Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Gebruiker on di 31/05/2016 at 15:13:48,98. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 31/05/2016 15:31:43 Zoek.exe System Restore Point Created Successfully. ==== VirusTotal Scan ====================== C:\Windows\system32\mscoree.dll https://www.virustotal.com/file/88254DC8D29950AAAAB37E8E0B673DFE41ED21C781CE5604EE7FE9B2290AC621/analysis/ ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Gebruiker\AppData\Local\ActiveSync deleted successfully C:\Users\Gebruiker\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Gebruiker\AppData\Local\EmieSiteList deleted successfully C:\Users\Gebruiker\AppData\Local\EmieUserList deleted successfully C:\Users\Gebruiker\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2BE9C6B-29B3-4BF4-B757-1EE5A1004FDD} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Installed Programs ====================== Adobe Creative Cloud Adobe Photoshop Elements 12 Apple Application Support Apple Software Update Canon CanoScan Toolbox 5.0 Canon iP4800 series Printer Driver Canon MP Navigator EX 2.1 Canon My Image Garden Canon My Image Garden Design Files Canon Quick Menu CanoScan 4400F CanoScan LiDE 700F Scanner Driver Elements 12 Organizer Freemake Video Converter versie 4.1.4 Google Chrome Google Update Helper Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel© Trusted Connect Service Client Kaspersky Password Manager Kaspersky Total Security Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD NETGEAR WNDA3100v2 wireless USB 2.0 adapter NVIDIA-configuratiescherm 353.82 NVIDIA 3D Vision controllerstuurprogramma 335.21 NVIDIA 3D Vision stuurprogramma 335.23 NVIDIA GeForce Experience 2.1 NVIDIA Grafisch stuurprogramma 335.23 NVIDIA HD Audio-stuurprogramma 1.3.30.1 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.13.1220 NVIDIA ShadowPlay 14.6.22 NVIDIA Stereoscopic 3D Driver NVIDIA Update 14.6.22 NVIDIA Update Core NVIDIA Virtual Audio 1.2.23 Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component PHOTOfunSTUDIO 9.3 PE PSE12 STI Installer QuickTime 7 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver SHIELD Streaming Snap.Do Engine Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Users\Gebruiker\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\rtr69F8.tmp deleted C:\rtr8FD9.tmp deleted C:\PROGRA~3\Package Cache deleted C:\Users\Gebruiker\AppData\Local\HWVendorDetection.log deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Gebruiker\AppData\LocalLow\Smartbar deleted "C:\Users\Gebruiker\AppData\Local\Smartbar" deleted ==== System Specs ====================== Operating System: Microsoft Windows 10 Home 10.0.10586 64 bits Manufacturer: ASUS - Model: All Series Install Date: 12/12/2015 3:46:33 Last Boot: 31/05/2016 11:04:24 Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz Number of Processors: 8 Work Station Bootmode: Normal boot Total RAM: 8128 MB (free 5144 MB - 63) Computername: TONESPC Domain: WORKGROUP User: Gebruiker (Administrator account) Local Disk: C:\ - NTFS - 110 GB (free 36 GB) CD \ DVD Drive: I:\ Bootdevice: \Device\HarddiskVolume1 Windows update: Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Internet Explorer Version: 11.306.10586.0 Google Chrome version: 51.0.2704.63 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-05-11 07:58:10 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-05-11 07:58:07 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-05-11 07:57:58 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-05-11 07:57:54 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2016-05-11 07:57:52 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-05-11 07:57:51 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-05-11 07:57:51 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdport.sys 2016-05-11 07:57:47 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys 2016-05-11 07:57:46 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-05-11 07:57:46 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2016-05-11 07:57:45 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\WINDOWS\Sysnative\drivers\filecrypt.sys 2016-05-11 07:57:45 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\WINDOWS\Sysnative\drivers\UcmCx.sys 2016-05-11 07:57:45 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2016-05-11 07:57:45 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\WINDOWS\Sysnative\drivers\ufxsynopsys.sys 2016-05-11 07:57:44 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys ====== C:\WINDOWS\Tasks ====== 2016-05-31 09:33:02 B0FA8A71470D9DF14DE22E44402190E2 4138 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2016-05-31 09:33:02 6375131EDBC421F9B3A49889790CAEDA 1080 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-31 09:33:02 61E6ACC10A5A943AB0756CB770D3B1B0 1076 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-31 09:33:02 384E89CC01090B309959F509C1253C54 3906 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2016-05-24 11:49:42 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Apple ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-05-31 09:33:01 -------- d-----w- C:\PROGRA~2\Google 2016-05-24 11:49:41 -------- d---a-w- C:\PROGRA~2\Apple Software Update 2016-05-20 08:45:15 -------- d---a-w- C:\PROGRA~2\QuickTime 2016-05-20 08:45:03 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2016-05-31 09:32:42 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Google 2016-05-30 11:06:45 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Gebruiker\AppData\Local\resmon.resmoncfg 2016-05-20 08:45:07 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Apple ====== C:\Users\Gebruiker ====== 2016-05-31 09:32:39 575FD9760C0AE0CA2CC9BC70EB834DE0 987728 ----a-w- C:\Users\Gebruiker\Downloads\ChromeSetup (1).exe 2016-05-31 09:30:17 575FD9760C0AE0CA2CC9BC70EB834DE0 987728 ----a-w- C:\Users\Gebruiker\Downloads\ChromeSetup.exe 2016-05-20 08:45:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-05-20 08:45:15 -------- d-----w- C:\ProgramData\Apple Computer 2016-05-20 08:45:03 -------- d-----w- C:\ProgramData\Apple 2016-05-20 08:41:54 1A762049BEF7FC3A53014833757DE2D2 41896256 ----a-w- C:\Users\Gebruiker\Downloads\QuickTimeInstaller.exe ====== C: exe-files == 2016-05-31 09:38:35 E8B364111F317A60DF073826E628FF6F 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe 2016-05-31 09:38:35 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe 2016-05-31 09:38:35 54D932590CEAB260ADC4FF79797B21D9 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe 2016-05-31 09:38:35 108CB30A5B4C5247E414A3086458FCFC 92824 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe 2016-05-31 09:38:34 A425CDCEB9D26E9A5ABAFA259799D447 312472 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe 2016-05-31 09:38:34 56FE3C885B0901601549E23E7A435984 250008 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe 2016-05-31 09:38:34 50FCC5C822A6B4FC6F377EE9F9F37C7B 152216 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe 2016-05-31 09:38:34 13FF5C375BD0C702EA1252E79592692F 135832 ----atw- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe 2016-05-31 09:38:33 5AB2C2DBC3108A2F7275A2F232FA8036 987040 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe 2016-05-31 09:33:14 921B29F828C92112CE00A83794E77035 52703136 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\51.0.2704.63\51.0.2704.63_chrome_installer_win64.exe 2016-05-31 09:33:01 750446ED76A5D13E902174DDDDA1A62B 154440 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2016-05-31 09:32:39 575FD9760C0AE0CA2CC9BC70EB834DE0 987728 ----a-w- C:\Users\Gebruiker\Downloads\ChromeSetup (1).exe 2016-05-31 09:30:17 575FD9760C0AE0CA2CC9BC70EB834DE0 987728 ----a-w- C:\Users\Gebruiker\Downloads\ChromeSetup.exe 2016-05-27 08:40:56 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\22863580-979F-4ABA-A93C-CE2E7BE952DA\DismHost.exe 2016-05-27 08:00:49 F7D64E565C7D582A1D072058EDC040A4 48840 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe 2016-05-27 08:00:49 A059084E2A5CC04A5AB0C4A349A072F0 559856 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe 2016-05-27 08:00:49 5A035C05FC003E651F8F49084561C4BC 94048 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe 2016-05-27 08:00:49 100A60B2782B6CFFB48C7BAF2A9A3F24 1163552 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe 2016-05-27 08:00:49 0091934DC3750E95F5E421DD37107E32 5841192 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe 2016-05-27 08:00:48 DB57494BAA98FDFE7F840A2276D89AB7 483656 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe 2016-05-27 08:00:48 88663E7EF4CD6DED49FF6D3FF6A7A529 7988520 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe 2016-05-27 08:00:48 548E5ABEBCD3097E2023A34107A8503C 851736 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe 2016-05-27 08:00:48 4F29505A7AFD908CC3C7380890427BB7 490272 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe 2016-05-27 08:00:48 455FD410067B0D73E9F6D6B9724AE3D3 537864 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe 2016-05-27 08:00:48 3AEC284F42C21FEB3FEEEC45652CFA74 883416 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe 2016-05-27 08:00:47 0A15BED6D572F00AD85ACAF4EF600F61 1932480 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\winword.exe 2016-05-27 08:00:44 8328A6719B12F120ABF4BC3146F76D83 25737408 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excel.exe 2016-05-27 08:00:44 11F3DF00F1ABFE3D6731C92E2601EBA7 526680 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe 2016-05-27 08:00:44 093042185BEBAAB0E57F25416452207A 21953728 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2016-05-27 08:00:43 102E48C032B94A36BC56F8C8B85D9C9E 642336 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\integrator.exe 2016-05-27 08:00:43 06DB79BACA734414B2E1A1C5FF7EA822 238328 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\clview.exe 2016-05-27 08:00:29 436EF417DCE9F22958AA833EA966D381 578912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "OneDrive"="C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "kpm.exe"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe -autoStart" [HKEY_USERS\S-1-5-21-2751654607-3295015697-164376362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "OneDrive"="C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "kpm.exe"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe -autoStart" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/05/2016 11:33] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/05/2016 11:33] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{B345FFC5-C7B9-4563-8DF1-932A978447B0}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox" [23/05/2016 11:56] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka[] Google Slides - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Kaspersky Protection - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka Google Sheets - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfatj0jBoh3HFBB01omW_NFN8huQRKbhQ52c7QNDrO7OZV3fVjK1i05g26yx3IyKGKuN1iweVf3DtB1DjkjzkjED5Zi1Ye0e0HL7TAHSk9dOwqLePD1uWnQW0H5jL-xfPDKBf_7lTvE5Y" "Search Page"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfatj0jBoh3HFBB01omW_NFN8huQRKbhQ52c7QNDrO7OZV3fVjK1i05g26yx3IyKGKuN1iweVf3DtB1xG6Bm5Ej4fmpvmaOXI3rjaynn_s0xqTYK1lu8edWkTlI76PP5DL1RPF8rTZbeg&q={searchTerms}" "Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfatj0jBoh3HFBB01omW_NFN8huQRKbhQ52c7QNDrO7OZV3fVjK1i05g26yx3IyKGKuN1iweVf3DtB1xG6Bm5Ej4fmpvmaOXI3rjaynn_s0xqTYK1lu8edWkTlI76PP5DL1RPF8rTZbeg&q={searchTerms}" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfatj0jBoh3HFBB01omW_NFN8huQRKbhQ52c7QNDrO7OZV3fVjK1i05g26yx3IyKGKuN1iweVf3DtB1xG6Bm5Ej4fmpvmaOXI3rjaynn_s0xqTYK1lu8edWkTlI76PP5DL1RPF8rTZbeg&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfatj0jBoh3HFBB01omW_NFN8huQRKbhQ52c7QNDrO7OZV3fVjK1i05g26yx3IyKGKuN1iweVf3DtB1xG6Bm5Ej4fmpvmaOXI3rjaynn_s0xqTYK1lu8edWkTlI76PP5DL1RPF8rTZbeg&q={searchTerms}" "SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfatj0jBoh3HFBB01omW_NFN8huQRKbhQ52c7QNDrO7OZV3fVjK1i05g26yx3IyKGKuN1iweVf3DtB1xG6Bm5Ej4fmpvmaOXI3rjaynn_s0xqTYK1lu8edWkTlI76PP5DL1RPF8rTZbeg&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02