Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Kuba on zo 15/05/2016 at 14:55:02,83. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kuba\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2016-05-14-160124.log 29788 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG-Secure-Search-Update_0913b] ==== Deleting Files \ Folders ====================== C:\Users\Kuba\AppData\Roaming\DVDVideoSoft not found C:\Users\Kuba\AppData\Roaming\AVG 0913b Campaign not found C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988} not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kuba\AppData\Local\Temp ==== ====== Java Cache ===== 2016-05-14 15:35:02 B15145B3CD43F459A28845070D53FE32 100 ----a-w- C:\Users\Kuba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2ae4f0aa-452afb362f20347e7ad76a8c9fa88be8d9c758119720de68cbaf621e3874778a-6.0.lap 2016-05-14 15:35:01 4F85459CEC4F78A3987FFFD5B6A816C5 605 ----a-w- C:\Users\Kuba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2ae4f0aa-732df666 2016-05-14 15:35:02 33E6A7F07217C4DAFA9AA4E7714A0CCA 8513 ----a-w- C:\Users\Kuba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\10c14eab-2cc58720 2016-05-14 15:35:11 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Kuba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\7f7cc0b1-474a913e ====== C:\Windows\system32 ===== 2016-05-14 15:32:46 AA42AAC0000253E8FF25C769C3D827B8 95808 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2016-05-11 14:33:04 C84D6B9A0AC864D637DB8F12CE2123A8 306176 ----a-w- C:\Windows\System32\gdi32.dll 2016-05-11 14:33:04 8098ED20E478CC1BCBB335FFF6764EF2 603648 ----a-w- C:\Windows\System32\d3d10level9.dll 2016-05-11 14:33:03 6A9AE6A5BBF0A87EFDA0D85CCC852396 2397696 ----a-w- C:\Windows\System32\win32k.sys 2016-05-11 14:33:03 525B93B761DCCB2D33A58ED603178228 1230848 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2016-05-11 14:33:02 D73C9595BB613D736FF6240BF272F07E 19968 ----a-w- C:\Windows\System32\jnwmon.dll 2016-05-11 14:33:02 1F1D2BEAB6295511F5FF121ADDC1FF28 216064 ----a-w- C:\Windows\System32\InkEd.dll 2016-05-11 14:33:01 E1E4376C8B74BAFC599383699BDBB5B5 2048 ----a-w- C:\Windows\System32\tzres.dll 2016-05-11 14:32:16 AD02E683D6D598D4899FE5733A9711E1 30720 ----a-w- C:\Windows\System32\iernonce.dll 2016-05-11 14:32:16 7B262F0276914682688BA4EDA0427D82 689664 ----a-w- C:\Windows\System32\ie4uinit.exe 2016-05-11 14:32:16 7307C4B6E9DC8611A4EADE67B37BA1FE 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2016-05-11 14:32:16 597F91AD234C33E1F2E57DFA3F487F8E 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2016-05-11 14:32:16 20CCB08C50B558E2FD21286DEEBFC949 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2016-05-11 14:32:16 1088B22FC16C769B6F1D130C64A575C1 91136 ----a-w- C:\Windows\System32\inseng.dll 2016-05-11 14:32:15 EB28AEBBAB4DF479E5379A0ED254E05A 346312 ----a-w- C:\Windows\System32\iedkcs32.dll 2016-05-11 14:32:15 92447454D422B61098722F3E32FDA108 1312256 ----a-w- C:\Windows\System32\urlmon.dll 2016-05-11 14:32:15 8B509B1AB7F34205B32A584391095B6D 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-05-11 14:32:15 79038436F8149140804E594FAC75DC62 130048 ----a-w- C:\Windows\System32\occache.dll 2016-05-11 14:32:14 C47F1C3B0BCD0FD8414504866B217CBF 416256 ----a-w- C:\Windows\System32\dxtmsft.dll 2016-05-11 14:32:14 944E9682639592534699338EB0CDBBD3 620032 ----a-w- C:\Windows\System32\jscript9diag.dll 2016-05-11 14:32:14 4D4AFCB56FDE1C0E3FB8EC04DF78215E 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2016-05-11 14:32:14 496DB0A700A16F907C163B5C38AF144B 47104 ----a-w- C:\Windows\System32\jsproxy.dll 2016-05-11 14:32:13 65FD7525C425EB13A107B3CCED39C5EC 693248 ----a-w- C:\Windows\System32\msfeeds.dll 2016-05-11 14:32:13 1D71FF7ED3DAC131F25C3D9B975DEE3F 710144 ----a-w- C:\Windows\System32\ieapfltr.dll 2016-05-11 14:32:12 A77B4ECEAE257BADF43E3DB157D06FDD 2056192 ----a-w- C:\Windows\System32\inetcpl.cpl 2016-05-11 14:32:12 9A2D3244780C31C7F393A420A82DBADB 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2016-05-11 14:32:11 DA6C32EDF3475EC53D2764C9C89D0AED 230400 ----a-w- C:\Windows\System32\webcheck.dll 2016-05-11 14:32:11 A124ECF6569252EA3B4EFD8C06D8F4D5 62464 ----a-w- C:\Windows\System32\iesetup.dll 2016-05-11 14:32:11 8EF022E16150BFAFC7DBB795C43C6BA2 2121216 ----a-w- C:\Windows\System32\wininet.dll 2016-05-11 14:32:11 715C6CFC79EC368461730E0CB3AA9B78 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2016-05-11 14:32:11 032534A6D0983132206BCD386842F3DB 168960 ----a-w- C:\Windows\System32\msrating.dll 2016-05-11 14:32:10 AE291D2064C8819550EC5BDB8A3C811B 476160 ----a-w- C:\Windows\System32\ieui.dll 2016-05-11 14:32:10 1D2A4F6731F5C839CB06BFB42A2D17DE 279040 ----a-w- C:\Windows\System32\dxtrans.dll 2016-05-11 14:32:09 F6E942EACAF8BCDD0585EC37C0AEEA1E 13811200 ----a-w- C:\Windows\System32\ieframe.dll 2016-05-11 14:32:08 805B2423E2A6748558A102D4AE2B8845 341504 ----a-w- C:\Windows\System32\html.iec 2016-05-11 14:32:08 5977D8883562E79DB1883EAA76BF1796 76288 ----a-w- C:\Windows\System32\mshtmled.dll 2016-05-11 14:32:08 2975F5A31DA534F4988EE7F423885CDD 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2016-05-11 14:32:07 6B0E7E0684D6F01C5B79B2CFBBF86D87 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll 2016-05-11 14:32:07 2A60FB02AFE1B0C908462F8B82C80416 2285568 ----a-w- C:\Windows\System32\iertutil.dll 2016-05-11 14:32:06 63A16C06142DC21B143C1694F0E98FD4 20350464 ----a-w- C:\Windows\System32\mshtml.dll 2016-05-11 14:32:05 63C5906CDB3851B7FEFE0159E4E283C4 4611072 ----a-w- C:\Windows\System32\jscript9.dll 2016-05-11 14:32:04 C318703CA34BC44AD328756B790D64BE 663552 ----a-w- C:\Windows\System32\jscript.dll 2016-05-11 14:32:03 2E220AC0726E93012CFF802E6CC976D6 497152 ----a-w- C:\Windows\System32\vbscript.dll 2016-05-11 14:31:58 0060068CC288885E7FFDF18D079CA1DD 553472 ----a-w- C:\Windows\System32\kerberos.dll 2016-05-11 14:31:57 9DF92D5FDDF0E397229BDC99F96EAF50 3943144 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-05-11 14:31:57 8B6D57C68E162097118823B526CAF15F 1062400 ----a-w- C:\Windows\System32\lsasrv.dll 2016-05-11 14:31:57 55BAF523383B955141C89C71D88F79E7 3998952 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2016-05-11 14:31:57 3E74E11A72A2318ACA5DF36C970C5D51 655360 ----a-w- C:\Windows\System32\rpcrt4.dll 2016-05-11 14:31:57 387D366CD459D08AEBC307A8B12E13E1 1310528 ----a-w- C:\Windows\System32\ntdll.dll 2016-05-11 14:31:57 039567AA833DDAC96E85880204516424 644096 ----a-w- C:\Windows\System32\advapi32.dll 2016-05-11 14:31:56 F3BDC789FC0F08E49161F503913EC540 141312 ----a-w- C:\Windows\System32\rpchttp.dll 2016-05-11 14:31:56 F11B94DD3C78CC2878206D84E97D6943 223232 ----a-w- C:\Windows\System32\ncrypt.dll 2016-05-11 14:31:56 F07DBB814DD09ACAAE456DCA10ACBEFA 22016 ----a-w- C:\Windows\System32\secur32.dll 2016-05-11 14:31:56 CEDF8CBE4AE24A70421DA9319B60B079 146432 ----a-w- C:\Windows\System32\msaudite.dll 2016-05-11 14:31:56 CE0731E4B4236639F57C975376D55252 38912 ----a-w- C:\Windows\System32\csrsrv.dll 2016-05-11 14:31:56 B96C54CACF98A9065331AEC9E3490687 99840 ----a-w- C:\Windows\System32\sspicli.dll 2016-05-11 14:31:56 B853BACE5D47FD22AC8E34AF3FF38293 400896 ----a-w- C:\Windows\System32\srcore.dll 2016-05-11 14:31:56 B787A7C9B6CD553649F4148CA1ADD394 171520 ----a-w- C:\Windows\System32\wdigest.dll 2016-05-11 14:31:56 9AB8911144C6ED982189E89752C9975B 43008 ----a-w- C:\Windows\System32\srclient.dll 2016-05-11 14:31:56 9A8D915E33F63746CA30CDD7D303F2B7 6656 ----a-w- C:\Windows\System32\apisetschema.dll 2016-05-11 14:31:56 941DBDF26F96718BF0B5C5E692DBFDDD 262656 ----a-w- C:\Windows\System32\rstrui.exe 2016-05-11 14:31:56 910ED0DF49A5A02059BB224B99C689D2 22016 ----a-w- C:\Windows\System32\lsass.exe 2016-05-11 14:31:56 89F158101922E0AEE59FC6094135F440 60416 ----a-w- C:\Windows\System32\msobjs.dll 2016-05-11 14:31:56 8333787D8FCA460C0DD70436464A8A8D 29696 ----a-w- C:\Windows\System32\appidsvc.dll 2016-05-11 14:31:56 6BC921FF016A5BD8EC60578ACBF3324F 69632 ----a-w- C:\Windows\System32\smss.exe 2016-05-11 14:31:56 645D048B2D9AF4CDF299AB93B6A4631D 97792 ----a-w- C:\Windows\System32\appidpolicyconverter.exe 2016-05-11 14:31:56 59A55027D3239BDFB3C06EEDA15EFCBB 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2016-05-11 14:31:56 5490A3788CF61248DC3423F279ABF876 251392 ----a-w- C:\Windows\System32\schannel.dll 2016-05-11 14:31:56 5225DAD8684A316587B5F0AC56B50B59 17408 ----a-w- C:\Windows\System32\credssp.dll 2016-05-11 14:31:56 4A3C137270473F865FB652CE5EFF2D95 260608 ----a-w- C:\Windows\System32\msv1_0.dll 2016-05-11 14:31:56 3F6179FCEC6473F79FFA75B6ED7C7E11 36352 ----a-w- C:\Windows\System32\cryptbase.dll 2016-05-11 14:31:56 35F6D2FAC5B11D9A8457BDF182CCC7F5 50176 ----a-w- C:\Windows\System32\setbcdlocale.dll 2016-05-11 14:31:56 30EE614007B9180EBFAB405A9E8132E3 690688 ----a-w- C:\Windows\System32\adtschema.dll 2016-05-11 14:31:56 2B8D91FEA19E796F0C4DAEC5DDBED6B9 16896 ----a-w- C:\Windows\System32\appidcertstorecheck.exe 2016-05-11 14:31:56 0ED7981D7FFB58AF23E85289F6104B0D 50176 ----a-w- C:\Windows\System32\auditpol.exe 2016-05-11 14:31:56 0ABA313538EA960A66DBCB2AF20EF267 50688 ----a-w- C:\Windows\System32\appidapi.dll 2016-05-11 14:31:56 01EB167CB5796CAF1F4EBAA717E671D8 15872 ----a-w- C:\Windows\System32\sspisrv.dll 2016-05-11 14:31:10 CAC0B52373068BE0BF55A49D2BCD9BAF 107520 ----a-w- C:\Windows\System32\cdd.dll ====== C:\Windows\system32\drivers ===== 2016-05-11 14:31:57 D94D58A52BFC1352E82EBECADE518B6D 137960 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-05-11 14:31:57 C04D36B97BCEE4A83EC34325A3424768 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-05-11 14:31:57 37507B2F0EA8C2A7CFE120E6EE2128B5 67304 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-05-11 14:31:56 C7F5CAE0B450BE875EEE0E6DDFA771FE 50688 ----a-w- C:\Windows\System32\drivers\appid.sys 2016-05-11 14:31:56 8758312AE2602620E6C972F527EC64ED 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-05-11 14:31:56 84D65385A4DF3577C9CA697B67DFCE26 226304 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-05-11 14:31:11 4B21D102E49E9D44C478D6766A7FCBE5 730344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2016-05-11 14:31:11 2201679A6CBD50141AF5C79C6F2CFA0D 218856 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-05-09 16:44:55 -------- d-----w- C:\Program Files\trend micro 2016-04-16 11:17:41 -------- d-----w- C:\Program Files\Sony Media Go Install ======= C: ===== ====== C:\Users\Kuba\AppData\Roaming ====== 2016-04-16 11:12:37 -------- d-----w- C:\Users\Kuba\AppData\Local\CEF ====== C:\Users\Kuba ====== 2016-05-14 15:32:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-05-14 15:28:15 78ADF009672CB8AB9D959F396C282C2E 738880 ----a-w- C:\Users\Kuba\Downloads\jxpiinstall.exe 2016-05-09 16:43:53 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kuba\Downloads\RSIT.exe 2016-04-16 12:29:30 -------- d-----w- C:\ProgramData\Sony 2016-04-16 11:12:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony ====== C: exe-files == 2016-05-14 15:32:47 D117B71E46E9156F1C88146E6F5EDB03 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2016-05-14 15:32:47 28AC474C021D764DF31736CB9B47DD88 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2016-05-14 15:32:47 0BA64EAF4F4080DA2FB79DCC05CB2A14 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2016-05-14 15:32:35 DE2D3B374C6EFA769028B811A1203FB1 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\jjs.exe 2016-05-14 15:32:35 D8065554BA4D664A55F57F76E1B4F9E3 77888 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\jp2launcher.exe 2016-05-14 15:32:35 D26A12768BFA19B5565F82DF16B85192 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\kinit.exe 2016-05-14 15:32:35 D117B71E46E9156F1C88146E6F5EDB03 191552 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\javaw.exe 2016-05-14 15:32:35 CCCE1ACFFBFCB34B5F3CD157A78522F8 68672 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\javacpl.exe 2016-05-14 15:32:35 BA45896DE4744CC7AB7EAECF59D6758C 16448 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\orbd.exe 2016-05-14 15:32:35 B6AAFABF90E5FE4683690793F2963388 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\keytool.exe 2016-05-14 15:32:35 AFD756C629D5527D1CFE3BE9D6EBB416 30784 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\jabswitch.exe 2016-05-14 15:32:35 AFB89E0B881A2F9F0135AB8984B9FC53 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\pack200.exe 2016-05-14 15:32:35 76E017B33C2C0F72CBBDB77251B00658 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\rmid.exe 2016-05-14 15:32:35 6C58D1081EC589813A197E81CA5CB85C 159296 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\unpack200.exe 2016-05-14 15:32:35 56B31942246558D41498912CA9868DF2 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\servertool.exe 2016-05-14 15:32:35 38E67313028C22B78E26D7860494015E 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\policytool.exe 2016-05-14 15:32:35 2EBB23647400B52B56815FEBC59DCCF7 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\ktab.exe 2016-05-14 15:32:35 2C02E97DF732010028B565DA92F3CB0F 51776 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\ssvagent.exe 2016-05-14 15:32:35 2ABC222E2C3E728136516D6390BDF447 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\klist.exe 2016-05-14 15:32:35 28AC474C021D764DF31736CB9B47DD88 191040 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\java.exe 2016-05-14 15:32:35 1F3D5C9A2D230CDE5B2120AA0F3721B6 16448 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\tnameserv.exe 2016-05-14 15:32:35 1CB2916C0CC541F2A4AC28DAC03F1833 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\rmiregistry.exe 2016-05-14 15:32:35 0BA64EAF4F4080DA2FB79DCC05CB2A14 268352 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\javaws.exe 2016-05-14 15:32:35 09EABD6F36ECC85644DCE5C3BD709F29 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\java-rmi.exe 2016-05-14 15:28:15 78ADF009672CB8AB9D959F396C282C2E 738880 ----a-w- C:\Users\Kuba\Downloads\jxpiinstall.exe 2016-05-12 23:38:07 967B748ECB8AC2345B8D10F19D1E31AC 1295448 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.102\50.0.2661.102_50.0.2661.94_chrome_updater.exe 2016-05-11 14:33:02 75886D7A0FA8AA14969381E3549E62F1 48640 ----a-w- C:\Program Files\Windows Journal\PDIALOG.exe 2016-05-11 14:33:02 04E33B3D75B2EE8128B847E60316F731 1785344 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2016-05-11 14:33:01 C9395CC12AB0BFF8E4BD81F105F11FEF 40448 ----a-w- C:\Windows\servicing\GC32\tzupd.exe 2016-05-11 14:32:16 7B262F0276914682688BA4EDA0427D82 689664 ----a-w- C:\Windows\System32\ie4uinit.exe 2016-05-11 14:32:16 7307C4B6E9DC8611A4EADE67B37BA1FE 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2016-05-11 14:32:15 CB7707D6FBA0F759867D601106A11973 221184 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2016-05-11 14:32:15 8B509B1AB7F34205B32A584391095B6D 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-05-11 14:32:14 4D4AFCB56FDE1C0E3FB8EC04DF78215E 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2016-05-11 14:32:12 B1D263F5B115A2BBAB952E9A40E4C92C 474112 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2016-05-11 14:32:11 455FBE995E8E809DA3EBB78C447202D9 815304 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2016-05-11 14:31:57 9DF92D5FDDF0E397229BDC99F96EAF50 3943144 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-05-11 14:31:57 55BAF523383B955141C89C71D88F79E7 3998952 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2016-05-11 14:31:56 941DBDF26F96718BF0B5C5E692DBFDDD 262656 ----a-w- C:\Windows\System32\rstrui.exe 2016-05-11 14:31:56 910ED0DF49A5A02059BB224B99C689D2 22016 ----a-w- C:\Windows\System32\lsass.exe 2016-05-11 14:31:56 6BC921FF016A5BD8EC60578ACBF3324F 69632 ----a-w- C:\Windows\System32\smss.exe 2016-05-11 14:31:56 645D048B2D9AF4CDF299AB93B6A4631D 97792 ----a-w- C:\Windows\System32\appidpolicyconverter.exe 2016-05-11 14:31:56 2B8D91FEA19E796F0C4DAEC5DDBED6B9 16896 ----a-w- C:\Windows\System32\appidcertstorecheck.exe 2016-05-11 14:31:56 0ED7981D7FFB58AF23E85289F6104B0D 50176 ----a-w- C:\Windows\System32\auditpol.exe 2016-05-10 23:32:40 54D932590CEAB260ADC4FF79797B21D9 92824 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe 2016-05-10 23:32:39 E8B364111F317A60DF073826E628FF6F 92824 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe 2016-05-10 23:32:39 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateSetup.exe 2016-05-10 23:32:39 108CB30A5B4C5247E414A3086458FCFC 92824 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateBroker.exe 2016-05-10 23:32:32 13FF5C375BD0C702EA1252E79592692F 135832 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe 2016-05-10 23:32:31 A425CDCEB9D26E9A5ABAFA259799D447 312472 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler64.exe 2016-05-10 23:32:31 56FE3C885B0901601549E23E7A435984 250008 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe 2016-05-10 23:32:31 50FCC5C822A6B4FC6F377EE9F9F37C7B 152216 ----atw- C:\Program Files\Google\Update\1.3.30.3\GoogleUpdate.exe 2016-05-10 23:32:27 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe 2016-05-09 16:44:55 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kuba.exe 2016-05-09 16:43:53 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kuba\Downloads\RSIT.exe === C: other files == 2016-05-14 16:01:52 0B28E9A8A36FD0718C261E7D19256852 4870 ----a-w- C:\Users\Kuba\AppData\Local\Temp\xpi\tmp.zip 2016-05-14 15:32:35 CB600FFB53D99A9B07EB870111BA7470 14130 ----a-w- C:\Program Files\Java\jre1.8.0_91\lib\deploy\ffjcext.zip 2016-05-11 14:33:03 6A9AE6A5BBF0A87EFDA0D85CCC852396 2397696 ----a-w- C:\Windows\System32\win32k.sys 2016-05-11 14:31:57 D94D58A52BFC1352E82EBECADE518B6D 137960 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-05-11 14:31:57 C04D36B97BCEE4A83EC34325A3424768 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-05-11 14:31:57 37507B2F0EA8C2A7CFE120E6EE2128B5 67304 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-05-11 14:31:56 C7F5CAE0B450BE875EEE0E6DDFA771FE 50688 ----a-w- C:\Windows\System32\drivers\appid.sys 2016-05-11 14:31:56 8758312AE2602620E6C972F527EC64ED 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-05-11 14:31:56 84D65385A4DF3577C9CA697B67DFCE26 226304 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-05-11 14:31:11 4B21D102E49E9D44C478D6766A7FCBE5 730344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2016-05-11 14:31:11 2201679A6CBD50141AF5C79C6F2CFA0D 218856 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" "AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADSMTray] "command"="C:\\Program Files\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe" "hkey"="HKLM" "item"="ADSMTray" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AllShareAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AllShareAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeAC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FreeAC" "hkey"="HKCU" "command"="E:\\progs\\FreeAlarmClock\\FreeAlarmClock.exe -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sony PC Companion" "hkey"="HKCU" "command"="\"C:\\Program Files\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XperiaCompanionAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="XperiaCompanionAgent" "hkey"="HKCU" "command"="C:\\Program Files\\Sony\\Xperia Companion\\XperiaCompanionAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FancyStart daemon.lnk" "backup"="C:\\Windows\\pss\\FancyStart daemon.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\\_A1DDD39913A1970387B7B3.exe -d" "item"="FancyStart daemon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/01/2016 19:59] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/08/2015 20:01] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/08/2015 20:01] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\ACMON" [C:\Program Files\ASUS\Splendid\ACMON.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\system32\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\system32\tasks\ASUSControlDeck" [C:\Program Files\ASUS\ControlDeck\ControlDeckStartUp.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\Net4Switch" [C:\Program Files\ASUS\Net4Switch\Net4Switch.exe] "C:\Windows\system32\tasks\P4G Sidebar" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\P4GIntlCtrl" [C:\Program Files\P4G\IntlCtrl.exe] "C:\Windows\system32\tasks\PresentationSettingsTurnOff_Kuba-PC_Kuba" [%windir%\system32\PresentationSettings.exe] "C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1458713425" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\WC3" [C:\Program Files\ASUS\Wireless Console 3\wcourier.exe] "C:\Windows\system32\tasks\{B7DB41CF-D3CB-4254-8B57-14746094BD1D}" [F:\games\Heroes of Might and Magic V - Collectors Edition\HMM5\bina2\bin\H5_Game.exe] "C:\Windows\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\grdx5r5m.default user_pref("browser.startup.homepage", "https://www.google.com"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [10/03/2016 08:18]