
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by L‚on on ma 26-09-2016 at 11:50:33,96.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\LON~1\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

26-9-2016 11:54:12 Zoek.exe System Restore Point Created Successfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Empty Folders Check ======================

C:\PROGRA~2\TSSI deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\Users\LON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\InViewer deleted successfully
C:\Users\LON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Juice deleted successfully
C:\Users\LON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\MP3Gain deleted successfully
C:\Users\LON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Wox deleted successfully
C:\PROGRA~3\install_clap deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully
C:\Users\LON~1\AppData\Local\ONLYOFFICE deleted successfully
C:\Users\LON~1\AppData\Local\Opera Software deleted successfully
C:\Users\LON~1\AppData\Local\Stefan_Wobbe deleted successfully
C:\Users\LON~1\AppData\Local\Windscribe deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3985488779-3452437005-2477218925-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9FC4A34-F817-408D-A58C-9293A2CB7E0D} deleted successfully
HKEY_USERS\S-1-5-21-3985488779-3452437005-2477218925-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0464B47C-EE52-4B36-8564-67A7D7D4CBEE} deleted successfully
HKEY_USERS\S-1-5-21-3985488779-3452437005-2477218925-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FEF6B6EB-260C-4E05-BA37-5A6C8D67D299} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

360 Total Security  
7-Zip 16.02 (x64)  
Acer Crystal Eye webcam  
Active@ Hard Disk Monitor  
Adobe Flash Player 23 ActiveX  
Adobe Flash Player 23 NPAPI  
Adobe Flash Player 23 PPAPI  
Any Audio Converter 6.0.3  
Ashampoo Photo Commander 11 v.11.1.9  
Ashampoo Photo Commander 12 v.12.0.13  
Atheros Client Installation Program  
Audio Record Wizard  
BDAntiRansomware  
Boilsoft Screen Recorder 1.05  
CCleaner  
Creative Centrale  
Creative Software Update  
Creative ZEN X-Fi Style Documentatie  
Everything 1.3.4.686 (x64)  
f.lux  
FastStone Image Viewer 5.9  
FolderIco 4.0  
Free Photo Viewer  
GemistDownloader  
HitmanPro 3.7  
iResizer 3.0  
Juice 2.2  
K-Lite Codec Pack 12.3.5 Basic  
KB Piano 2.5.1 GOTD  
KC Softwares SUMo  
MEGAsync  
Microsoft .NET Framework 4.6.1  
Microsoft .NET Framework 4.6.1 (Nederlands)  
Microsoft .NET Framework 4.6.1 (NLD)  
Microsoft Office Click-to-Run 2010  
Microsoft Office Starter 2010 - English  
Microsoft OneDrive  
Microsoft Silverlight  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Movavi Video Editor 11 for PC Format  
Mozilla Firefox 49.0.1 (x64 nl)  
Mozilla Maintenance Service  
Mp3tag v2.78  
Photo Stamp Remover 8.3  
Privacy Eraser  
PT Portrait - Standard Edition 3.2  
RadioSure  
Realtek High Definition Audio Driver  
Recuva  
Reliability Update for Microsoft .NET Framework 4.6.1 (KB3179949)  
Romantic Photo version 2.00  
ScreenCamera registered to GiveAwayOfTheDay versie 3.1.1.71  
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3164025)  
Simply Good Pictures 4 Free  
Sketch Drawer 4.0  
SoftMaker Office Standard 2012  
SoftOrbits Photo Editor 2.2  
SRWare Iron (64-Bit) versie 53.0.2800.0  
STACK  
SumatraPDF  
SUPERAntiSpyware  
SuperEZ Wave Editor Pro v12.2.6  
TamoSoft Throughput Test  
Unlocker 1.9.2  
Video to Picture 5.3  
Videomizer 2  
Vista Shortcut Manager x64  
VLC media player  
WinPcap 4.1.3  
WinX HD Video Converter Deluxe 5.9.4  
YoWindow  
Zoom Player (remove only)  
Zoom Player deutsche Sprachdateien (entfernen)  

==== Running Processes ======================

C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Users\Léon\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\Léon\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\ProgramData\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Users\Léon\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3957 MB
CPU Info: Intel(R) Pentium(R) CPU        P6100  @ 2.00GHz
CPU Speed: 1993,9 MHz
Sound Card: Luidsprekers (Realtek High Defi | 
Display Adapters: ATI Mobility Radeon HD 5470             | ATI Mobility Radeon HD 5470             | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Broadcom NetLink (TM) Gigabit Ethernet
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT30N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Mouse Present
Hard Disks: C:  465,7GB | Q:  0,0MB
Hard Disks - Free: C:  317,8GB | Q:  0,0MB
Manufacturer *: Phoenix Technologies LTD
BIOS Info: AT/AT COMPATIBLE | 08/25/10 | ACRSYS - 6040000
Time Zone: West-Europa (standaardtijd)
Motherboard *: Acer            Aspire 7741
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

AV: 360 Total Security *Disabled/Updated* {0371CA44-3F80-A1D3-BECE-910620B58D50}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 360 Total Security *Disabled/Updated* {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
Default Browser: Firefox	49.0.1
Internet Explorer Version: 11.0.9600.18449 
Flash Player version: 23.0.0.162

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-09-21 07:27:42	38AE1B3C38FAEF56FE4907922F0385BA	3229696	----a-w-	C:\Windows\explorer.exe
====== C:\Users\LON~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-09-21 07:28:28	9CAD748C59DBD8EDB53ABDA364FF376A	11410432	----a-w-	C:\Windows\SysWOW64\wmp.dll
2016-09-21 07:28:28	9B4F4DBBC088BAFACF92890FC2D2A01A	988160	----a-w-	C:\Windows\SysWOW64\drmv2clt.dll
2016-09-21 07:28:27	8EB808138DEE25BA53D331A14BFD39D8	3209216	----a-w-	C:\Windows\SysWOW64\mf.dll
2016-09-21 07:28:27	730D1A6314222A79058F78D4CB96EC85	617984	----a-w-	C:\Windows\SysWOW64\wmdrmsdk.dll
2016-09-21 07:28:26	CE257A97D20DD8BC28E8D720BE980F09	442368	----a-w-	C:\Windows\SysWOW64\AUDIOKSE.dll
2016-09-21 07:28:26	ADE1853922C226DC1A9EA154A2EDEE05	12574208	----a-w-	C:\Windows\SysWOW64\wmploc.DLL
2016-09-21 07:28:26	8949A93520F7008C3B7AD320A0EEA267	1178112	----a-w-	C:\Windows\SysWOW64\WsmSvc.dll
2016-09-21 07:28:25	A9DEBA92E58E4BA20D99E8C0EA911642	214016	----a-w-	C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-21 07:28:24	918F91656FEB3D896A790A95FDAF47B8	146944	----a-w-	C:\Windows\SysWOW64\WsmAuto.dll
2016-09-21 07:28:24	3AE4191A320803F49BA101C15221C0B3	199168	----a-w-	C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-21 07:28:24	31EB4BD6ED72AE69382F427A221D3498	249344	----a-w-	C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-09-21 07:28:23	D55A6842A7B9AF46DFE1990FAA802BED	1005056	----a-w-	C:\Windows\SysWOW64\cryptui.dll
2016-09-21 07:28:23	B9207CFAB9E4D7B4F015694FBAFBD8EA	744960	----a-w-	C:\Windows\SysWOW64\blackbox.dll
2016-09-21 07:28:23	B2ABA92F93B3B1BD241EC284BBF53DE1	195072	----a-w-	C:\Windows\SysWOW64\AudioSes.dll
2016-09-21 07:28:23	78447010471493D83301BDC26A7DC178	374784	----a-w-	C:\Windows\SysWOW64\AudioEng.dll
2016-09-21 07:28:22	D161CB594609D47C8E9B7599F3195E56	80896	----a-w-	C:\Windows\SysWOW64\cryptsp.dll
2016-09-21 07:28:22	8BA94352C881197F31FA6CAE2AF429B3	406016	----a-w-	C:\Windows\SysWOW64\drmmgrtn.dll
2016-09-21 07:28:22	57A806DF3C9F5E75B405152A5ACF71A6	265216	----a-w-	C:\Windows\SysWOW64\msnetobj.dll
2016-09-21 07:28:22	4CFD96C18DC103E5D92E4333BB663EC1	10240	----a-w-	C:\Windows\SysWOW64\wsmplpxy.dll
2016-09-21 07:28:22	42F81C6A3835FE279B254AA2CB7B38FE	12288	----a-w-	C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-21 07:28:22	148651465E24BB7D5F35FD87E5837025	504320	----a-w-	C:\Windows\SysWOW64\msscp.dll
2016-09-21 07:28:21	B8C26E61ABBDD9F47FCA9EAA613A3A9F	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2016-09-21 07:28:21	8D9C6CD3966AA8322D3F15533D08CC47	1329664	----a-w-	C:\Windows\SysWOW64\quartz.dll
2016-09-21 07:28:21	6211282EDFB9577773CCFFFA8D97ED67	354816	----a-w-	C:\Windows\SysWOW64\mfplat.dll
2016-09-21 07:28:21	248F7D11EEA0B85158343942B4967D0C	519680	----a-w-	C:\Windows\SysWOW64\qdvd.dll
2016-09-21 07:28:20	A9B552F2F039119661A388B986EF3DCA	489984	----a-w-	C:\Windows\SysWOW64\evr.dll
2016-09-21 07:28:20	0F9B73CA9BD4C4A2ABD7BE71CAA76695	103424	----a-w-	C:\Windows\SysWOW64\mfps.dll
2016-09-21 07:28:19	FA36C46C3C35335093C36B8E28FBB0C4	8192	----a-w-	C:\Windows\SysWOW64\spwmp.dll
2016-09-21 07:28:19	D1231DA7AC171483B85685F0AD325DCE	54272	----a-w-	C:\Windows\SysWOW64\WsmRes.dll
2016-09-21 07:28:19	BAD7422556D0F387FFA49F9F983970DB	179200	----a-w-	C:\Windows\SysWOW64\wintrust.dll
2016-09-21 07:28:19	B87CEA4E4AC19B13026FB2026CE2ADAB	1176064	----a-w-	C:\Windows\SysWOW64\crypt32.dll
2016-09-21 07:28:19	B6D5D5A08AC21B315B36849137FCF5BE	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2016-09-21 07:28:19	8B51433AC5E699C1BB694F64778071B9	106496	----a-w-	C:\Windows\SysWOW64\cryptnet.dll
2016-09-21 07:28:19	6F8E0D147E53D4CE2F4D975AB976E80A	145920	----a-w-	C:\Windows\SysWOW64\cryptsvc.dll
2016-09-21 07:28:18	C0F972C9D4E74545A94716329B28B31B	2048	----a-w-	C:\Windows\SysWOW64\mferror.dll
2016-09-21 07:28:18	3E81615CA44C00F84102079240A8048B	4096	----a-w-	C:\Windows\SysWOW64\msdxm.ocx
2016-09-21 07:28:18	3E81615CA44C00F84102079240A8048B	4096	----a-w-	C:\Windows\SysWOW64\dxmasf.dll
2016-09-21 07:27:43	ABC113054366C0102F134D181162CB86	12880384	----a-w-	C:\Windows\SysWOW64\shell32.dll
2016-09-21 07:27:42	6DDCA324434FFA506CF7DC4E51DB7935	2972672	----a-w-	C:\Windows\SysWOW64\explorer.exe
2016-09-21 07:27:41	C87F30E76C2692C13A10CD3A22719E2C	1806848	----a-w-	C:\Windows\SysWOW64\authui.dll
2016-09-21 07:27:41	6DDBA73DD781D6CC3CC5A2E8A3E99092	1499648	----a-w-	C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-21 07:24:34	9704C3ABF5163E67F6A6FCCA79DAD35C	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2016-09-14 08:19:52	E81C4D5B6A678F36F052438A49CD5B48	91136	----a-w-	C:\Windows\SysWOW64\inseng.dll
2016-09-14 08:19:52	B51C5F590E3453207B31B10858DE00CD	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 08:19:52	AB348819D1384A6B61FFF982E3197404	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 08:19:52	8629C49C837FCD69B0163AFB8C30FD69	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2016-09-14 08:19:52	165587D25D4C8BE398A050BAD971C906	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2016-09-14 08:19:51	FCDB0FD3A1ECDAFA4C953ED0F0AF5071	20312064	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2016-09-14 08:19:51	CAABD0302911066D4860DCA5BA0F210E	346320	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 08:19:51	AB37C67BF2E2D24758FFD209BD907A97	498688	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2016-09-14 08:19:51	A8F96A50D37297F7C050DDEE79ABA0B2	1316352	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2016-09-14 08:19:51	A1A34F3FC6828BC3607AF37688A1C03C	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 08:19:51	903AB195DEF789E1E8B2641766E2C980	692736	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 08:19:51	0DD908ABA314823CEA0D7EEFDB800E50	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 08:19:50	E02CDB97D376EA55E840807A6E8D61E0	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 08:19:50	5A4F9BCD0C08760A425183C32C641CAC	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2016-09-14 08:19:50	2D8A732E8380EF7BBB8E405B68A7732B	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 08:19:49	FAC7256D1205CD59C67BA85E8A4DC01C	476160	----a-w-	C:\Windows\SysWOW64\ieui.dll
2016-09-14 08:19:49	D04E1DD0C0DBEC3568F0AEEB1B8601E4	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 08:19:49	CB989AF28CEB4E71D127FA1E0686E676	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2016-09-14 08:19:49	9AD01E0F56F5F310BBEBA8AEF7729FD0	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 08:19:49	570E0391BFC0CCFB6E1F63C35DF0F47E	2286592	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2016-09-14 08:19:49	4182A960B163AE8E9B4C5AE1F1FBDF20	2055680	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 08:19:49	0823693EDBABAC06FF955D9E7501FAF2	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 08:19:48	C38EBAE98B5D2B4A5F9370FB4EE6FB4B	13808128	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2016-09-14 08:19:46	EDE952C03267767A05F9C7800C4116A8	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 08:19:46	6904CC18680F8746C8F7873701A5D1C0	4607488	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2016-09-14 08:19:46	47D100AC1CDF0B19332387CB7E1FEF8F	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 08:19:46	0A944A150B5BDFF106F0FC6CCC9FBBD5	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2016-09-14 08:19:45	D8F0B919B727443B079D907164D3C0F1	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2016-09-14 08:19:45	54C506F1B569AA25BD06428C9563F61A	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 08:19:45	42B01C859A89EEA6237DBD9A290DF857	2445824	----a-w-	C:\Windows\SysWOW64\wininet.dll
2016-09-14 08:19:45	2283E1E7CB05E77DA2A6D728464C5277	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2016-09-14 08:18:21	C7F9A2FBB73D75191FBF88ACB2563765	3944680	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 08:18:21	6C776DB52210002932F3C97C29FDE894	4000488	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 08:18:20	9FFAA819B32476804ED0FED6DD245094	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2016-09-14 08:18:20	95BF306BE1D8C32867F680766788931E	254464	----a-w-	C:\Windows\SysWOW64\schannel.dll
2016-09-14 08:18:20	87BA3E79C594ABCFB576CE20E557E301	1314112	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2016-09-14 08:18:19	6FE508E1F2533759EFBA6552CE8EC3CF	342528	----a-w-	C:\Windows\SysWOW64\certcli.dll
2016-09-14 08:18:19	0C906DFCC35D764FF80989ECC541DCC8	666112	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 08:18:18	FEF5B7E2CC88215E7D4789C13C1B5729	275456	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 08:18:18	FEDCCF1CB54068C113C3ADF9B7ACB0A3	172032	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2016-09-14 08:18:18	DE71C18B03FBFFF648F5DBB0C5477F0F	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2016-09-14 08:18:18	D58FF04BAC142931F69BB5525BDAAD19	141312	----a-w-	C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 08:18:18	D3018C01809D5D7DBDCEF5F722B09E91	36352	----a-w-	C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 08:18:18	901B8E4C2BA406EDCA8B3A8DADA4AD6E	644096	----a-w-	C:\Windows\SysWOW64\advapi32.dll
2016-09-14 08:18:18	71367FF56BBB71C750E2D031DF346531	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 08:18:18	4879889B8AA5A4C01A63BDF84A343371	260608	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 08:18:18	2BA37F90ABD36251A53C2769ADD55BC4	553472	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2016-09-14 08:18:18	2A7D01A465922F6C521B23DCE51F16C6	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2016-09-14 08:18:18	29F32A8694D634649B8E84B5EC8F08B2	223232	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 08:18:17	B6B0210E9F4F961B52C88B605176E1F2	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 08:18:17	98AF306170576A41573013C17D68570B	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-09-14 08:18:17	881EDFC0B3103ADFD50B1ED7B3C97060	50688	----a-w-	C:\Windows\SysWOW64\appidapi.dll
2016-09-14 08:18:17	60ACCB7E0462A6269C8E07ADA5A651FB	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2016-09-14 08:18:17	3D46E4BF61A20565347BBFBD7759F189	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2016-09-14 08:18:17	33F4F776DEDCE9D88A991C560F854460	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2016-09-14 08:18:16	BECA6760255CD050FF3754119D1AF580	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 08:18:16	A1263219C202979CCFE4FD9AD99DBC00	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2016-09-14 08:18:16	81512CEA265D3C0DEB4F4557C693E768	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2016-09-14 08:18:16	54B44043A7298DCD7C0B54912EEA8CA6	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2016-09-14 08:18:16	2A18A51C9BBFE9B98EB594B09B27B476	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2016-09-14 08:18:16	1D8D59ED918612CA5E3731275E5C4EEC	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2016-09-14 08:18:16	05DBB27C81C29AD8627FA631E7F1834B	690688	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2016-09-14 08:17:30	61B2A783334B96D790FED4B9554E23CD	581632	----a-w-	C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 08:17:28	0FBC0E335B65EE5A0175631237817510	833024	----a-w-	C:\Windows\SysWOW64\user32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-09-25 06:43:05	4B51D5D7A0B7BFBC628C970A77F8D544	289080	----a-w-	C:\Windows\Sysnative\FNTCACHE.DAT
2016-09-21 07:28:30	A81EFD2BF60C73A090C276AEC02A68D1	1202176	----a-w-	C:\Windows\Sysnative\drmv2clt.dll
2016-09-21 07:28:29	1539E704316A2E9576F8557AD58B8764	14632960	----a-w-	C:\Windows\Sysnative\wmp.dll
2016-09-21 07:28:28	EBDA1B0F15CB9B2CBCC6C94824E4E054	2023424	----a-w-	C:\Windows\Sysnative\WsmSvc.dll
2016-09-21 07:28:28	BBF25B345B457322618E28585B6AD93C	461312	----a-w-	C:\Windows\Sysnative\scavengeui.dll
2016-09-21 07:28:28	8170DC98A586807273E2B8AE4353B91D	782848	----a-w-	C:\Windows\Sysnative\wmdrmsdk.dll
2016-09-21 07:28:27	C6F9222F39A035540D6D53C139C5740C	499712	----a-w-	C:\Windows\Sysnative\AUDIOKSE.dll
2016-09-21 07:28:26	A5D19345AE598AAB59F7160B0A8EE206	12574720	----a-w-	C:\Windows\Sysnative\wmploc.DLL
2016-09-21 07:28:26	67C717EC24FCAAE7B518D9E06AD036AB	680448	----a-w-	C:\Windows\Sysnative\audiosrv.dll
2016-09-21 07:28:25	F620F03630DD4BEAB76AC7246CB1B563	182272	----a-w-	C:\Windows\Sysnative\WsmAuto.dll
2016-09-21 07:28:25	D02200FD73974A81F4C082C10B8A4C62	347136	----a-w-	C:\Windows\Sysnative\WSManMigrationPlugin.dll
2016-09-21 07:28:25	BEAF50AC3812C2D5809BAD0E2D04303E	310784	----a-w-	C:\Windows\Sysnative\WsmWmiPl.dll
2016-09-21 07:28:25	9BFD7573A63315FE03FE636D9B739729	4121600	----a-w-	C:\Windows\Sysnative\mf.dll
2016-09-21 07:28:25	571DA0C23404613A97FD06F940C81959	266752	----a-w-	C:\Windows\Sysnative\WSManHTTPConfig.exe
2016-09-21 07:28:24	FA5DB1F2D5E849E683C2DDDBF0CDE8E7	641024	----a-w-	C:\Windows\Sysnative\msscp.dll
2016-09-21 07:28:24	D204193AE858F18F901EF2B004A01CD6	125952	----a-w-	C:\Windows\Sysnative\audiodg.exe
2016-09-21 07:28:24	879F46C608C08E5FC24E0B9952E7E60E	497664	----a-w-	C:\Windows\Sysnative\drmmgrtn.dll
2016-09-21 07:28:24	3CD83692C43D87088E85E3C916146FFB	187904	----a-w-	C:\Windows\Sysnative\pcasvc.dll
2016-09-21 07:28:24	3B5411975BE627B9A705F76B82E0DA87	1068544	----a-w-	C:\Windows\Sysnative\cryptui.dll
2016-09-21 07:28:23	FBE484A6F52433170CAE73EC61A6018E	440320	----a-w-	C:\Windows\Sysnative\AudioEng.dll
2016-09-21 07:28:23	FB442A0B6833A871BDDE927A9E72E063	842240	----a-w-	C:\Windows\Sysnative\blackbox.dll
2016-09-21 07:28:23	774A965EE0932641E0ABE88EB3FE7D12	295936	----a-w-	C:\Windows\Sysnative\AudioSes.dll
2016-09-21 07:28:23	5BB200BCAB35AF071C041FD478699358	325632	----a-w-	C:\Windows\Sysnative\msnetobj.dll
2016-09-21 07:28:22	E75C0FEF3E9DF899A58657C2D1115DB7	81920	----a-w-	C:\Windows\Sysnative\cryptsp.dll
2016-09-21 07:28:22	A2D4C84FB6D01FCCF26C896C170AE117	37376	----a-w-	C:\Windows\Sysnative\pcadm.dll
2016-09-21 07:28:22	4AB1E1E0ECF0BD2686574A0AD7DD4AA6	13824	----a-w-	C:\Windows\Sysnative\wsmprovhost.exe
2016-09-21 07:28:22	2188DE5FA5C741FB2B81EB9F37D26BA7	433152	----a-w-	C:\Windows\Sysnative\mfplat.dll
2016-09-21 07:28:22	0DDDBF9B5EB614966C82069C1A30E5C4	12800	----a-w-	C:\Windows\Sysnative\wsmplpxy.dll
2016-09-21 07:28:21	C6CA690108CD85F91D11EC49340D651F	9728	----a-w-	C:\Windows\Sysnative\pcalua.exe
2016-09-21 07:28:21	BEB3102A720070645849B9EBB9C1238F	1573888	----a-w-	C:\Windows\Sysnative\quartz.dll
2016-09-21 07:28:21	B6A2C387AE322DAA2FE6B7087831DFF5	1483264	----a-w-	C:\Windows\Sysnative\crypt32.dll
2016-09-21 07:28:21	AA1511B6284FA984305DA2D673B86ABE	24576	----a-w-	C:\Windows\Sysnative\mfpmp.exe
2016-09-21 07:28:21	96444A8B9376FA8154C0564E2577B7D8	284672	----a-w-	C:\Windows\Sysnative\EncDump.dll
2016-09-21 07:28:21	9266E0DD597F313882AC3BE3D0A4FFB5	11264	----a-w-	C:\Windows\Sysnative\pcawrk.exe
2016-09-21 07:28:21	8BF9B33C595DD7382068F5BA5D372C5C	371712	----a-w-	C:\Windows\Sysnative\qdvd.dll
2016-09-21 07:28:21	88B02459B2E7FB56A9C64B36545D6AB8	632320	----a-w-	C:\Windows\Sysnative\evr.dll
2016-09-21 07:28:21	55123EEC2DD8769E1425A2F5C920AE2B	206848	----a-w-	C:\Windows\Sysnative\mfps.dll
2016-09-21 07:28:20	F5A0461E0434D132A86AE577E924F546	228864	----a-w-	C:\Windows\Sysnative\wintrust.dll
2016-09-21 07:28:20	CBD0E56A0B75697C55933C32DB28588D	55808	----a-w-	C:\Windows\Sysnative\rrinstaller.exe
2016-09-21 07:28:20	BB724567892383010B8436DCC0A84628	190976	----a-w-	C:\Windows\Sysnative\cryptsvc.dll
2016-09-21 07:28:20	5F40C9D0CB4691E0AD9705ABDA6329C0	141824	----a-w-	C:\Windows\Sysnative\cryptnet.dll
2016-09-21 07:28:19	D198B3EB6CA58D957F1791596A0A9221	9728	----a-w-	C:\Windows\Sysnative\spwmp.dll
2016-09-21 07:28:19	A5BCBA42E3D095EA64A46BE8336E32C0	5120	----a-w-	C:\Windows\Sysnative\msdxm.ocx
2016-09-21 07:28:19	A5BCBA42E3D095EA64A46BE8336E32C0	5120	----a-w-	C:\Windows\Sysnative\dxmasf.dll
2016-09-21 07:28:19	A0B5A130AFE29CCF62889808B0120515	54272	----a-w-	C:\Windows\Sysnative\WsmRes.dll
2016-09-21 07:28:19	4D7B44D937F9B927E8DD8FCCE395E886	11264	----a-w-	C:\Windows\Sysnative\msmmsp.dll
2016-09-21 07:28:18	A75960CA7EEA8E23F97986984BB67899	8704	----a-w-	C:\Windows\Sysnative\pcaevts.dll
2016-09-21 07:28:18	32F5B725B0A52DE93B62A0F7B4197957	2048	----a-w-	C:\Windows\Sysnative\mferror.dll
2016-09-21 07:27:44	F7961998A082806CF71CF63F0E81EAC8	14183424	----a-w-	C:\Windows\Sysnative\shell32.dll
2016-09-21 07:27:41	BCFAF911FE43F80124C3A68BB07130A9	1867776	----a-w-	C:\Windows\Sysnative\ExplorerFrame.dll
2016-09-21 07:27:41	20CB3C4684F8EC7FF3C0F68836A75662	1941504	----a-w-	C:\Windows\Sysnative\authui.dll
2016-09-21 07:24:34	C365622F20C5525865216A96BF692E99	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
2016-09-14 08:19:52	BEB502E8862341FEB95DFC6B6284115D	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2016-09-14 08:19:52	B97F87192E714AD89FB7EF4A18A4C32A	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2016-09-14 08:19:52	87AFFBBDF1AE74DC181A1CDE9027EA89	724992	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2016-09-14 08:19:52	3CE829A63256939949A6EEEEC28D14F9	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2016-09-14 08:19:52	2D02B511AA07FCEA609454DE106EDB76	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2016-09-14 08:19:51	682A64FD861CDFB45F67AA5FE17BA1A1	107520	----a-w-	C:\Windows\Sysnative\inseng.dll
2016-09-14 08:19:51	4F748ADA19F30F3E7D4E0A1701DA7B89	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-09-14 08:19:50	0AC6429EC84835E46B6DFF4F942A04E6	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2016-09-14 08:19:49	B30F72CE629E162868B558DBAFB9CFD0	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-09-14 08:19:49	A28190FACB9A57460646DC34D1872602	1550848	----a-w-	C:\Windows\Sysnative\urlmon.dll
2016-09-14 08:19:49	937EF34C7D5BFEA2DE4D292CE891508D	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2016-09-14 08:19:49	7CB3C40A2217D66CE079C7C3A3E26E72	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2016-09-14 08:19:49	62FA32D750EE2EE4A5428EBB1D19579F	806400	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2016-09-14 08:19:49	468885F5A8EF535C283650172EEFF7A3	394440	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2016-09-14 08:19:48	2519AE972350743048572AE2B4468A6A	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2016-09-14 08:19:48	2324CEE54911FB2F19932EF17B8832DF	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2016-09-14 08:19:47	F4C01905813E54CD5BA23723B266913E	2131456	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2016-09-14 08:19:47	0E761BABDE88967371D7349E0ABC6533	2894336	----a-w-	C:\Windows\Sysnative\iertutil.dll
2016-09-14 08:19:46	7E7E95BD081708B6F25C8D53905C2555	576000	----a-w-	C:\Windows\Sysnative\vbscript.dll
2016-09-14 08:19:45	6BDCAE109401EE7C3BAE723CA07053BE	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2016-09-14 08:19:44	FCC72FD5CBADC4C0E9DFA57C39AEC7AB	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2016-09-14 08:19:44	EDFE9C542057783240B99AF1D22AB9E7	15411712	----a-w-	C:\Windows\Sysnative\ieframe.dll
2016-09-14 08:19:44	395A8C5912EF997552BC83825A2929A0	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2016-09-14 08:19:43	813CA8C89C2926FA99529D5F3AACC58D	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2016-09-14 08:19:43	14A3ACA98CB619425CCAF80C98BAFE9B	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2016-09-14 08:19:43	02D87281AF419BCC51CCC3E1212D4316	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2016-09-14 08:19:42	CF7437C37E29B7EE1C03A080D1BF2320	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2016-09-14 08:19:42	8F6C78FAAE2B608B95CC74B05F2B28EE	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2016-09-14 08:19:42	7936C38FA219F9677B6ADC1BD449312A	6047232	----a-w-	C:\Windows\Sysnative\jscript9.dll
2016-09-14 08:19:42	63FE1FCCA4DE89650B5F1B053F90C14D	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2016-09-14 08:19:41	F28B26DE031D6C7AC3F393417191A22F	2921472	----a-w-	C:\Windows\Sysnative\wininet.dll
2016-09-14 08:19:40	8697B372F86B785B6ED4ECCC4356A9BA	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2016-09-14 08:19:40	4E6BE9C51B49CB2727060E4F66CFA43D	417792	----a-w-	C:\Windows\Sysnative\html.iec
2016-09-14 08:19:40	4E37DAED89FE489530347D714272D5E1	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2016-09-14 08:19:39	33063F69D8E97D6A5C81AE5D9083239D	25770496	----a-w-	C:\Windows\Sysnative\mshtml.dll
2016-09-14 08:18:22	72D9FC1995B11D65FDAACF23C9607E85	5548264	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2016-09-14 08:18:20	EF275A532A94E4DEB0B5661ACB791B94	345600	----a-w-	C:\Windows\Sysnative\schannel.dll
2016-09-14 08:18:20	C9805CDE0B275E7554F9023497169B9B	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2016-09-14 08:18:20	B163D07568771A97DEFD950648679D13	706280	----a-w-	C:\Windows\Sysnative\winload.efi
2016-09-14 08:18:20	487601317F3DB0C972FE5ABE1F6A1557	44032	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2016-09-14 08:18:20	43AD6021706E7E7CCAA17740F5E9C077	631176	----a-w-	C:\Windows\Sysnative\winresume.efi
2016-09-14 08:18:20	0A42765C13B78202EF653E30FD27C5D7	1732864	----a-w-	C:\Windows\Sysnative\ntdll.dll
2016-09-14 08:18:20	0682C2EB736B22BF05C02D475A117A2F	463872	----a-w-	C:\Windows\Sysnative\certcli.dll
2016-09-14 08:18:19	D27D736D6D1CA572B474AED2D5EC95F9	730624	----a-w-	C:\Windows\Sysnative\kerberos.dll
2016-09-14 08:18:19	C5FA87D9F531D575F464494F9D05613D	1212928	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2016-09-14 08:18:19	563CCCAF39FDB0D937D024CC5F095913	880640	----a-w-	C:\Windows\Sysnative\advapi32.dll
2016-09-14 08:18:19	0220F878DB8D075BF1EF94BCDD2E055C	1464320	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2016-09-14 08:18:18	E05CBE6583B1AED1F860CCDDE666113E	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2016-09-14 08:18:18	DA5FADF15C43947A7AD8412D248E57F9	190464	----a-w-	C:\Windows\Sysnative\rpchttp.dll
2016-09-14 08:18:18	D443E764731A796558FF3C28CBDCB66F	63488	----a-w-	C:\Windows\Sysnative\setbcdlocale.dll
2016-09-14 08:18:18	CFAD4ECC5EBCA91B081CCBCA45A047EB	135680	----a-w-	C:\Windows\Sysnative\sspicli.dll
2016-09-14 08:18:18	C845001BA493FD701DE9C52965912632	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2016-09-14 08:18:18	C45A96B798B76ABF634A7CA48D60A80F	28672	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2016-09-14 08:18:18	B96D67F1BF78F1005B9D77EA7889F2B8	215552	----a-w-	C:\Windows\Sysnative\winsrv.dll
2016-09-14 08:18:18	B77589C7F1F2BA410F68B921E3D46AB7	210432	----a-w-	C:\Windows\Sysnative\wdigest.dll
2016-09-14 08:18:18	9AE1FCEC20546D3FB24DD568BFE74223	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2016-09-14 08:18:18	89067FE9C89648998445B0FB87C9B1DF	316416	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2016-09-14 08:18:18	7D3220956748820C31955C98E9469808	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2016-09-14 08:18:18	782DDA181B71FA8B03C439E5BF0A708B	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2016-09-14 08:18:18	766A34A54FC6A0ECBF8EDFD28A4F7D08	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2016-09-14 08:18:18	75BFFDCF1ACFA5EBC9A054B1CCB9B440	419840	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2016-09-14 08:18:18	74405C6FEF9AF0A6EB1D3E357158EDA4	312320	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2016-09-14 08:18:18	3752B0A50F1A239BCD549C753774572C	43520	----a-w-	C:\Windows\Sysnative\cryptbase.dll
2016-09-14 08:18:18	2C49C5C911D1BE2A815BC183C0B2FED1	34816	----a-w-	C:\Windows\Sysnative\appidsvc.dll
2016-09-14 08:18:18	1CCAF735FF8E0D1AE6A6F2C85CF2AF0E	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2016-09-14 08:18:18	0EDC6C454A9ACFE4B84725004678D453	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2016-09-14 08:18:18	0C709E54E665A336873463270B2AEEE9	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2016-09-14 08:18:18	0A1939D3261498FF0ADDB3FD65CC93E3	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2016-09-14 08:18:18	07FA7B813F15F0A19AF82D77CE8CF978	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2016-09-14 08:18:18	07932D7BA536B0BB58306A156A9AFC31	30720	----a-w-	C:\Windows\Sysnative\lsass.exe
2016-09-14 08:18:18	03EE5AA694175884095CB5126162D7E4	59904	----a-w-	C:\Windows\Sysnative\appidapi.dll
2016-09-14 08:18:17	F7F7E24FC6FBE3D74B6ABAF52656F66D	148480	----a-w-	C:\Windows\Sysnative\appidpolicyconverter.exe
2016-09-14 08:18:17	E4D394D0B3DEB6A49AD50941C44CFD83	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2016-09-14 08:18:17	BABBB1EF7402596711A3F418DDF73C7C	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2016-09-14 08:18:17	7979EA8F2EA15C930F2C8236F3F4F036	17920	----a-w-	C:\Windows\Sysnative\appidcertstorecheck.exe
2016-09-14 08:18:16	6B9B262066A4954D1BC8D55CD5A1DE1F	690688	----a-w-	C:\Windows\Sysnative\adtschema.dll
2016-09-14 08:18:16	41EE9CED8075A6D89431FC39DD60A278	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2016-09-14 08:18:16	26443F6B5D1692D97976C78E66F93B0B	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2016-09-14 08:18:16	162602852D72A20528620FC2865BA7D7	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2016-09-14 08:17:30	DBD79D5945FE150278EF5DE84B34A8BD	877056	----a-w-	C:\Windows\Sysnative\oleaut32.dll
2016-09-14 08:17:29	2EE086581ECBACC396B294A0112FF16D	3218432	----a-w-	C:\Windows\Sysnative\win32k.sys
2016-09-14 08:17:28	8F4B991E7837E8E0F90C856659456652	1009152	----a-w-	C:\Windows\Sysnative\user32.dll
====== C:\Windows\Sysnative\drivers =====
2016-09-21 07:28:25	8ADB5445B29941CB41AF2846FD5C93C7	94440	----a-w-	C:\Windows\Sysnative\drivers\mountmgr.sys
2016-09-21 07:28:23	EA4D67448BE493D543F1730D6CD04694	663552	----a-w-	C:\Windows\Sysnative\drivers\PEAuth.sys
2016-09-21 07:27:50	CFEAAF96E666E3DCBD8F6DFF516784AE	30720	----a-w-	C:\Windows\Sysnative\drivers\usbuhci.sys
2016-09-21 07:27:50	B626F048318DAE65A3317F0592BE592C	56320	----a-w-	C:\Windows\Sysnative\drivers\usbehci.sys
2016-09-21 07:27:50	B4DF0F4C1D9D25DFE1DAD1D8670F1D4F	25600	----a-w-	C:\Windows\Sysnative\drivers\usbohci.sys
2016-09-21 07:27:50	43F6BED028FA27D3F3CE852EDBBE0F81	327168	----a-w-	C:\Windows\Sysnative\drivers\usbport.sys
2016-09-21 07:27:50	390109E8E05BA00375DCB1ED64DC60AF	343552	----a-w-	C:\Windows\Sysnative\drivers\usbhub.sys
2016-09-21 07:27:50	28B81917A195B67617AF7DCF4DFE5736	99840	----a-w-	C:\Windows\Sysnative\drivers\usbccgp.sys
2016-09-21 07:27:49	614A71B78C6807D95A30A89B5A69669A	7808	----a-w-	C:\Windows\Sysnative\drivers\usbd.sys
2016-09-14 08:18:20	EB7BB4F58971F4FE099B3CE127346563	95464	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2016-09-14 08:18:20	6EBBA531A455E8F1092FD530A8682A97	154856	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-09-14 08:18:19	341C65D6D4E9AB705258AC83511F7ADD	159744	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-09-14 08:18:18	F93EDDF0B69760456C6E0D73405AC078	291328	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-09-14 08:18:18	A558D659B722FE5FB8C6E1BF288F7316	129536	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-09-14 08:18:18	52F8C264D3BF90D2726FDE6642A381D4	62464	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
2016-09-14 08:17:29	EC666682FE8344CF7E6ED69E74FA9F4F	464896	----a-w-	C:\Windows\Sysnative\drivers\srv.sys
2016-09-14 08:17:29	E450C0318DCE8ED28ED272C8806B8495	405504	----a-w-	C:\Windows\Sysnative\drivers\srv2.sys
2016-09-14 08:17:29	9C12C78AD36C23D925711A4640228225	168960	----a-w-	C:\Windows\Sysnative\drivers\srvnet.sys
====== C:\Windows\Tasks ======
2016-09-17 06:53:49	0350A76A45059F5CDA76A99FD6CD4218	3104	----a-w-	C:\Windows\Sysnative\Tasks\BDAntiCryptoWallTask
2016-09-02 06:51:24	--------	d-----w-	C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-09-24 18:29:42	--------	d-----w-	C:\Program Files\trend micro
2016-09-06 22:45:14	--------	d-----w-	C:\Program Files\SUPERAntiSpyware
2016-08-30 09:25:30	--------	d-----w-	C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2016-09-23 19:32:24	--------	d-----w-	C:\PROGRA~2\FreeCodecPack
2016-09-23 19:32:19	--------	d-----w-	C:\PROGRA~2\COMMON~1\DVDVideoSoft
2016-09-22 06:28:02	--------	d-----w-	C:\PROGRA~2\KC Softwares
2016-09-16 09:40:14	--------	d-----w-	C:\PROGRA~2\TamoSoft Throughput Test
2016-09-09 15:28:26	--------	d-----w-	C:\PROGRA~2\stack
======= C: =====
====== C:\Users\LON~1\AppData ======
2016-09-24 19:57:12	E5E05D1B0AA3D7BFD48569DEBE3FF145	63152	----a-w-	C:\Users\LON~1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-23 19:28:46	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\DVDVideoSoft
2016-09-23 17:14:22	--------	d-----w-	C:\Users\LON~1\AppData\Local\leda
2016-09-22 10:28:53	--------	d-----w-	C:\Users\LON~1\AppData\Local\Apps
2016-09-22 06:28:27	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\KC Softwares
2016-09-13 10:54:55	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Office Standard 2012
2016-09-09 15:30:04	--------	d-----w-	C:\Users\LON~1\AppData\Local\STACK
2016-09-06 22:53:32	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GemistDownloader
2016-09-06 17:49:45	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\Everything
2016-09-05 20:39:49	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\ProductData
2016-09-05 19:07:55	--------	d-----w-	C:\Users\LON~1\AppData\Local\Mega Limited
2016-09-05 12:53:11	--------	d-----w-	C:\Users\LON~1\AppData\Local\NPE
2016-08-30 07:44:43	--------	d-----w-	C:\Users\LON~1\AppData\Roaming\{12EB2450-37B9-4926-5C8F-6EF4805D93CA}
2016-08-30 07:44:19	--------	d-----w-	C:\Users\LON~1\AppData\Local\{12B624EA-361E-4852-5B86-6DBA7FEE9122}
2016-08-30 07:30:06	--------	d-----w-	C:\Users\LON~1\AppData\Local\SquirrelTemp
2016-08-27 19:50:01	--------	d-----w-	C:\Users\LON~1\AppData\Locallow\Adblock Plus for IE
====== C:\Users\LON~1 ======
2016-09-24 08:18:42	--------	d--h--r-	C:\Users\Public\Libraries
2016-09-23 19:32:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-09-21 07:49:07	--------	d-----r-	C:\Users\Public\Videos
2016-09-21 07:49:07	--------	d-----r-	C:\Users\Public\Music
2016-09-20 12:00:07	--------	d--h--w-	C:\Users\LON~1\Nieuwe map V
2016-09-19 18:48:54	--------	d-----r-	C:\Users\Public\Documents
2016-09-18 14:53:19	--------	d-----w-	C:\ProgramData\Ashampoo
2016-09-18 14:53:15	--------	d-----r-	C:\Users\Public\Pictures
2016-09-18 06:27:35	7220FAD57A4B3D9D9755C51198CC0386	174	--sh--w-	C:\Users\Public\desktop.ini
2016-09-18 06:27:35	--------	d--h--r-	C:\Users\Public\Desktop
2016-09-16 09:40:15	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TamoSoft Throughput Test
2016-09-15 19:53:49	D0C3F0827A1CC0107E5D42E23F664A84	3861056	----a-w-	C:\Users\LON~1\Desktop\adwcleaner_6.020.exe
2016-09-10 13:53:01	--------	d-----r-	C:\Users\LON~1\Mega
2016-09-09 13:24:35	--------	d-----r-	C:\Users\LON~1\Trans-ip
2016-09-08 07:25:05	--------	d-----w-	C:\Users\LON~1\Actueel
2016-09-07 10:36:50	--------	d-----w-	C:\ProgramData\Microsoft OneDrive
2016-09-06 22:45:21	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-09-05 20:33:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-09-05 19:07:45	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-09-05 19:07:30	--------	d-----w-	C:\ProgramData\MEGAsync
2016-09-04 11:50:13	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2016-08-30 09:26:01	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-08-30 09:25:12	--------	d-----w-	C:\ProgramData\HitmanPro

====== C: exe-files ==
2016-09-24 18:29:42	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Léon.exe
2016-09-23 19:32:25	D7DE01EB541D2C4D924F4F7A069097FB	141168	----a-w-	C:\Program Files (x86)\FreeCodecPack\Haali\mkv2vfr.exe
2016-09-23 19:32:25	C44533AD159EC52ED0ECFDF84875E00D	140144	----a-w-	C:\Program Files (x86)\FreeCodecPack\Haali\dsmux.x64.exe
2016-09-23 19:32:25	A8C730EEB5E2C86FACC3C955EE409169	164208	----a-w-	C:\Program Files (x86)\FreeCodecPack\Haali\mkv2vfr.x64.exe
2016-09-23 19:32:25	4FABD1DE723E6F3B2491AC70DFAB04F6	484208	----a-w-	C:\Program Files (x86)\FreeCodecPack\Haali\gdsmux.x64.exe
2016-09-23 19:32:25	3755FC10292CE34B9717B52DC9D82112	360816	----a-w-	C:\Program Files (x86)\FreeCodecPack\Haali\gdsmux.exe
2016-09-23 19:32:25	1AFDB1A41CE37F22C93717F44F7BE5A9	116592	----a-w-	C:\Program Files (x86)\FreeCodecPack\Haali\dsmux.exe
2016-09-23 19:32:24	D69CCD707D1810368448F0550E175B59	206312	----a-w-	C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\updhelper.exe
2016-09-23 19:32:20	B37BE26E4170951F4061E9DC0DA4DBD6	252392	----a-w-	C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\Assistant64.exe
2016-09-23 17:27:31	8459BE7574A3A4A1D88ED1BE2617659F	655176	----a-w-	C:\AdwCleaner\quarantine\files\leqmybqfrtefkicuobfphapomhiuqhes\rtop\uninstall.exe
2016-09-23 17:27:31	78D4E35044D83BC5F16E574ADDDC148B	565064	----a-w-	C:\AdwCleaner\quarantine\files\leqmybqfrtefkicuobfphapomhiuqhes\rtop\bin\rtop_bg.exe
2016-09-23 17:27:31	1E3B00B7645272F9033DDA2E26A0285B	254280	----a-w-	C:\AdwCleaner\quarantine\files\leqmybqfrtefkicuobfphapomhiuqhes\rtop\bin\rtop_svc.exe
2016-09-23 17:27:30	9B31080E452D4A7A2A648E4E8E0F3EE2	66970	----a-w-	C:\AdwCleaner\quarantine\files\leqmybqfrtefkicuobfphapomhiuqhes\Uninstall.exe
2016-09-23 17:27:30	6000CB3AD6D2FFBDB1403120BCE0E29E	110872	----a-w-	C:\AdwCleaner\quarantine\files\leqmybqfrtefkicuobfphapomhiuqhes\rsEngineHelper.exe
2016-09-23 17:27:30	3B7D9FA3F60058C71D2C399C2FB0DE6B	1719264	----a-w-	C:\AdwCleaner\quarantine\files\leqmybqfrtefkicuobfphapomhiuqhes\ByteFence.exe
2016-09-23 17:14:30	952061732F3C0833BAA993740E2C4D66	35649	----a-w-	C:\Users\Léon\AppData\Local\{12B624EA-361E-4852-5B86-6DBA7FEE9122}\sini.exe
2016-09-22 08:44:58	E035CE17AD87739AD4CD868607BE09B5	1090688	----a-w-	C:\Program Files (x86)\AnvSoft\Any Audio Converter\AACFree.exe
2016-09-22 06:28:02	A8B453E2A18598F44B6606D6AC6EBECD	825048	----a-w-	C:\Program Files (x86)\KC Softwares\SUMo\unins000.exe
2016-09-22 06:28:02	4BD519F765EB2BB434372C7388864447	1786584	----a-w-	C:\Program Files (x86)\KC Softwares\SUMo\SUMo.exe
2016-09-22 06:24:00	F5075DF7D62E2C3478FE8A289A03C7A6	6872823	----a-w-	C:\Users\Léon\AppData\Roaming\Anvsoft\Common\youtube-dl.exe
2016-09-22 06:24:00	F5075DF7D62E2C3478FE8A289A03C7A6	6872823	----a-w-	C:\Program Files (x86)\AnvSoft\Any Audio Converter\gnu\youtube-dl.exe
2016-09-21 07:28:26	71B07DABF3A21C2099775F2C1FFFE0F7	509672	----a-w-	C:\Windows\Boot\PCAT\memtest.exe
2016-09-21 07:28:25	571DA0C23404613A97FD06F940C81959	266752	----a-w-	C:\Windows\System32\WSManHTTPConfig.exe
2016-09-21 07:28:24	D204193AE858F18F901EF2B004A01CD6	125952	----a-w-	C:\Windows\System32\audiodg.exe
2016-09-21 07:28:24	3AE4191A320803F49BA101C15221C0B3	199168	----a-w-	C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-21 07:28:22	4AB1E1E0ECF0BD2686574A0AD7DD4AA6	13824	----a-w-	C:\Windows\System32\wsmprovhost.exe
2016-09-21 07:28:22	42F81C6A3835FE279B254AA2CB7B38FE	12288	----a-w-	C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-21 07:28:21	C6CA690108CD85F91D11EC49340D651F	9728	----a-w-	C:\Windows\System32\pcalua.exe
2016-09-21 07:28:21	B8C26E61ABBDD9F47FCA9EAA613A3A9F	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2016-09-21 07:28:21	AA1511B6284FA984305DA2D673B86ABE	24576	----a-w-	C:\Windows\System32\mfpmp.exe
2016-09-21 07:28:21	9266E0DD597F313882AC3BE3D0A4FFB5	11264	----a-w-	C:\Windows\System32\pcawrk.exe
2016-09-21 07:28:20	CBD0E56A0B75697C55933C32DB28588D	55808	----a-w-	C:\Windows\System32\rrinstaller.exe
2016-09-21 07:28:19	CECAD79489798640383581EE028F3BF3	102912	----a-w-	C:\Program Files\Windows Media Player\wmpshare.exe
2016-09-21 07:28:19	C5CCC59506C897319FA05FE9D8DF79C3	164864	----a-w-	C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2016-09-21 07:28:19	B6D5D5A08AC21B315B36849137FCF5BE	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2016-09-21 07:28:19	47FA191B50F64020EDBFC342C9AE478B	167424	----a-w-	C:\Program Files\Windows Media Player\wmplayer.exe
2016-09-21 07:28:18	FE6FDF52A349BE028B3F9E6E62E3061B	102400	----a-w-	C:\Program Files (x86)\Windows Media Player\wmpshare.exe
2016-09-21 07:28:18	E6A33FB3ECE43B6FA169F54C2B7FAE5D	102400	----a-w-	C:\Program Files\Windows Media Player\wmpconfig.exe
2016-09-21 07:28:18	5E891A1A5B1AF83C928FC80CE9055551	101888	----a-w-	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
2016-09-21 07:27:42	6DDCA324434FFA506CF7DC4E51DB7935	2972672	----a-w-	C:\Windows\SysWOW64\explorer.exe
2016-09-21 07:27:42	38AE1B3C38FAEF56FE4907922F0385BA	3229696	----a-w-	C:\Windows\explorer.exe
2016-09-21 07:24:34	7339DDA5031988D1A4399D57C546108D	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
=== C: other files ==
2016-09-24 15:54:08	095A9E59F9E0DE5C4CA42F46956E8D1B	7076	----a-w-	C:\Users\Léon\AppData\Roaming\Mozilla\Firefox\Profiles\txev5psl.default\features\{34500c3d-369a-4af9-8eb6-babb723a57f6}\e10srollout@mozilla.org.xpi
2016-09-21 07:28:25	8ADB5445B29941CB41AF2846FD5C93C7	94440	----a-w-	C:\Windows\System32\drivers\mountmgr.sys
2016-09-21 07:28:23	EA4D67448BE493D543F1730D6CD04694	663552	----a-w-	C:\Windows\System32\drivers\PEAuth.sys
2016-09-21 07:27:50	CFEAAF96E666E3DCBD8F6DFF516784AE	30720	----a-w-	C:\Windows\System32\drivers\usbuhci.sys
2016-09-21 07:27:50	B626F048318DAE65A3317F0592BE592C	56320	----a-w-	C:\Windows\System32\drivers\usbehci.sys
2016-09-21 07:27:50	B4DF0F4C1D9D25DFE1DAD1D8670F1D4F	25600	----a-w-	C:\Windows\System32\drivers\usbohci.sys
2016-09-21 07:27:50	43F6BED028FA27D3F3CE852EDBBE0F81	327168	----a-w-	C:\Windows\System32\drivers\usbport.sys
2016-09-21 07:27:50	390109E8E05BA00375DCB1ED64DC60AF	343552	----a-w-	C:\Windows\System32\drivers\usbhub.sys
2016-09-21 07:27:50	28B81917A195B67617AF7DCF4DFE5736	99840	----a-w-	C:\Windows\System32\drivers\usbccgp.sys
2016-09-21 07:27:49	614A71B78C6807D95A30A89B5A69669A	7808	----a-w-	C:\Windows\System32\drivers\usbd.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3985488779-3452437005-2477218925-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="C:\Users\L‚on\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"FreeAC"="C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun"
"OneDrive"="C:\Users\L‚on\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QHSafeTray"="C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe /start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="C:\Users\L‚on\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"FreeAC"="C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun"
"OneDrive"="C:\Users\L‚on\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^L‚on^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk]
"item"="MEGAsync"
"path"="C:\\Users\\L‚on\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MEGAsync.lnk"
"backup"="C:\\Windows\\pss\\MEGAsync.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~3\\MEGAsync\\MEGAsync.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Active@ Disk Monitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CTUPnPSv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend]


==== Startup Folders ======================

2016-09-18 09:02:22	776	----a-w-	C:\Users\LON~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
2016-05-10 12:50:34	991	----a-w-	C:\Users\LON~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\BDAntiCryptoWallTask" [C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E8EAE969-0679-469F-93B0-664B8FA36A2B}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2016-05-09 22:26:16	--------	d-sh--we	C:\PROGRA~3\Bureaublad
2016-05-09 22:26:16	--------	d-sh--we	C:\PROGRA~3\Documenten
2016-05-09 22:26:16	--------	d-sh--we	C:\PROGRA~3\Favorieten
2016-05-09 22:26:16	--------	d-sh--we	C:\PROGRA~3\Menu Start
2016-05-09 22:26:16	--------	d-sh--we	C:\PROGRA~3\Sjablonen
2016-05-10 01:37:59	--------	d-----w-	C:\PROGRA~3\360Quarant
2016-05-10 06:24:13	--------	d-----w-	C:\PROGRA~3\YoWindow
2016-05-10 13:12:44	--------	d-----w-	C:\PROGRA~3\Zoom Player
2016-05-10 13:59:47	--------	d-----w-	C:\PROGRA~3\VirtualizedApplications
2016-05-11 03:21:20	--------	d-----w-	C:\PROGRA~3\AltrixSoft
2016-05-11 14:03:31	--------	d-----w-	C:\PROGRA~3\Creative
2016-05-11 14:21:36	--------	d--h--w-	C:\PROGRA~3\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2016-05-11 14:22:28	--------	d--h--w-	C:\PROGRA~3\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2016-05-12 07:28:11	--------	d-----w-	C:\PROGRA~3\Atheros
2016-05-12 11:31:57	--------	d-----w-	C:\PROGRA~3\Licenses
2016-05-16 19:58:11	--------	d-----w-	C:\PROGRA~3\Microsoft Help
2016-05-17 07:12:46	--------	d-----w-	C:\PROGRA~3\G DATA
2016-05-18 12:51:26	--------	d-----w-	C:\PROGRA~3\Virtualized Applications
2016-05-18 17:28:07	--------	d-----w-	C:\PROGRA~3\Trend Micro
2016-05-21 16:47:35	--------	d-----w-	C:\PROGRA~3\Malwarebytes
2016-05-23 10:09:06	--------	d---a-w-	C:\PROGRA~3\TEMP
2016-05-27 17:50:29	--------	d-----w-	C:\PROGRA~3\360safe
2016-05-27 17:50:34	--------	d-----w-	C:\PROGRA~3\360TotalSecurity
2016-06-09 12:18:56	--------	d-----w-	C:\PROGRA~3\Package Cache
2016-06-11 09:31:36	--------	d-----w-	C:\PROGRA~3\Engelmann Media
2016-06-14 16:51:33	--------	d-----w-	C:\PROGRA~3\Movavi Video Editor 11 SE
2016-06-20 11:28:31	--------	d-----w-	C:\PROGRA~3\ProductData
2016-06-23 20:56:49	--------	d-----w-	C:\PROGRA~3\KB Piano
2016-06-25 12:07:59	--------	d-----w-	C:\PROGRA~3\ScreenCamera
2016-07-06 05:04:41	--------	d-----w-	C:\PROGRA~3\Teorex
2016-07-11 15:04:59	--------	d-----w-	C:\PROGRA~3\SUPERAntiSpyware.com
2016-07-29 15:36:09	--------	d-----w-	C:\PROGRA~3\ONLYOFFICE
2016-08-14 10:33:52	--------	d-----w-	C:\PROGRA~3\SUPPORTDIR
2016-08-30 09:25:12	--------	d-----w-	C:\PROGRA~3\HitmanPro
2016-09-05 12:53:11	--------	d-----w-	C:\PROGRA~3\Norton
2016-09-05 19:07:30	--------	d-----w-	C:\PROGRA~3\MEGAsync
2016-09-07 10:36:50	--------	d-----w-	C:\PROGRA~3\Microsoft OneDrive
2016-09-18 14:53:19	--------	d-----w-	C:\PROGRA~3\Ashampoo

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\LON~1\AppData\Roaming\Mozilla\Firefox\Profiles\7xu9179p.default
user_pref("browser.startup.homepage", "https://nl.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_38&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dnl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyC0Azz0AtC0AtA0C0BzzyE0CtC0CtN0D0Tzu0StCyBtByBtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzytCtByD0EtCtCtGyBzy0ByBtG0EtCyB0AtGtBtBtCyCtGzy0F0D0FyE0F0D0CyD0DyD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0AzztByD0CtC0AtG0BtAzyyEtGyEzzyDyDtGzytD0E0CtGtBzyyDyEyBtDyCtB0DtByD0C2QtN0A0LzutB%26cr%3D88764746%26a%3Dwbf_anvsft_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium");
user_pref("browser.search.defaultenginename", "Yahoo! Powered");
user_pref("browser.search.selectedEngine", "Yahoo! Powered");
user_pref("keyword.URL", true);

ProfilePath: C:\Users\LON~1\AppData\Roaming\Mozilla\Firefox\Profiles\txev5psl.default
user_pref("browser.startup.homepage", "https://classic.startpage.com/do/mypage.pl?prf=1ece35da504b5c8cf9c1872b9089ede0");
user_pref("keyword.URL", true);

==== Firefox Extensions ======================

ProfilePath: C:\Users\LON~1\AppData\Roaming\Mozilla\Firefox\Profiles\txev5psl.default
- Undetermined - C:\Users\LÃ©on\AppData\Roaming\Mozilla\Firefox\Profiles\txev5psl.default\extensions\InternetProtection@360safe.com
- Undetermined - C:\Users\LÃ©on\AppData\Roaming\Mozilla\Firefox\Profiles\txev5psl.default\extensions\bug489729@alice0775
- bug489729Disable detach and tear off tab em:descriptionWorkaround Bug 489729 - Clicking a tab once and then moving your mouse in a downward motion causes a new window to open. em:creatorAlice0775 em:optionsURLchrome:bug489729contentpref.xul em:homepageURLhttp:space.geocities.yahoo.co.jpglalice0775 - %ProfilePath%\extensions\bug489729@alice0775
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- Dictionnaire franais - %ProfilePath%\extensions\fr-dicollecte@dictionaries.addons.mozilla.org
- 360 - %ProfilePath%\extensions\InternetProtection@360safe.com
- British English Dictionary Marco Pinto - %ProfilePath%\extensions\marcoagpinto@mail.telepac.pt
- Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org
- YouTube Video and Audio Downloader - %ProfilePath%\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- InstaClick - %ProfilePath%\extensions\instaclick@leahscape.com.xpi
- I dont care about cookies - %ProfilePath%\extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi
- Menu Wizard - %ProfilePath%\extensions\s3menu@wizard.xpi
- Tab Auto Reload - %ProfilePath%\extensions\TabAutoReload@schuzak.jp.xpi
- Trafficlight - %ProfilePath%\extensions\trafficlight@bitdefender.com.xpi
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Yahoo Mail Hide Ad Panel - %ProfilePath%\extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
ipmkfpcnmccejididiaagpgchgjfajgp - No path found[]

Right Click Opens Link in New Tab - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\afalkcagoidkdjdlfoaicbanbfgoamoo
Video Downloader - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
MEGA - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod
selector is not a valid CSS selector - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Bitdefender TrafficLight adds a strong and non-intrusive layer of security to your browsing experience - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal
Search by Image by Google - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
360 Internet Protection - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh
Ghostery - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
Chrome Web Store Payments - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
HMIP - LON~1\AppData\Local\Chromium\User Data\Default\Extensions\pekcnopmdcbjdgmpnpkndppflpldnkkp

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://classic.startpage.com/do/mypage.pl?prf=1ece35da504b5c8cf9c1872b9089ede0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://classic.startpage.com/do/mypage.pl?prf=1ece35da504b5c8cf9c1872b9089ede0"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://classic.startpage.com/do/mypage.pl?prf=1ece35da504b5c8cf9c1872b9089ede0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{32A3CF9F-B2EF-43DE-8304-E6A3BA468FE0}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKCU\SearchScopes "DefaultScope"="{32A3CF9F-B2EF-43DE-8304-E6A3BA468FE0}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE10
HKCU\SearchScopes\{32A3CF9F-B2EF-43DE-8304-E6A3BA468FE0} - https://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ie&language=nederlands

==== HijackThis Entries ======================

O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\Total Security\safemon\safemon.dll
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
O4 - HKCU\..\Run: [f.lux] "C:\Users\Léon\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Léon\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe
O4 - Startup: YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe
O9 - Extra button: Start Local Website Archive - {0464B47C-EE52-4B36-8564-67A7D7D4CBEE} - (no file) (HKCU)
O9 - Extra button: (no name) - {C9FC4A34-F817-408D-A58C-9293A2CB7E0D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {C9FC4A34-F817-408D-A58C-9293A2CB7E0D} - (no file) (HKCU)
O9 - Extra button: Add to Local Website Archive - {FEF6B6EB-260C-4E05-BA37-5A6C8D67D299} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on ma 26-09-2016 at 12:01:38,15 ======================