15:42:19 4909FE1A64B3C2190286357A9F66EC4D 612056 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin32\RtsPer.sys 2016-05-26 15:42:19 390594592126D5EBE0C98C0A3094096E 777944 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\DrvBin64\RtsPer.sys 2016-05-26 15:42:19 15C354419C025E6939416607625E1725 8 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\RtsXStor_10.0.370.125_20160201_WHQL\SilentInstall.bat 2016-05-26 15:41:34 CA864D504A5E56AF84A491B4AA1F8A98 328920 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin64\RtsP2Stor.sys 2016-05-26 15:41:34 AE4607D7C7AA83A863BFA214483E8EE4 413912 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin64\RtsUer.sys 2016-05-26 15:41:34 5B8A2A5EF34109489D78BBB983B9242E 367320 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin64\RtsPStor.sys 2016-05-26 15:41:34 390594592126D5EBE0C98C0A3094096E 777944 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin64\RtsPer.sys 2016-05-26 15:41:34 15C354419C025E6939416607625E1725 8 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\SilentInstall.bat 2016-05-26 15:41:33 E3E40DB4EA7761AFC47FE664ED5179F0 235736 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin32\RtsBaStor.sys 2016-05-26 15:41:33 C765FDE9D9E1986ADD9BC1DA87096542 279768 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin32\RtsPStor.sys 2016-05-26 15:41:33 B92835BE07E07F4DEF4611AC1548A910 247000 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin32\RtsP2Stor.sys 2016-05-26 15:41:33 51053B3D3CF8DB997C850D21E73A3983 302808 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin32\RtsUer.sys 2016-05-26 15:41:33 4FD2BAD595A2C366FC0312E30362E7AD 313048 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin64\RtsBaStor.sys 2016-05-26 15:41:33 4909FE1A64B3C2190286357A9F66EC4D 612056 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RGNGTTH.125_20160201_WHQL\DrvBin32\RtsPer.sys 2016-05-26 15:41:08 1D2F2A05C7CD04D528DF38629B9F0E5C 18134764 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3412851300-2870964825-4123225172-1002\$RS270C0\0004-RtsXStor_10.0.370.125.zip 2016-05-26 11:14:56 CFB6FC2394177B8B899F0B778F46111F 26623 ----a-w- C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435\extensions\belgiumeid@eid.belgium.be.xpi 2016-05-25 09:41:50 907B8D995783B390C551F5FC9F7524E6 2043369 ----a-w- C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435\features\{64fd20c7-003a-407a-855c-c0c29f68f4f6}\loop@mozilla.org.xpi 2016-05-25 09:41:50 2AC8B15290B31440AC21AD87420A73C9 6303 ----a-w- C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435\features\{64fd20c7-003a-407a-855c-c0c29f68f4f6}\e10srollout@mozilla.org.xpi 2016-05-25 09:41:50 125338DF748FBDDE546EB2C164D2FAC8 686304 ----a-w- C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435\features\{64fd20c7-003a-407a-855c-c0c29f68f4f6}\firefox@getpocket.com.xpi 2016-05-24 13:06:46 AE4607D7C7AA83A863BFA214483E8EE4 413912 ----a-w- C:\Windows\System32\drivers\RtsUer.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3412851300-2870964825-4123225172-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg_SOUNDEDGE"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SOUNDEDGE" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "StartCN"="C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2016 13:25] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/11/2015 20:50] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/11/2015 20:50] C:\WINDOWS\tasks\HPCeeScheduleForLeo.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [16/06/2015 10:51] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-DESKTOP-H2G7JK4-Leo" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\SysNative\tasks\AMD Updater" ["C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForLeo" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{7F8F93C2-A28A-46A2-A58F-FB7D44C31BFF}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435 user_pref("browser.startup.homepage", "www.destandaard.be"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [26/05/2016 13:10] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "kpm_win_add_on@kaspersky"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435 - Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\content_blocker_sm@kaspersky.com - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\virtual_keyboard_sm@kaspersky.com - Online Banking - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\online_banking_sm@kaspersky.com - Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Leo\AppData\Roaming\Thunderbird\Profiles\ajuiuni1.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435 57C7E359ED8D049132EED23EFA444C63 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka[] midldhlejplpmkldmickhkkhahkdnbgm - https://chrome.google.com/webstore/detail/midldhlejplpmkldmickhkkhahkdnbgm[] Google Drive - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky Protection - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka AdBlock - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Kaspersky Protection - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\midldhlejplpmkldmickhkkhahkdnbgm Chrome Web Store Payments - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www2.telenet.be/nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www2.telenet.be/nl/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3412851300-2870964825-4123225172-1002\SOFTWARE\Mozilla\Firefox\Extensions\kpm_win_add_on@kaspersky deleted successfully ==== HijackThis Entries ====================== O2 - BHO: VirtualKeyboardBrowserHelperObject - {6E11DD15-E054-4F89-840D-CD04499407A3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll O2 - BHO: Safe Money Plugin - {CE5452FA-F4B3-4422-BE64-D4B1093F6DFF} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll O2 - BHO: ContentBlockerBrowserHelperObject - {D48EC204-5CFE-43FD-8CC9-B4BC8645CD46} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk = ? O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe O4 - Global Startup: ProfileReminder.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus-service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Kaspersky Fraud Prevention for Endpoint Service 3.5.0 (KSM3.5.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\ksm.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Leo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Leo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Leo\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Leo\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Leo\AppData\Local\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=130 folders=179 477718137 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Leo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 28/05/2016 at 12:28:59,54 ======================