Zoek.exe v5.0.0.0 Updated 24-08-2014 Tool run by sonja on zo 24-08-2014 at 20:57:49,06. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\sonja\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 24-8-2014 20:58:40 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MyFree Codec deleted successfully C:\PROGRA~3\eMule deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\sonja\AppData\Roaming\Advanced System Protector deleted successfully C:\Users\sonja\AppData\Roaming\Systweak deleted successfully C:\Users\sonja\AppData\Local\CrashDumps deleted successfully C:\Users\sonja\AppData\Local\MusicPlayer deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1844582946-3789836076-1901275052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\prefs.js: user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=61&CUI=UN40178461322916266&UM=2&UP=SP91B49670-AF0A-45B2-B054-AB76F24D9D78&SSPV="); user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&CUI=UN40178461322916266&UM=2&SearchSource=3&q={searchTerms}"); user_pref("browser.search.defaultenginename", "Trovi search"); user_pref("browser.search.selectedEngine", "Trovi search"); user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN40178461322916266&UM=2&q="); Added to C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default user.js not found ---- Lines {77e8143b-6759-416e-b521-82cfed75150b} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"url_advisor@kaspersky.com\":{\"descriptor\":\"C:\\\\Program Files ---- FireFox user.js and prefs.js backups ---- prefs_24-08-2014_2059_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\SearchProtect not found C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\searchplugins\conduit-search.xml deleted C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\searchplugins\conduit.xml deleted C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\searchplugins\trovi-search.xml deleted C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b} deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\sonja\AppData\Local\Temp ==== 2014-08-23 18:53:30 D2B7C6C7F95030E66500A15489542ADB 5371168 ----a-w- C:\Users\sonja\AppData\Local\Temp\DivX_Browser_Bar\tbDiv0.dll 2014-08-23 08:30:32 55136AFD228783F169125FDC49BE448D 2760896 ----a-w- C:\Users\sonja\AppData\Local\Temp\{B2D9E284-7E59-49F0-9E6B-9573D5D07652}\Cleaner\cleanapi.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-08-16 08:20:30 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2014-08-16 08:20:30 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-08-16 08:20:30 030041C8800A1781134B6EC3E3EF3F9C 291840 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-08-16 08:20:29 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-08-16 08:20:29 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-08-16 08:20:29 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-08-16 08:20:29 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-08-16 08:20:28 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-08-16 08:20:27 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-08-16 08:20:27 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-08-16 08:20:27 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2014-08-16 08:20:25 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-08-16 08:20:25 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-08-16 08:20:20 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-08-16 08:20:18 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-16 08:20:17 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2014-08-16 08:20:17 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-08-16 08:19:28 128EC9879D462F89829E663417FE5DBD 710144 ----a-w- C:\WINDOWS\SysWOW64\rpcrt4.dll 2014-08-16 08:19:25 38045850ACB96313A1983A8803302906 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-08-16 08:18:08 2C01D8EA2B0FA834597FCD96AAAE4F52 406400 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll 2014-08-16 08:18:07 DB3ED0BA26D7C598481A23E7D06A370E 2344448 ----a-w- C:\WINDOWS\SysWOW64\Wpc.dll 2014-08-16 08:17:56 5BD2BD14753D3B0ADDE842CDF25A4C60 2144984 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2014-08-16 08:17:55 949E0E42DAAD0418513B44C31A697CA5 1797896 ----a-w- C:\WINDOWS\SysWOW64\d3d9.dll 2014-08-16 08:17:48 1E14463F10B324B02EB2DA7415345D15 1473080 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2014-08-16 08:17:46 E28501E3A241DDC5DC65382E55661B1D 285696 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore.dll 2014-08-16 08:17:45 EA15CC7B75A2DE287E3B0C266A35490C 235008 ----a-w- C:\WINDOWS\SysWOW64\framedynos.dll 2014-08-16 08:17:45 E65B5352AD0743F1F59BDA9466719EFE 265216 ----a-w- C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-08-16 08:17:45 E4783EB6A6B2D04F3B541B378E843617 229888 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore6.dll 2014-08-16 08:17:44 0CCDFED2DFCD4FBA73EE989249379458 52736 ----a-w- C:\WINDOWS\SysWOW64\ncobjapi.dll 2014-08-16 08:17:42 A750BB0258ECF6265A903905A0B14EB3 198656 ----a-w- C:\WINDOWS\SysWOW64\WebClnt.dll 2014-08-16 08:17:41 BEA7A26C2C22381B6DD88758352B9D9B 62976 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2014-08-16 08:17:41 BA6E52B0D82682EDE4B49D9CCC7D529B 207360 ----a-w- C:\WINDOWS\SysWOW64\framedyn.dll 2014-08-16 08:17:41 855D508F0053CEDC3BBAF2CB245A674A 1035264 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll 2014-08-16 08:17:41 57E0A896C38C41C8B5B7F3127F8FD0D9 56320 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2014-08-16 08:17:41 4E07710A2C9EA43E7509BF7D0452430E 106496 ----a-w- C:\WINDOWS\SysWOW64\Robocopy.exe 2014-08-16 08:17:41 191B7F25BE13D9F9E56B2B4EA595AC62 11776 ----a-w- C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-08-16 08:17:28 FBE8AE41ED2A9FE4C2DE069C522CA9C0 12711424 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-08-16 08:17:27 854E970293BA92F9BB69FFD1CE051D9C 189016 ----a-w- C:\WINDOWS\SysWOW64\rsaenh.dll 2014-08-16 08:17:26 684CF6A72A8DF7D66D262AC4A6E07845 270848 ----a-w- C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-08-16 08:17:17 86DB4BA87BAF3D467D04821602E586A9 3304448 ----a-w- C:\WINDOWS\SysWOW64\msi.dll 2014-08-16 08:17:17 16CDD058883E38FB43D582FB080F721A 2318336 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2014-08-16 08:17:16 F8D0951A75826AD557CFAC323A936AA6 281088 ----a-w- C:\WINDOWS\SysWOW64\msihnd.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-08-23 09:33:17 48DA65F29BB4C5AD21EC67C2D64700D6 64856 ----a-w- C:\WINDOWS\Sysnative\klfphc.dll 2014-08-23 08:42:26 CB136B267569A62EF63D798BC90ABD5A 144 ----a-w- C:\WINDOWS\Sysnative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2014-08-23 08:34:52 6FB598E8DE02D879D17B35F144A1B3BC 270496 ------w- C:\WINDOWS\Sysnative\MpSigStub.exe 2014-08-23 08:21:59 3BC10FA856911EAE5FE7CD700FE137B5 451 ----a-w- C:\WINDOWS\Sysnative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-08-17 09:42:41 C27B20D9AA9BE41CCBFD512AABB0E6C3 697856 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2014-08-17 09:42:41 2D347489E43FAD4E51FDB51BEEBF13F4 527360 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2014-08-17 09:42:36 00AD15C6BA3C337CB68A476C0AD05338 918528 ----a-w- C:\WINDOWS\Sysnative\MrmCoreR.dll 2014-08-16 08:20:30 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-08-16 08:20:28 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-08-16 08:20:28 38D14F3D0A289050CA9BF8E98F37313F 333312 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2014-08-16 08:20:27 F00D0AE7648CA45C6434E2885485BE0B 452096 ----a-w- C:\WINDOWS\Sysnative\dxtmsft.dll 2014-08-16 08:20:27 1FD1F16C35946BA28FDEB40F18B7729D 631808 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-08-16 08:20:26 DB382D89D8004F40BD2C55BAE6A15B30 2774528 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-08-16 08:20:26 39A85C005BCDEEF4092646EBBC2526AA 2087936 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2014-08-16 08:20:25 1DE8B71A1C7D8943034188556AF50B07 292864 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2014-08-16 08:20:24 920F690FC7424DE71888AA2E46E917EA 758272 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll 2014-08-16 08:20:24 2639E152D246F2A651F09764807CA153 85504 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2014-08-16 08:20:24 1B26610C1659EF54ED000233FB96F20C 13547008 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-08-16 08:20:23 BAC44396088ECC1C9021ED3E3345337C 846336 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-08-16 08:20:23 472C409F9B0FF67C1015F511C73E1889 5824512 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-08-16 08:20:22 ECA387DCD57F683C52171C766CF400F0 23645696 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-08-16 08:20:19 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-08-16 08:20:18 19FA60D3AE1804A559306DE931A5B415 72704 ----a-w- C:\WINDOWS\Sysnative\JavaScriptCollectionAgent.dll 2014-08-16 08:20:17 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll 2014-08-16 08:20:17 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2014-08-16 08:19:29 1BB9CC78C91536CBA7B04B61ED0F85C4 1273184 ----a-w- C:\WINDOWS\Sysnative\rpcrt4.dll 2014-08-16 08:19:25 6DBE73C09215E281F4283641144110A5 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe 2014-08-16 08:18:08 59EAFAE3A34B4925990A2E679CA91C5B 517528 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll 2014-08-16 08:18:08 454978FB3D24DE5C4199162D5F81FBEE 2133504 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll 2014-08-16 08:18:07 E7DE316FEEFC79327CFAD8F527979CC0 3118080 ----a-w- C:\WINDOWS\Sysnative\Wpc.dll 2014-08-16 08:18:07 E2F4125BFAC99244088324A1841C0B83 3048880 ----a-w- C:\WINDOWS\Sysnative\WpcMon.exe 2014-08-16 08:18:07 BCCFB97B1B68DD18F2BDACFE37409386 716800 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll 2014-08-16 08:18:07 6BC31FB4E24A962C98801D3687A984C0 2861056 ----a-w- C:\WINDOWS\Sysnative\WpcWebSync.dll 2014-08-16 08:18:07 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe 2014-08-16 08:18:07 04142EC4BDD7F502922914F65A5EE1D1 4756992 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll 2014-08-16 08:17:55 C1E44A99F7CF8C3A08CD5ADDF451636C 2125344 ----a-w- C:\WINDOWS\Sysnative\d3d9.dll 2014-08-16 08:17:53 0CD0356C5BBCFDC1B7BCEEDE74AB348B 2140888 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2014-08-16 08:17:50 B6E947CE54A5AAD55484E0D3BC2D5948 1025536 ----a-w- C:\WINDOWS\Sysnative\localspl.dll 2014-08-16 08:17:49 EA432A85ABF371E14FB364D5F4405897 403968 ----a-w- C:\WINDOWS\Sysnative\vpnike.dll 2014-08-16 08:17:49 98D0985521BF8F7086EA9C860898A1EE 721408 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll 2014-08-16 08:17:49 05DE04005CE0D84D0E6AD21CAEB369C6 353280 ----a-w- C:\WINDOWS\Sysnative\dhcpcore.dll 2014-08-16 08:17:48 CED9FA1ECCF3E6B7028940FE22C69B40 1726224 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2014-08-16 08:17:47 D71845D255EA3FDC96A2DED98EE4C7D9 2844160 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll 2014-08-16 08:17:45 E07C80468D0C599BFF01D9D4EC7AEDC3 339456 ----a-w- C:\WINDOWS\Sysnative\bdesvc.dll 2014-08-16 08:17:45 6B374D279DC423FE69DB8DD1401E84FC 301056 ----a-w- C:\WINDOWS\Sysnative\framedynos.dll 2014-08-16 08:17:45 61FE99A86352AD6E27FA480CDC8B225A 285696 ----a-w- C:\WINDOWS\Sysnative\SkyDriveShell.dll 2014-08-16 08:17:45 20FB137ADDE1255F15F265A7BD9579BE 827392 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL 2014-08-16 08:17:45 10AC9494ECE22A2362E4E4D98C528D01 271872 ----a-w- C:\WINDOWS\Sysnative\dhcpcore6.dll 2014-08-16 08:17:44 FBB1841434072FFA76E4AD287448E34A 262656 ----a-w- C:\WINDOWS\Sysnative\framedyn.dll 2014-08-16 08:17:44 6CDCCD5323EEB8EBD66E02CB8C9C703F 118272 ----a-w- C:\WINDOWS\Sysnative\winbici.dll 2014-08-16 08:17:44 1824052F17B12B5D7B21445B869EE9F2 71168 ----a-w- C:\WINDOWS\Sysnative\ncobjapi.dll 2014-08-16 08:17:42 D261A12A43D33122CB90E70D3BC1CC68 226816 ----a-w- C:\WINDOWS\Sysnative\WebClnt.dll 2014-08-16 08:17:42 2616E8E9C8B66A67CFB6197E9517A2F2 123392 ----a-w- C:\WINDOWS\Sysnative\Robocopy.exe 2014-08-16 08:17:41 DEA76F90F9777E3427D70E380222B23B 1063424 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL 2014-08-16 08:17:41 D3883FBCA97D10C8A39632D6CDDC6E85 65024 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc6.dll 2014-08-16 08:17:41 CFD6DBED27511D7A5FBE33AFA7E6B669 76800 ----a-w- C:\WINDOWS\Sysnative\BulkOperationHost.exe 2014-08-16 08:17:41 B7CC32E00C5C5152D221DF182827F58E 50745 ----a-w- C:\WINDOWS\Sysnative\srms.dat 2014-08-16 08:17:41 7E1EBDB3424337ABB553F249A7811D94 87552 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc.dll 2014-08-16 08:17:41 71BAEAFD05B3040173F5BBEA2CFE9607 997888 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll 2014-08-16 08:17:29 50A49F3F16EF82E30BFB11E6B6A8F4A6 16871936 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2014-08-16 08:17:27 B312E157D20E727F30EAB3A250441B6F 284672 ----a-w- C:\WINDOWS\Sysnative\WUDFHost.exe 2014-08-16 08:17:27 9CDC2059A23E3C9B57696178508777E7 99840 ----a-w- C:\WINDOWS\Sysnative\WUDFSvc.dll 2014-08-16 08:17:27 313117AE2B0986ED7D3AA6AE10603239 216368 ----a-w- C:\WINDOWS\Sysnative\rsaenh.dll 2014-08-16 08:17:26 42D257559F97B30A94A027EB4555C62F 323584 ----a-w- C:\WINDOWS\Sysnative\DaOtpCredentialProvider.dll 2014-08-16 08:17:26 1A54E3DF2CBB8DBE8A17C87BB07E3A7E 209408 ----a-w- C:\WINDOWS\Sysnative\WUDFPlatform.dll 2014-08-16 08:17:26 08DCA300264238F9AE941302321F3D54 423768 ----a-w- C:\WINDOWS\Sysnative\hal.dll 2014-08-16 08:17:17 F381B380B7B2704EA4C0F8D8C49C1C50 623616 ----a-w- C:\WINDOWS\Sysnative\MDMAgent.exe 2014-08-16 08:17:17 68F887EF33C09CDA957A51ECE871D642 2642944 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2014-08-16 08:17:17 28E0C3AAA68579ABD9A27B92DFD5F119 2790912 ----a-w- C:\WINDOWS\Sysnative\msi.dll 2014-08-16 08:17:16 10D8859CF01C1284603582ABD9B0482C 114520 ----a-w- C:\WINDOWS\Sysnative\consent.exe 2014-08-16 08:17:16 08914C8989AB93F5EC3A452D014E2C8D 356352 ----a-w- C:\WINDOWS\Sysnative\msihnd.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-08-23 09:32:46 AD24A96001837D222B509CD579589DAB 67784 ----a-w- C:\WINDOWS\Sysnative\drivers\CSVirtualDiskDrv.sys 2014-08-23 09:32:45 4199113D7B588AC98575109DE363427E 98504 ----a-w- C:\WINDOWS\Sysnative\drivers\CSCrySec.sys 2014-08-23 09:31:37 F26A21FE88CB263D4CC327C6C5589F48 627264 ----a-w- C:\WINDOWS\Sysnative\drivers\klif.sys 2014-08-23 09:31:37 848E412FCE7485E2657EDF212E5EDC47 92768 ----a-w- C:\WINDOWS\Sysnative\drivers\klflt.sys 2014-08-16 08:19:30 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2014-08-16 08:18:08 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-08-16 08:17:45 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-08-16 08:17:45 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys 2014-08-16 08:17:42 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\WINDOWS\Sysnative\drivers\vwifimp.sys 2014-08-16 08:17:41 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\WINDOWS\Sysnative\drivers\vwififlt.sys 2014-08-16 08:17:27 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys 2014-08-16 08:17:27 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys 2014-08-16 08:17:27 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys 2014-08-16 08:17:27 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2014-08-16 08:17:27 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys 2014-08-16 08:17:27 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-08-16 08:17:26 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys 2014-08-16 08:17:26 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys 2014-08-16 08:17:26 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys ====== C:\WINDOWS\Tasks ====== 2014-08-23 13:34:43 83503E3EF7C2530E8D83D02ED23CF844 1066 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-23 13:34:43 249520B66F4949937A7C96CF260BD151 4038 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2014-08-23 13:34:42 64B729C464D88DE2DA32FF569A902146 3802 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2014-08-23 13:34:42 3F26988506A5D7A23E1600B7511DAE7E 1062 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-08-23 12:53:57 -------- d-----w- C:\Program Files\trend micro 2014-08-22 15:57:30 -------- d-----w- C:\Program Files\Common Files\Atheros ======= C:\PROGRA~2 ===== 2014-08-23 13:34:41 -------- d-----w- C:\PROGRA~2\Google 2014-08-23 09:32:00 -------- d-----w- C:\PROGRA~2\COMMON~1\InfoWatch 2014-08-23 09:31:53 -------- d-----w- C:\PROGRA~2\Kaspersky Lab 2014-08-06 05:55:30 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== 2014-08-17 08:52:41 5DFAF378BE9842658F52C4D0749292AF 1944 ----a-w- C:\{6E868001-2015-4F11-B3E0-24977D85DF82} ====== C:\Users\sonja\AppData\Roaming ====== 2014-08-24 14:25:29 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft 2014-08-23 13:01:15 -------- d-sh--w- C:\Users\sonja\AppData\Locallow\EmieUserList 2014-08-23 12:47:38 -------- d-sh--w- C:\Users\sonja\AppData\Local\EmieUserList 2014-08-23 12:47:38 -------- d-sh--w- C:\Users\sonja\AppData\Local\EmieSiteList 2014-08-23 12:47:25 -------- d-sh--w- C:\Users\sonja\AppData\Locallow\EmieSiteList 2014-08-23 12:14:36 -------- d-----w- C:\Users\sonja\AppData\Roaming\Kaspersky Lab 2014-08-23 09:01:09 -------- d-s---w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Locallow\Microsoft 2014-08-17 09:58:53 -------- d-----w- C:\Users\sonja\AppData\Local\ElevatedDiagnostics ====== C:\Users\sonja ====== 2014-08-24 12:00:09 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2014-08-23 13:35:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-23 12:53:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\sonja\Downloads\RSITx64.exe 2014-08-23 09:31:53 -------- d-----w- C:\ProgramData\Kaspersky Lab 2014-08-23 09:22:11 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (7).exe 2014-08-23 09:15:42 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (6).exe 2014-08-23 09:12:45 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (5).exe 2014-08-23 08:55:46 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (4).exe 2014-08-23 08:52:57 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (3).exe 2014-08-23 08:46:23 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (2).exe 2014-08-23 08:43:24 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (1).exe 2014-08-23 08:24:47 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl.exe 2014-08-23 08:22:22 -------- d-sh--w- C:\Users\sonja\IntelGraphicsProfiles 2014-08-06 05:54:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-08-24 18:55:33 8298CB3F570D8E8A6F94A8D5B12E8A77 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1844582946-3789836076-1901275052-1001\$I9KA3JU.exe 2014-08-24 18:55:29 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$Recycle.Bin\S-1-5-21-1844582946-3789836076-1901275052-1001\$R9KA3JU.exe 2014-08-24 14:23:17 4E9D8041D352A33332FD6F59A3A78B03 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2014-08-23 13:35:18 A31EEE18FD822AB0F976E30AC7595210 39734352 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\36.0.1985.143\36.0.1985.143_chrome_installer.exe 2014-08-23 13:34:42 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe 2014-08-23 13:34:42 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe 2014-08-23 13:34:42 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe 2014-08-23 13:34:42 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2014-08-23 13:34:41 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe 2014-08-23 13:34:41 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe 2014-08-23 13:34:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe 2014-08-23 13:34:41 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe 2014-08-23 13:34:37 F2E1B9CBACF89B79F1EAF7F0034EAC1B 10120 ----a-w- C:\Users\sonja\AppData\Local\Apps\2.0\OXG5BBC9.0VR\0MXQWOT5.1C0\inst...app_4fe91ede9f9bdca3_0001.0003_220833ca61e45306\clickonce_bootstrap.exe 2014-08-23 13:34:37 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\sonja\AppData\Local\Apps\2.0\OXG5BBC9.0VR\0MXQWOT5.1C0\inst...app_4fe91ede9f9bdca3_0001.0003_220833ca61e45306\GoogleUpdateSetup.exe 2014-08-23 13:34:37 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\sonja\AppData\Local\Apps\2.0\OXG5BBC9.0VR\0MXQWOT5.1C0\clic...exe_4fe91ede9f9bdca3_0001.0003_none_b13295ce3920a12c\GoogleUpdateSetup.exe 2014-08-23 12:53:58 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\sonja.exe 2014-08-23 12:53:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\sonja\Downloads\RSITx64.exe 2014-08-23 10:14:12 C1DEA1E17DCF8CEFF46D3C9573C2B270 16480 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\patch_e.exe 2014-08-23 10:14:11 87BDE6928835D34BE2AAE0ED0BEEA9B0 2113216 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spnmhost.exe 2014-08-23 10:14:11 55EB89C0ABC7189850321723F57FEEAA 2011328 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spuiamanager.exe 2014-08-23 10:14:02 95945D5465BFEB8469634E76F06FFCBF 64192 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\patch_f_nm.exe 2014-08-23 09:22:11 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (7).exe 2014-08-23 09:15:42 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (6).exe 2014-08-23 09:12:45 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (5).exe 2014-08-23 08:55:46 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (4).exe 2014-08-23 08:52:57 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (3).exe 2014-08-23 08:46:23 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (2).exe 2014-08-23 08:43:24 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl (1).exe 2014-08-23 08:34:52 6FB598E8DE02D879D17B35F144A1B3BC 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-08-23 08:24:47 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\sonja\Downloads\pure13.0.2.558nl-nl.exe 2014-08-22 16:52:40 5B236F32A8754FB68A9522FE98C739DC 11388416 ----a-w- C:\Users\sonja\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Netflix\dc9844c2358ae5624325fa4074fe8c39\Netflix.ni.exe 2014-08-22 15:59:22 AFE319BB81796FE48DCC48F0AAF100CF 2474832 ----a-w- C:\Windows\LastGood.Tmp\system32\IntelWiDiVAD64.exe 2014-08-22 15:58:56 F11139E511BC49A16380C0CC23980B2D 396248 ----a-w- C:\Windows\LastGood.Tmp\system32\CustomModeApp.exe 2014-08-22 15:58:56 4EB9060784FAC2993A760D38CA56487E 393688 ----a-w- C:\Windows\LastGood.Tmp\system32\igfxext.exe 2014-08-22 15:58:54 51F358BE1583FB3246020E36DEEB3E0F 391128 ----a-w- C:\Windows\LastGood.Tmp\system32\igfxTray.exe 2014-08-22 15:58:54 17A71AE9CCB48F5FDEAAB4E4DA48A1E4 7587800 ----a-w- C:\Windows\LastGood.Tmp\system32\GfxUIEx.exe 2014-08-22 15:58:53 DA52B626AACEB4E6329DB150681AAD04 153048 ----a-w- C:\Windows\LastGood.Tmp\system32\difx64.exe 2014-08-22 15:58:53 034643AFE2973A175E782AE530A0683C 279000 ----a-w- C:\Windows\LastGood.Tmp\SysWow64\IntelCpHeciSvc.exe === C: other files == 2014-08-23 14:50:31 92EE9BE40D03544C5A99FA0153A5E746 90208 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\klflt.sys 2014-08-23 14:50:31 5F247D87B44E26AED440A063A7A4FDB7 625760 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\p\klif.sys 2014-08-23 14:50:31 5F247D87B44E26AED440A063A7A4FDB7 625760 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\klif.sys 2014-08-23 14:50:31 1B5B924D27399F41DECD1CC6D706429F 28504 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_e_\drv64\602\p\klim6.sys 2014-08-23 14:50:31 1B5B924D27399F41DECD1CC6D706429F 28504 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_e_\drv64\602\klim6.sys 2014-08-23 14:50:30 92EE9BE40D03544C5A99FA0153A5E746 90208 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\p\klflt.sys 2014-08-23 10:14:10 5D1971103016CBD45FD6C07EB8127105 90424 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\kpmautofillnm.crx 2014-08-23 09:32:46 AD24A96001837D222B509CD579589DAB 67784 -c--a-w- C:\Windows\System32\DRVSTORE\CSVirtualD_F7916E11D7681A24B36211064D371658D8254487\win8\amd64\CSVirtualDiskDrv.sys 2014-08-23 09:32:46 AD24A96001837D222B509CD579589DAB 67784 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys 2014-08-23 09:32:45 4199113D7B588AC98575109DE363427E 98504 -c--a-w- C:\Windows\System32\DRVSTORE\CSCrySec_w_F7916E11D7681A24B36211064D371658D8254487\win8\amd64\CSCrySec.sys 2014-08-23 09:32:45 4199113D7B588AC98575109DE363427E 98504 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys 2014-08-23 09:31:37 F26A21FE88CB263D4CC327C6C5589F48 627264 ----a-w- C:\Windows\System32\drivers\klif.sys 2014-08-23 09:31:37 848E412FCE7485E2657EDF212E5EDC47 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys 2014-08-23 08:42:26 CB136B267569A62EF63D798BC90ABD5A 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2014-08-23 08:21:59 3BC10FA856911EAE5FE7CD700FE137B5 451 ----a-w- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-08-22 15:58:43 7A5A61997B5404C8EDDFCC62378164DC 4185600 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\igdkmd64.sys 2014-08-22 15:57:29 7A38787D2CF43FA2812E2BF86F636BB9 581200 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\btfilter.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1844582946-3789836076-1901275052-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Spotify Web Helper"="C:\Users\sonja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\sonja\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "HP Officejet 4620 series (NET)"="C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe -deviceID CN3BF350JH05RT:NW -scfn HP Officejet 4620 series (NET) -AutoStart 1" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BakupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -k -h" "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Spotify Web Helper"="C:\Users\sonja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\sonja\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "HP Officejet 4620 series (NET)"="C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe -deviceID CN3BF350JH05RT:NW -scfn HP Officejet 4620 series (NET) -AutoStart 1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" ==== Startup Folders ====================== 2014-03-24 17:35:01 1960 ----a-w- C:\Users\sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet 4620 series (netwerk).lnk 2013-04-06 21:03:16 1304 ----a-w- C:\Users\sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2012-09-11 17:22:35 2173 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk 2013-01-17 13:51:41 2103 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-07-2014 19:23] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-08-2014 15:34] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-08-2014 15:34] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844582946-3789836076-1901275052-1001Core.job --a-------- C:\Users\sonja\AppData\Local\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\WINDOWS\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Officejet 4620 series" ["C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\iuBrowserIEAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe"] "C:\WINDOWS\SysNative\tasks\iuEmailOutlookAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe"] "C:\WINDOWS\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3D4778A2-8C15-4B42-9D0F-0B9D2852475C}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [23-08-2014 12:14] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{72CA2996-F580-47DF-98FF-0B853D09CEC8}"="C:\Users\sonja\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill" [23-08-2014 14:25] ==== Firefox Extensions ====================== ProfilePath: C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default - Wtyczka Menedera hase - C:\Users\sonja\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill - Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com - Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default 4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash 341B3AE026B143DBC17BA1E1E0BAE3D6 - C:\Users\sonja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 1BB1021A875B010EE26D539053B0F894 - C:\Users\sonja\AppData\Roaming\Mozilla\Firefox\Profiles\vxym4j8w.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll - 20-20 3D Viewer for IKEA ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[28-11-2013 12:06] lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[] nppllibpnmahfaklnpggkibhkapjkeob - No path found[] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[28-11-2013 12:06] pkmpcdbgnfjfeelcpebpkflcmbkclfho - C:\Users\sonja\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx[12-01-2014 16:09] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions pkmpcdbgnfjfeelcpebpkflcmbkclfho - C:\Users\sonja\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx[12-01-2014 16:09] Google Docs - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky URL Advisor - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj Kaspersky Protection - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh Google Wallet - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Anti-Banner - sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman ==== Chromium Startpages ====================== C:\Users\sonja\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://acer13.msn.com/", "startup_urls": [ "http://google.nl/", "http://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ENL&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ENL&apn_dbr=cr_34.0.1847.116&apn_uid=6D040832-A91C-4B6E-B71E-E42174E922EF&itbv=12.10.6.53&doi=2014-04-28&psv=" ], ==== C:\zoek_backup content ====================== C:\zoek_backup (files=398 folders=114 6776769 bytes) ==== EOF on zo 24-08-2014 at 21:04:15,31 ======================