Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by Gebruiker on za 08/04/2017 at 11:39:41,44. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 8/04/2017 11:44:26 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\GUMB95.tmp deleted successfully C:\PROGRA~2\Realtek deleted successfully C:\PROGRA~2\Zylom Games deleted successfully C:\Program Files\log deleted successfully C:\Program Files\Recuva deleted successfully C:\Users\Gebruiker\AppData\Roaming\EncryptStick deleted successfully C:\Users\Gebruiker\AppData\Roaming\Mozilla deleted successfully C:\Users\Gebruiker\AppData\Roaming\TP deleted successfully C:\Users\Gebruiker\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gebruiker\AppData\Local\CrashDumps deleted successfully C:\Users\Gebruiker\AppData\Local\Downloaded Installations deleted successfully C:\Users\Gebruiker\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-671666405-1082163965-412597196-1000\Software\Microsoft\Internet Explorer\SearchScopes\{53B8F260-18A2-44E7-8D20-5D402A597B7D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Program Files (x86)\Vanden Borre My Security\fshoster32.exe C:\Program Files (x86)\Vanden Borre My Security\fshoster32.exe C:\Program Files (x86)\Vanden Borre My Security\apps\CCF_Reputation\fsorsp.exe C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe C:\Program Files (x86)\Vanden Borre My Security\fshoster32.exe C:\Program Files (x86)\Vanden Borre My Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Vanden Borre My Security\apps\ComputerSecurity\Common\FSMA32.EXE C:\Program Files (x86)\Vanden Borre My Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe C:\Users\Gebruiker\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AESTFilters] - Andrea ST Filters Service - c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_960c1f056a541068\aestsr64.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [BlueSoleil Hid Service] - BlueSoleil Hid Service - c:\program files (x86)\ivt corporation\bluesoleil\btntservice.exe R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe R2 - [Freemake Improver] - Freemake Improver - c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe R2 - [fshoster] - F-Secure Hoster - c:\program files (x86)\vanden borre my security\fshoster32.exe R2 - [fsnethoster] - F-Secure Hoster (Restricted) - c:\program files (x86)\vanden borre my security\fshoster32.exe R2 - [FSORSPClient] - F-Secure ORSP Client - c:\program files (x86)\vanden borre my security\apps\ccf_reputation\fsorsp.exe R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe R2 - [Seagate Dashboard Services] - Seagate Dashboard Services - c:\program files (x86)\seagate\seagate dashboard 2.0\seagate.dashboard.daswindowsservice.exe R2 - [Seagate MobileBackup Service] - Seagate MobileBackup Service - c:\program files (x86)\seagate\seagate dashboard 2.0\mobileservice.exe R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe R2 - [STacSV] - Audio Service - c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe R2 - [Start BT in service] - Start BT in service - c:\program files (x86)\ivt corporation\bluesoleil\startskysolsvc.exe R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [FSMA] - FSMA - c:\program files (x86)\vanden borre my security\apps\computersecurity\common\fsma32.exe R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S2 - [WsAppService] - Wondershare Application Framework Service - c:\program files (x86)\wondershare\waf\2.3.2.220\wsappservice.exe S2 - [WsDrvInst] - Wondershare Driver Install Service - c:\program files (x86)\wondershare\wondershare dr.fone for ios (cpc)\library\driverinstaller\driverinstall.exe [x] S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\GUMB95.tmp not found C:\PROGRA~2\Realtek not found C:\PROGRA~2\Zylom Games not found C:\PROGRA~2\Wondershare deleted C:\Users\Gebruiker\AppData\Roaming\Wondershare deleted C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted C:\Users\Gebruiker\AppData\LocalLow\Unity deleted C:\windows\SysNative\tasks\Go for FilesUpdate deleted C:\windows\SysNative\tasks\RunAsStdUser Task deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\SafeAppRichList.ocx deleted C:\Windows\Syswow64\CUUpdateComponent.ocx deleted C:\Windows\Syswow64\ComputerUpdaterLM.ocx deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\Gebruiker\ZHPCleaner.exe deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4064 MB CPU Info: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz CPU Speed: 2141,0 MHz Sound Card: Luidsprekers en Dual koptelefoo | SPDIF (Digitaal Uit via HP Dock | Luidsprekers (Bluetooth AV Audi | Onafhankelijke Dual koptelefoon | Luidsprekers (Bluetooth SCO Aud | Display Adapters: ATI Mobility Radeon HD 4650 | ATI Mobility Radeon HD 4650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth PAN Network Adapter | Microsoft Virtual WiFi Miniport Adapter | Intel(R) WiFi Link 1000 BGN | Bluetooth-apparaat (Personal Area Network) | Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: hp DVDRAM GT20L Ports: COM3 | COM4 | COM5 | COM6 | COM7 | COM8 | COM9 | COM10 | COM11 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 237,9GB | E: 227,7GB | Q: 0,0MB Hard Disks - Free: C: 136,2GB | E: 8,2MB | Q: 0,0MB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 10/09/09 | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Quanta 3624 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Computer Security by F-Secure On-access scanning disabled (Outdated) Anti-Spyware: Computer Security by F-Secure disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 54.0.2840.99 Internet Explorer Version: 11.0.9600.18349 Google Chrome version: 54.0.2840.99 Adobe Reader version: 11.0.19.15 Sun Java version: 1.8.0_121 (32-bit) Sun Java version: 1.8.0_121 (64-bit) Flash Player version: 25.0.0.127 Shockwave Player version: 11.6.8r638 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2017-04-01 21:54:33 3C9508C3B515FDB5762DF5862C864301 110144 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2017-04-01 21:37:51 -------- d-----w- C:\Program Files\Java ======= C:\PROGRA~2 ===== ======= C: ===== 2017-04-07 18:24:06 8286640B5D2D35AC7C2202E3A62F3241 1265 ----a-w- C:\DelFix.txt ====== C:\Users\Gebruiker\AppData\Roaming ====== 2017-04-01 22:23:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ZHP 2017-04-01 22:23:26 -------- d-----w- C:\Users\Gebruiker\AppData\Local\ZHP 2017-04-01 21:58:30 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Sun 2017-04-01 21:58:29 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun 2017-04-01 21:05:13 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\Oracle ====== C:\Users\Gebruiker ====== 2017-04-01 21:53:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-04-01 20:56:30 A963C6B8A012E658A3D657C4897CF7C8 64153152 ----a-w- C:\Users\Gebruiker\Downloads\jre-8u121-windows-x64 (1).exe 2017-04-01 20:55:52 A963C6B8A012E658A3D657C4897CF7C8 64153152 ----a-w- C:\Users\Gebruiker\Downloads\jre-8u121-windows-x64.exe ====== C: exe-files == 2017-04-07 17:18:47 B328C762BC55A43D68D88CE08352635F 197088 ----a-w- C:\ProgramData\F-Secure\GUTS2\hydrawin\1491557187\install.exe 2017-04-05 16:21:32 FD851A4EDE409B7592F7AC33BBC46B58 1124832 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fs_ols_ca.exe 2017-04-04 18:08:54 F21EDB9638E9704EEADA5CBA92CC6B18 6636272 ----a-w- C:\EEK\bin32\a2emergencykit.exe 2017-04-04 18:08:54 C58D6BE4E7941405727F0D0E92820645 514920 ----a-w- C:\EEK\start emergency kit scanner.exe 2017-04-04 18:08:54 C41F39397F38573D4590686F32ABF211 9472840 ----a-w- C:\EEK\bin64\a2emergencykit.exe 2017-04-04 18:08:54 B013DC18B22F6214C50E33863B9EED1B 5181088 ----a-w- C:\EEK\bin64\a2cmd.exe 2017-04-04 18:08:54 452C01863FC23165E0AD14F38A497D76 468184 ----a-w- C:\EEK\start commandline scanner.exe 2017-04-04 18:08:54 25A7FCD0DC57B03F81CFCF818704C2F4 3306280 ----a-w- C:\EEK\bin32\a2cmd.exe 2017-04-03 16:59:39 0A1F1FD2689D1CF26C5A083E88417F9E 461280 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\upd_fsav.exe 2017-04-03 16:59:32 449DA87B680E88BF10A406C7AA0973D1 1406432 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\fssm32.exe 2017-04-03 16:59:24 E2A7DF96B315310244182458B1AD4A85 274912 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\jsondump.exe 2017-04-03 16:59:23 164113F86FD80616E6E295F8CDC4E981 658400 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\upd_fsav32.exe 2017-04-03 16:59:20 9571AB7F3C52C3BD80C198590C6AA382 914912 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\fsgk32.exe 2017-04-01 22:23:27 12DC7B1D0AA87CABB2A33D19CE6B7BE7 2757120 ----a-w- C:\Users\Gebruiker\AppData\Roaming\ZHP\ZHPCleaner.exe 2017-04-01 21:54:36 135592B076CE53BC24AA251E1B89A9F1 318528 ----a-w- C:\ProgramData\Oracle\Java\javapath_target_44630856\javaws.exe 2017-04-01 21:54:36 135592B076CE53BC24AA251E1B89A9F1 318528 ----a-w- C:\ProgramData\Oracle\Java\javapath\javaws.exe 2017-04-01 21:54:35 7F0467C3AA5BDAF44BBC824AC81359D0 206912 ----a-w- C:\ProgramData\Oracle\Java\javapath_target_44630856\javaw.exe 2017-04-01 21:54:35 7F0467C3AA5BDAF44BBC824AC81359D0 206912 ----a-w- C:\ProgramData\Oracle\Java\javapath\javaw.exe 2017-04-01 21:54:35 177B6CC9FEBFFC816A71D11132CEED5E 206912 ----a-w- C:\ProgramData\Oracle\Java\javapath_target_44630856\java.exe 2017-04-01 21:54:35 177B6CC9FEBFFC816A71D11132CEED5E 206912 ----a-w- C:\ProgramData\Oracle\Java\javapath\java.exe 2017-04-01 21:49:15 DA7093EA1B09B11250B1AC485B69EAD6 197184 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\unpack200.exe 2017-04-01 21:49:14 B4FB76D02378BE2F8F7EC9BCE8C423BE 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\tnameserv.exe 2017-04-01 21:49:13 F8AB79517B4EB4508375EC0406C3EDEC 69696 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\ssvagent.exe 2017-04-01 21:49:11 7DA769B18CB16D0192E6D3C307085F07 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\servertool.exe 2017-04-01 21:49:08 ABF2E38B995E8F2997713393073A7E22 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\rmiregistry.exe 2017-04-01 21:49:08 7F646A16329B9DE19B3231B9F1619F77 15936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\rmid.exe 2017-04-01 21:49:07 58F6CC7AA09D6CC6D566D888CC37B5DD 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\policytool.exe 2017-04-01 21:49:06 F6E4712218FBA1764F851C3448C17FE2 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\pack200.exe 2017-04-01 21:49:06 957285B9662D1E3BAA9501B7D1B29E0E 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\orbd.exe 2017-04-01 21:49:03 D1ADB720D6173F8CE7BAB37FFFA3C90D 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\kinit.exe 2017-04-01 21:49:03 97B50FC1A368706C6D0DBFA3060A5721 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\ktab.exe 2017-04-01 21:49:03 909B3A1DEC24CE9687A71C7B2E4DBE35 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\klist.exe 2017-04-01 21:49:03 870F4F8548DED2A88519D83C69856AA0 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\keytool.exe 2017-04-01 21:48:59 DE7C36AE916376D1E628ACE68808CB7F 111680 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\jp2launcher.exe 2017-04-01 21:48:58 EE400CB85481BAB9980FB40CB9BD7EBD 15936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\jjs.exe 2017-04-01 21:47:43 7F0467C3AA5BDAF44BBC824AC81359D0 206912 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe 2017-04-01 21:47:43 135592B076CE53BC24AA251E1B89A9F1 318528 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\javaws.exe 2017-04-01 21:47:40 9959983B48E5A2796C76ED1DE02D02CD 79936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\javacpl.exe 2017-04-01 21:47:37 B38235C49CEB1B2DB4836BEEF95BF261 34368 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\jabswitch.exe 2017-04-01 21:47:37 514859480D5D3A7E87BE8741CF4FEA1E 15936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\java-rmi.exe 2017-04-01 21:47:37 177B6CC9FEBFFC816A71D11132CEED5E 206912 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\java.exe 2017-04-01 20:56:30 A963C6B8A012E658A3D657C4897CF7C8 64153152 ----a-w- C:\Users\Gebruiker\Downloads\jre-8u121-windows-x64 (1).exe 2017-04-01 20:55:52 A963C6B8A012E658A3D657C4897CF7C8 64153152 ----a-w- C:\Users\Gebruiker\Downloads\jre-8u121-windows-x64.exe === C: other files == 2017-04-05 16:21:36 CD02284394B3E54A4BA6504D16D800EC 89808 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fsni32.sys 2017-04-05 16:21:36 3E256298A209F8704CCC90B55B28C69E 120016 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fsni64.sys 2017-04-05 16:21:35 BAE6BB30CC41DD96A0479F68F76C803A 59913 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\browser\install\fs_firefox_https\fs_firefox_https.xpi 2017-04-05 16:21:29 22E2D89E172B31E7C3A3DCDADCAA1309 51256 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fsnixp32.sys 2017-04-05 16:21:28 DECD7D46BC1153A20953ADC9AF882A27 29752 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fsnitdi64.sys 2017-04-05 16:21:28 8367ED282851B9E9EB26F0CD87D4E047 23608 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fsnitdi32.sys 2017-04-05 16:21:26 85B902E0C468EFAA2B9793A94466CF0D 59448 ----a-w- C:\ProgramData\F-Secure\GUTS2\nifbin\1491372834\fsnixp64.sys 2017-04-04 18:08:58 FE23B04DE0FD4CC204DE4A7E2D469DFD 95912 ----a-w- C:\EEK\bin32\epp.sys 2017-04-04 18:08:58 ADDECC1487FF5781D0D8933450B15F8A 115216 ----a-w- C:\EEK\bin64\epp.sys 2017-04-03 16:59:40 81B36F28119B7F2E4B314E3CF5F35F45 106704 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\upd_fshs64.sys 2017-04-03 16:59:24 98C0A22EFF1FA909FD6EE587C61B25AE 163528 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\upd_fsgk.sys 2017-04-03 16:59:20 F4B1E60DCEF6FEADA120C5A7CAEED69F 95944 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\upd_fshs32.sys 2017-04-03 16:59:18 9CCC6D9F08D8031BF302328D38646FB1 229072 ----a-w- C:\ProgramData\F-Secure\GUTS2\fsav_1000_bin\1491203856\upd_fsgk_x64.sys 2017-04-01 21:49:18 8795B77F5012AF9FAD42B84271FC650B 14156 ----a-w- C:\Program Files\Java\jre1.8.0_121\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-671666405-1082163965-412597196-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" "GoogleChromeAutoLaunch_5FEA36A39174F28C3634662B2D565CAA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-671666405-1082163965-412597196-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "DBAgent"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe /WinStart" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" "GoogleChromeAutoLaunch_5FEA36A39174F28C3634662B2D565CAA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DBAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DBAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\DBAgent.exe\" /WinStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EA Core" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Electronic Arts\\EADM\\Core.exe\" -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EADM" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Gebruiker\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uploader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Uploader" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\Seagate.Dashboard.Uploader.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BlueSoleil.lnk" "backup"="C:\\Windows\\pss\\BlueSoleil.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\IVTCOR~1\\BLUESO~1\\gprs.exe " "item"="BlueSoleil" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/11/2015 00:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/11/2015 00:31] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Gebruiker" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe] "C:\Windows\SysNative\tasks\Gebruiker DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"] "C:\Windows\SysNative\tasks\Gebruiker Merge" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A8E05F45-CA0B-4D05-B735-E1923323A292}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{02730372-C335-4E28-8563-33DEFB87B1FA}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{04D4F4C1-0380-4E6E-B8D6-081A335461E0}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{0C71AA3C-93FE-4F62-BC3E-95B796DA2682}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{0CB8056A-E06A-433F-8106-72E0A37B16B2}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{0DA640F4-C8EE-42A9-B2B2-934B719CD899}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{116AEE40-BF00-47B4-9243-7263726E5018}" [D:\TKKGmaya\start.exe] "C:\Windows\SysNative\tasks\{1B1243DF-7544-48FE-8259-C3FF061C1260}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{204081CC-3F6E-4031-BB05-0F36A2AB20E2}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{2236111D-8D8E-4E53-876E-41EFA5108B40}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{2507DAF4-D22E-4DE9-9430-A2205B9CA2A2}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{2A5BD3C6-01E4-4170-B1BE-465D2578DF3B}" [C:\Program Files (x86)\IVT Corporation\BlueSoleil\gprs.exe] "C:\Windows\SysNative\tasks\{30C4F4D0-A59F-4644-A975-2CF9C0E8937A}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{30CE613D-D4A0-4F9C-8070-6A0795A70110}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{33EBE987-EB0E-444F-8027-D417707FBFFD}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{349B7600-B84C-4C0C-9FFB-9D35E917C1AA}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{3B8E3AC3-617B-4D00-8473-DEE6E305CD1E}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{49A9A5F1-2E3A-40EA-85F7-C0156F66742D}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{4D28E503-3264-45B1-8582-ACDB9B2E39B4}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{50057257-B51C-4E83-AFE2-5873DF686922}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{517D50DE-DD7A-4BFD-B4CE-61F91738A387}" ["c:\users\gebruiker\appdata\local\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{53518BB6-9CA3-43F7-81F3-ECE36606BB9F}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{5E4B6C58-4DFD-4B69-A672-AC3AFB50DF78}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{617C2D3E-9461-45A4-BEAB-CCDCD4436488}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{64414F8E-5108-4BD2-904F-38AA5514AED3}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{679E9BD5-E0A2-4C11-B127-BCA7FCEE4871}" [D:\TKKGmaya\start.exe] "C:\Windows\SysNative\tasks\{6917656C-3363-47FA-AE2C-CFF9C856F816}" [D:\lannoo.exe] "C:\Windows\SysNative\tasks\{6C17C542-CBCD-409A-9445-14B192A51B3D}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{6DF369F5-4DBC-4E41-A72F-B96FB6EDCB4A}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{74AA3A6E-5448-4433-9CA8-31BF3AC39011}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{77E5421A-BC7A-4081-9351-71544E67FE9B}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{782F1443-9A32-425C-9DEC-16E55AC719D1}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{7B61CB06-D4DB-4358-B139-37A28331FBB6}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{7D1A89A7-4E2C-404F-94E4-D181A2323664}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{816B4E28-62E9-4471-9C8F-4C054943B281}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{877FFD2E-A1DD-442C-8890-6B61E272A157}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{89301CDE-BD58-4F07-86CE-B6F95B2FEF4D}" [D:\TKKGmaya\start.exe] "C:\Windows\SysNative\tasks\{89B405CF-9355-491E-8029-244DB227B6D2}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{97C2E70B-EA42-4AC4-9763-C1B78DF07657}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{97EEA3FE-64D3-4DA0-B4A0-5C90102EAEE3}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{9BD1711F-56B6-408C-B5EA-7F57DFB9CB59}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{A49B17ED-600A-4954-A3BE-B2A934E78C6E}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{AABB85B2-9CB2-45B2-A935-BAE6EC949F40}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{AD10CEED-663C-4F48-91A0-716D2DEDD5CF}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{B31B13DD-B99A-45E7-9E29-45E403F0B47B}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{B64447AC-6EC0-45A5-B5EB-8E137B452007}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{B929FD05-66A6-402E-9DDC-97435C84AD3E}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{BA5B823C-F011-4A50-A1E2-A6A7D74F453E}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{BDDCE3A7-559D-4DB8-9D90-7BE7D198A4D8}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{BFA77043-B7C9-4683-862E-608DE4EE705A}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{C06A1BE4-8166-431B-B3B4-112098A8FACC}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{C2E43C28-60DD-426D-9374-58497EA9BAB4}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{C6277286-CC9D-446F-A6CD-AE7DB3E896CC}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{D0249DFA-C429-48CE-8627-EDFD04EC6A94}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{D2179605-B62E-4D34-BCE1-9C84F9C80D83}" [D:\TKKGmaya\start.exe] "C:\Windows\SysNative\tasks\{D2CCDAD8-1E85-488C-B616-62FAFF413034}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{D81AA426-C2A4-41E0-9826-19E9A5B04538}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{D9A85DE5-DB3B-424C-AEB0-215551A26F25}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{E506769C-76F4-42F3-A39D-F96BD2ACCA8E}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{E803471C-D58F-48E1-93E2-1EE64A1E2D44}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{E8B320E7-02D3-48BE-AA54-960062B633A6}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{E9937697-9DAE-4538-8100-A290E8F6EB17}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{EC320B70-1E29-4EEE-8C95-27E5FCB682AB}" [D:\Install.EXE] "C:\Windows\SysNative\tasks\{EDCE0210-BB3A-4426-A995-7E2DE02BA389}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\{F42A534D-FE5E-464F-A52C-10833EA19FAC}" [C:\Program Files (x86)\EA GAMES\De Sims 2 Appartementsleven\TSBin\Sims2Launcher.exe] "C:\Windows\SysNative\tasks\{F575D832-74E9-4FA3-AD60-51E67A6290AB}" [D:\INSTALL.EXE] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2017-03-02 23:21:53 -------- d-----w- C:\PROGRA~3\Wondershare 2017-04-04 18:25:19 -------- d-----w- C:\PROGRA~3\Emsisoft ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "ols@f-secure.com"="C:\Program Files (x86)\Vanden Borre My Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi" [05/04/2017 18:21] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ols@f-secure.com"="C:\Program Files (x86)\Vanden Borre My Security\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi" [05/04/2017 18:21] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jmjjnhpacphpjmnnlnccpfmhkcloaade - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gkmikccifolokanfakbeadbmgchomeli - C:\Program Files (x86)\Vanden Borre My Security\apps\SafeSearch\Chrome\main.crx[] selector is not a valid CSS selector - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb iCloud Bookmarks - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah Search by F-Secure - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli Chrome Web Store Payments - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gkmikccifolokanfakbeadbmgchomeli deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Browsing Protection by F-Secure - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Vanden Borre My Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5FEA36A39174F28C3634662B2D565CAA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: F-Secure Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Vanden Borre My Security\fshoster32.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files (x86)\Vanden Borre My Security\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure Hoster (Restricted) (fsnethoster) - F-Secure Corporation - C:\Program Files (x86)\Vanden Borre My Security\fshoster32.exe O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Vanden Borre My Security\apps\CCF_Reputation\fsorsp.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe (file missing) O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone for iOS (CPC)\Library\DriverInstaller\DriverInstall.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=143 folders=67 26003760 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 08/04/2017 at 12:24:43,84 ======================