
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Haring on di 20-12-2016 at 21:50:16,34.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2016-12-20-105056.log	27700 bytes

==== Empty Folders Check ======================

C:\Users\Haring\AppData\Local\VirtualStore deleted successfully

==== Installed Programs ======================

ABBYY FineReader 9.0 Sprint  
Adobe Flash Player 24 ActiveX  
Adobe Reader XI (11.0.18) - Nederlands  
Adobe Refresh Manager  
Download Navigator  
EasyPDFCombine Internet Explorer Homepage and New Tab  
Epson Easy Photo Print 2  
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)  
Epson Event Manager  
EPSON Scan  
EPSON XP-102 103 Series Printer Uninstall  
Gebruikershandleiding EPSON XP-102 103 Series  
Google Update Helper  
Intel(R) Chipset Device Software  
Intel(R) Management Engine Components  
Intel(R) ME UninstallLegacy  
Intel(R) Processor Graphics  
Intel(R) USB 3.0 eXtensible Host Controller Driver  
Intel© Trusted Connect Service Client  
Microsoft .NET Framework 4.6.1  
Microsoft .NET Framework 4.6.1 (Nederlands)  
Microsoft .NET Framework 4.6.1 (NLD)  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft Visual C++ 2005 Redistributable  
Rapport  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Reliability Update for Microsoft .NET Framework 4.6.1 (KB3179949)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3164025)  
Software voor Intel© Chipset-apparaten  
Trusteer Eindpuntbeveiliging  
Update for Microsoft .NET Framework 4.6.1 (KB3195388)  
Update for Microsoft .NET Framework 4.6.1 (KB3210136)  
Windows 10-upgradeassistent  

==== Running Processes ======================

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
D:\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\AVG deleted
C:\ProgramData\Avg deleted
"C:\Windows\SysNative\tasks\AVGPCTuneUp_Task_BkGndMaintenance" deleted
"C:\Windows\SysNative\tasks\AVGPCTuneUp_Task_BkGndMaintenance" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3983 MB
CPU Info: Intel(R) Pentium(R) CPU G4400 @ 3.30GHz
CPU Speed: 3341,1 MHz
Sound Card: Luidsprekers (Realtek High Defi | 
Realtek Digital Output (Realtek | 
Display Adapters: Intel(R) HD Graphics 510 | Intel(R) HD Graphics 510 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm | 
Screen Resolution: 1360 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (M: | ) M: ATAPI   iHAS124   F
Ports: COM1 LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  111,6GB | D:  465,8GB
Hard Disks - Free: C:  77,4GB | D:  442,4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/25/16 | ALASKA - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK COMPUTER INC. H110M-A
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Internet Explorer Version: 11.0.9600.18537 
Adobe Reader version: 11.0.18.21

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Haring\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-12-17 14:26:42	F8C7F69A4C6AC0B0BA38DD1B0826D6EC	802904	----a-w-	C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-17 14:26:42	4AFC296253710238DA215ED0B5855F2C	144472	----a-w-	C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 09:41:04	766562B91B5312A3220142383BFD67CE	20302848	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2016-12-14 09:41:03	F4F5123B45BFCFD2F035280FDCB5BBBE	2444800	----a-w-	C:\Windows\SysWOW64\wininet.dll
2016-12-14 09:41:03	9C11D851979D4E8BF71091580AA073C2	2365440	----a-w-	C:\Windows\SysWOW64\msi.dll
2016-12-14 09:41:03	4739A0A6A9CDFA27594FF7CFB76FCCA5	13653504	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2016-12-14 09:41:03	1D72AE3A2525BF5D18D130BFD9CE9BF6	4608000	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2016-12-14 09:41:02	E94C5EBE93727712236FAD4F4116378F	312832	----a-w-	C:\Windows\SysWOW64\gdi32.dll
2016-12-14 09:41:02	E04D367F66E57C658466B71A2E738448	342528	----a-w-	C:\Windows\SysWOW64\certcli.dll
2016-12-14 09:41:02	D3E1C9DF5EB2FCCA4C2E7E47934CB410	1312256	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2016-12-14 09:41:02	A6EA4FEF58E880BAAF35BEE12DEEAA78	498688	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2016-12-14 09:41:02	90CDD9EF6B0CD5BF52FE4DD0B3154002	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 09:41:02	6F9D244E4542119E1CC03BA5F4828C89	82944	----a-w-	C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 09:41:02	654E339AED4903E7FADCB414B187A5CF	346320	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2016-12-14 09:41:02	4FF053435E24CC845D5A4182A013574C	2287616	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2016-12-14 09:41:02	3CB074875AC88A7C1010A2A7F9881A8C	833024	----a-w-	C:\Windows\SysWOW64\user32.dll
2016-12-14 09:41:02	25EAA581087B7D95EB497678E2D4B0B9	627712	----a-w-	C:\Windows\SysWOW64\usp10.dll
2016-12-14 09:41:02	16C100872F41862877C115828B0D1569	2055680	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2016-12-14 09:41:02	0EBBF3AA0BE120BF981CB8FB53679D5F	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2016-12-14 09:41:02	0E6A08BBAA27D52F77D5E502B13FDBFD	84992	----a-w-	C:\Windows\SysWOW64\hlink.dll
2016-12-14 09:41:01	A5A915A7AADFB13BE900A2B25AD80FE7	476160	----a-w-	C:\Windows\SysWOW64\ieui.dll
2016-12-14 09:41:01	84CCDA182B5C8E8A05757DF1DD40A844	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 09:41:01	74DD581657824B8F5907C114A0BC07A2	693248	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 09:41:01	4E4D1E09C48F4B11563A196D4E5E6A55	666112	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 09:41:01	4315D6ECAE85024A0567DF2CB253B7B0	73216	----a-w-	C:\Windows\SysWOW64\msiexec.exe
2016-12-14 09:41:00	FF0D7F6E62B3508EDA1AFF16DEFEC3A6	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2016-12-14 09:41:00	E5272D4E58EBABA7F269C38255CDF8B2	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2016-12-14 09:41:00	E20E379A69AE9C9F37F6A996B4BE0282	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 09:41:00	B6BB76A91A7D6CFA7CE7D333EF8377E7	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2016-12-14 09:41:00	A473B16C3C1D028EFC021F0937EC1CD0	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2016-12-14 09:41:00	85577FA0AFC3B602509266DFB7250F41	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2016-12-14 09:41:00	848F6B9F171037579C9186A52AA095DB	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2016-12-14 09:41:00	65AD1C12F1AD29EF56976E2E1D9CF5A0	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2016-12-14 09:41:00	5D44C4AACDE24A1537FDF7896B5FC9E8	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 09:41:00	3404387E4BEDE52FCA29D9051BB9FDAD	553472	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2016-12-14 09:41:00	23ADEE784D374D1C7EAD1A9862FD81B7	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2016-12-14 09:41:00	217E1BBAB85862194CA05333949CCA85	1806848	----a-w-	C:\Windows\SysWOW64\authui.dll
2016-12-14 09:41:00	0632439227EE10B807054F234C85FE8D	337408	----a-w-	C:\Windows\SysWOW64\msihnd.dll
2016-12-14 09:41:00	0135906B2D02978D8234A6289B756324	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2016-12-14 09:40:59	FE8297C0E2AF69BF44E0C3E568B6C558	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 09:40:59	F944208F70D6F30FEFC5FA115D1B643E	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2016-12-14 09:40:59	ED9CA4A4F08C2EF08495E7236754DEA8	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2016-12-14 09:40:59	C711480E905CE4FC424ACB606CE93DD5	172032	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2016-12-14 09:40:59	C653E9BFB214E43C537D6AD1D4F567DD	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2016-12-14 09:40:59	BD297D4B2877E52A919C0DDDB68AE114	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2016-12-14 09:40:59	B60005DA58BF35F6F80699DB387469EA	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2016-12-14 09:40:59	B2A5AE6CBC95555995241DB8C6EF902D	91136	----a-w-	C:\Windows\SysWOW64\inseng.dll
2016-12-14 09:40:59	A683DF04FC8FC60EC2DBB0CC3D1B66B3	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 09:40:59	8947FD854A9AE8B05AD6CD54D078C077	690688	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2016-12-14 09:40:59	86CFCBE4754A0258E676005006CBE80D	223232	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 09:40:59	730E48FA7A06F226335391855A197EE5	141312	----a-w-	C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 09:40:59	6FB95020712772F0BA8BF4A8C5A791DC	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 09:40:59	58F8F4FDE2F39B5B246F4C2C51A017A1	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-12-14 09:40:59	540184C88B69473A5478DB126EBBB99D	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 09:40:59	49AA29F3997392CF627767B0AD9D9CE9	25088	----a-w-	C:\Windows\SysWOW64\msimsg.dll
2016-12-14 09:40:59	45AB35D5DFDC51DD9F107B455A11E054	261120	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 09:40:59	345C404EB5BC39CBFED3E76F1198FA94	36352	----a-w-	C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 09:40:59	30057D5C8C681E8240EC4E2936944310	254464	----a-w-	C:\Windows\SysWOW64\schannel.dll
2016-12-14 09:40:58	A3D5E866C7CD38AF97DD54304674FDDB	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2016-12-14 09:40:58	5635F4EC6BC7172510A4DD46B05A7677	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2016-12-14 09:40:58	499941B763EA89164C47CBB5A1901D09	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-12-15 22:32:32	7499CC823EA345DCA72D6164461D2325	267912	----a-w-	C:\Windows\Sysnative\FNTCACHE.DAT
2016-12-14 09:41:05	27242553CF6CC1E4B6BD10231E43C0B8	25759744	----a-w-	C:\Windows\Sysnative\mshtml.dll
2016-12-14 09:41:04	B6DCB1497E2516F771A92A7659AAF238	15257088	----a-w-	C:\Windows\Sysnative\ieframe.dll
2016-12-14 09:41:03	D2FBCAE25B66A63B52687A17C145357E	6049280	----a-w-	C:\Windows\Sysnative\jscript9.dll
2016-12-14 09:41:03	C679AAD000EC16FEDEA563DAF1830D31	3219456	----a-w-	C:\Windows\Sysnative\win32k.sys
2016-12-14 09:41:03	439B0973C025FF5663A07D76FAB85EE2	3244032	----a-w-	C:\Windows\Sysnative\msi.dll
2016-12-14 09:41:03	105954F9BEAD700A6DF4B5B489FCCB4B	2920960	----a-w-	C:\Windows\Sysnative\wininet.dll
2016-12-14 09:41:02	EB076BC497AEBB367B6FDCA38B759956	109568	----a-w-	C:\Windows\Sysnative\hlink.dll
2016-12-14 09:41:02	E947878385B88B3D1050E6D026945CBD	802304	----a-w-	C:\Windows\Sysnative\usp10.dll
2016-12-14 09:41:02	E594B2C9DB43441524D7E70C096ACD58	394448	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2016-12-14 09:41:02	E3CBF48C921170D3110051B325E1EE53	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2016-12-14 09:41:02	DD60F2870E1569107498A54FF78AC355	576000	----a-w-	C:\Windows\Sysnative\vbscript.dll
2016-12-14 09:41:02	D52DD43F72919285E58164B379F8A243	463872	----a-w-	C:\Windows\Sysnative\certcli.dll
2016-12-14 09:41:02	CA1A040202A9D836291F2D85302CC542	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2016-12-14 09:41:02	BF340EDE35941C88C86A14215270D98F	1543680	----a-w-	C:\Windows\Sysnative\urlmon.dll
2016-12-14 09:41:02	BDDD20CEB520E59863C62BA74CDBA997	114408	----a-w-	C:\Windows\Sysnative\consent.exe
2016-12-14 09:41:02	B6135EC4807ECAE321E3C706D1D92098	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2016-12-14 09:41:02	81A6D62B2EE125437F561ADFDA3230E5	2896384	----a-w-	C:\Windows\Sysnative\iertutil.dll
2016-12-14 09:41:02	5D00514114842A7AB3F4AD6910FBA0FE	404992	----a-w-	C:\Windows\Sysnative\gdi32.dll
2016-12-14 09:41:02	5A297B37F246F5DF68DDF8803AB1D615	2131456	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2016-12-14 09:41:02	50CB53984F493C05A06CA91D521D63FB	806912	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2016-12-14 09:41:02	3D67C27DD17B254D7915FA16A5AE3573	370920	----a-w-	C:\Windows\Sysnative\clfs.sys
2016-12-14 09:41:02	357C4EF0675CFC1F1CC3E4EE640E57FC	123904	----a-w-	C:\Windows\Sysnative\bcrypt.dll
2016-12-14 09:41:02	34BA256FBF83457F9D5E51A56DB54542	1009152	----a-w-	C:\Windows\Sysnative\user32.dll
2016-12-14 09:41:01	CE18D981152392C46CDB4D8906C09FA1	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2016-12-14 09:41:01	C44560F142B85256707D688EEA23AC61	1941504	----a-w-	C:\Windows\Sysnative\authui.dll
2016-12-14 09:41:01	C3350B4EF99D3EFC28103256FED7C1EB	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2016-12-14 09:41:01	BC753B8789CED6C26876014D807FC77F	417792	----a-w-	C:\Windows\Sysnative\html.iec
2016-12-14 09:41:01	BC39870DE7CE2C2D8995C024F6152480	504320	----a-w-	C:\Windows\Sysnative\msihnd.dll
2016-12-14 09:41:01	AC2E7152124CEED36846BD1B6592A00F	128512	----a-w-	C:\Windows\Sysnative\msiexec.exe
2016-12-14 09:41:01	A8793DC0961C32744793C4602BBFE9D5	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2016-12-14 09:41:01	8F72C06D4BE07E7EB5D13F7A82C4B416	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2016-12-14 09:41:01	8957B2E4F8FFF0BFE5A6F1BD8196B123	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2016-12-14 09:41:01	857EE0BBB9BE7143A819187857E750F0	1212928	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2016-12-14 09:41:01	3D34C73BD327C86BDE0357F2AECAE356	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2016-12-14 09:41:01	3B112E6CB92FF4C3D39F9DC172D0DE8B	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-12-14 09:41:01	2763831DD0914226A33F3D2A7506526B	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2016-12-14 09:41:01	19713264CC441BE4001D635CA8FA8733	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2016-12-14 09:41:01	1091F9A0089AAF5F52D241F4309F7C46	1462272	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2016-12-14 09:41:01	0C23659D499AEFABB162ED85050772AC	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2016-12-14 09:41:01	07F0BCCC8711314CB51431AB91558541	730624	----a-w-	C:\Windows\Sysnative\kerberos.dll
2016-12-14 09:41:00	FFF14EE527ADC1F4F4709E2C7CF292AB	345600	----a-w-	C:\Windows\Sysnative\schannel.dll
2016-12-14 09:41:00	DEE7F131FB55F8809AB3806BC4366E34	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2016-12-14 09:41:00	DE23E052E557580674785CDF45B613F3	70144	----a-w-	C:\Windows\Sysnative\appinfo.dll
2016-12-14 09:41:00	D0C71B1D9DD6D5691B947A639DAF1319	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2016-12-14 09:41:00	C5D0D874A8AF47BD32E4EB38F215BAE4	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2016-12-14 09:41:00	C08A0A6FAC9AC084E98488AFF152A348	725504	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2016-12-14 09:41:00	A714F9929B0E2704DC1B2D94D126B362	107520	----a-w-	C:\Windows\Sysnative\inseng.dll
2016-12-14 09:41:00	98B463C6A516410459EBE43FEBE68DC7	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2016-12-14 09:41:00	48C02D82223EEB70F53F6C2C3641299D	210432	----a-w-	C:\Windows\Sysnative\wdigest.dll
2016-12-14 09:41:00	4183DE305D64E8DAD7375EFD25AC7C14	312320	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2016-12-14 09:41:00	3C71D43A7A02A60B95C8B958507E70A9	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-12-14 09:41:00	287BB1C23B1295329A96C15FB7CB801C	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2016-12-14 09:41:00	09432520BEA4B69E2F70B1FEEC4E5FA8	316928	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2016-12-14 09:40:59	E3CB22452C9323DBBE1AAADA7BD84E69	43520	----a-w-	C:\Windows\Sysnative\cryptbase.dll
2016-12-14 09:40:59	CE0FEFCC1198531FC1A3EA1B24020895	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2016-12-14 09:40:59	C2E73688144C6E4C054EF232175B758D	190464	----a-w-	C:\Windows\Sysnative\rpchttp.dll
2016-12-14 09:40:59	A96AB69FFC2940E965BC2CBAA30EEF8D	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2016-12-14 09:40:59	6918ACBA1558AF363F6AA8D217AFCA8D	30720	----a-w-	C:\Windows\Sysnative\lsass.exe
2016-12-14 09:40:59	65C026D9A48A959D4CAE85D40E858C72	28672	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2016-12-14 09:40:59	4A2F1937F017F96A3487E7481BA675A9	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2016-12-14 09:40:59	364789C03D1C255928755700955ACCA6	135680	----a-w-	C:\Windows\Sysnative\sspicli.dll
2016-12-14 09:40:59	34FDA9F3BC789514D4759411C225F7FA	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2016-12-14 09:40:59	297628B7B2FDF81743795D90C64250C7	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2016-12-14 09:40:59	13D2D7C8C9CD5A9E0220AA7C41C86DB9	690688	----a-w-	C:\Windows\Sysnative\adtschema.dll
2016-12-14 09:40:59	0F2067587B1943D0A14C2B533D23DB73	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2016-12-14 09:40:59	0E7257A86BB4BD0D61271BE578981737	25088	----a-w-	C:\Windows\Sysnative\msimsg.dll
2016-12-14 09:40:58	F9A2CBA23641A0F8EE9165BD891EBD26	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2016-12-14 09:40:58	922ED80A1AA9441FB9E9EDF6C8009D9C	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2016-12-14 09:40:58	5369AB7253357548787F4F133D458FC9	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2016-12-14 09:40:58	0F988A3924AAF91267BF5E5E331BBD2B	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2016-12-14 09:41:03	A98CED39AD91B445E2E442A9BD67E8B4	467392	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2016-12-14 09:41:02	F54475BA70B5CDA4EF11DC44BFB07F40	95464	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2016-12-14 09:41:02	ED1D1E1AAACF08438F9BCF731C8CA168	154856	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-12-14 09:41:01	8A6DD6FDCCC010F7C6480EE7D0C3B92E	159744	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-12-14 09:41:00	68C12354AEA8FB5B559F5F69EF1C0DF0	291328	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-12-14 09:40:59	307E956C0DE630EE0ACE657233C0E83F	129536	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-11-30 08:59:34	FCE5C79717A487BDC71F3DEC78A684CA	62464	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
====== C:\Windows\Tasks ======
2016-12-17 14:26:43	9FCC54D75C384516BFF1C969469FB71C	940	----a-w-	C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-17 14:26:43	6ED3C9054D0C470286BA6BBCBB9E3965	3878	----a-w-	C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-12-19 10:29:56	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
======= C: =====
2016-12-19 22:14:20	1843905BE47CA899E40091CBB36F9EA0	1305	----a-w-	C:\DelFix.txt
====== C:\Users\Haring\AppData\Roaming ======
2016-12-20 20:52:27	--------	d-----w-	C:\Users\Haring\AppData\Local\VirtualStore
2016-12-20 10:50:01	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2016-12-20 10:50:01	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2016-12-20 10:50:01	--------	d-----w-	C:\Users\Haring\AppData\Local\Temp
2016-12-20 10:50:01	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2016-12-20 10:50:01	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2016-12-18 21:34:31	--------	d-----w-	C:\Users\Haring\AppData\Local\EasyPDFCombineTooltab
2016-12-15 22:28:07	02E220CC4C978136719CD65B07E87384	276000	----a-w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2016-12-01 08:32:41	--------	d-----w-	C:\Users\Default\AppData\Local\Trusteer
2016-12-01 08:32:41	--------	d-----w-	C:\Users\Default User\AppData\Local\Trusteer
====== C:\Users\Haring ======

====== C: exe-files ==
2016-12-19 10:29:56	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Haring.exe
2016-12-17 14:26:42	F8C7F69A4C6AC0B0BA38DD1B0826D6EC	802904	----a-w-	C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 09:41:02	FBE4C579BB164069C045D19F7DC29720	814280	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2016-12-14 09:41:02	EE79D654A04333F566DF07EBDE217928	815312	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2016-12-14 09:41:02	BDDD20CEB520E59863C62BA74CDBA997	114408	----a-w-	C:\Windows\System32\consent.exe
2016-12-14 09:41:01	AC2E7152124CEED36846BD1B6592A00F	128512	----a-w-	C:\Windows\System32\msiexec.exe
2016-12-14 09:41:01	4315D6ECAE85024A0567DF2CB253B7B0	73216	----a-w-	C:\Windows\SysWOW64\msiexec.exe
2016-12-14 09:41:01	3B112E6CB92FF4C3D39F9DC172D0DE8B	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2016-12-14 09:41:00	DEE7F131FB55F8809AB3806BC4366E34	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2016-12-14 09:41:00	C840EB5FD0ED4A05F6ADDD0700135B84	492032	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2016-12-14 09:41:00	C08A0A6FAC9AC084E98488AFF152A348	725504	----a-w-	C:\Windows\System32\ie4uinit.exe
2016-12-14 09:41:00	5D44C4AACDE24A1537FDF7896B5FC9E8	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 09:40:59	B84FC7C031FF7B030E4AE6D08DC27DCD	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
2016-12-14 09:40:59	6918ACBA1558AF363F6AA8D217AFCA8D	30720	----a-w-	C:\Windows\System32\lsass.exe
2016-12-14 09:40:59	58F8F4FDE2F39B5B246F4C2C51A017A1	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-12-14 09:40:59	558AF23CDA512F5928796086EEEFD622	475648	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-12-14 09:40:59	4A2F1937F017F96A3487E7481BA675A9	64000	----a-w-	C:\Windows\System32\auditpol.exe
2016-12-14 09:40:59	44B4892B3208AA735E68F414CADA3EDF	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2016-12-14 09:40:59	38AB93B04777486F93C206A05D7C831A	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2016-12-14 09:40:59	34FDA9F3BC789514D4759411C225F7FA	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
=== C: other files ==
2016-12-14 09:41:03	C679AAD000EC16FEDEA563DAF1830D31	3219456	----a-w-	C:\Windows\System32\win32k.sys
2016-12-14 09:41:03	A98CED39AD91B445E2E442A9BD67E8B4	467392	----a-w-	C:\Windows\System32\drivers\cng.sys
2016-12-14 09:41:02	F54475BA70B5CDA4EF11DC44BFB07F40	95464	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2016-12-14 09:41:02	ED1D1E1AAACF08438F9BCF731C8CA168	154856	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2016-12-14 09:41:02	3D67C27DD17B254D7915FA16A5AE3573	370920	----a-w-	C:\Windows\System32\clfs.sys
2016-12-14 09:41:01	8A6DD6FDCCC010F7C6480EE7D0C3B92E	159744	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2016-12-14 09:41:00	68C12354AEA8FB5B559F5F69EF1C0DF0	291328	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2016-12-14 09:40:59	307E956C0DE630EE0ACE657233C0E83F	129536	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"RTHDVCPL"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe\" -s"
"MSC"="\"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [20-12-2016 14:06]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

==== Chromium Look ======================


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://hp.myway.com/easypdfcombine/s19518/index.html?n=782B93DE&p2=^BSB^xdm012^S19518^nl&ptb=2E9E378D-35DD-4C84-A2F8-88A5B03B3E29&si=CKz6o_bY_tACFfEA0wodR2AGTA&coid=834f0aafc7ac4749a522e9c4a3c55f4b"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PLXB_nlNL698

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=30 folders=31 5070304 bytes)

==== EOF on di 20-12-2016 at 21:54:05,60 ======================