
Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Jan-Paul on wo 22-10-2014 at  7:05:36,12.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jan-Paul\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

22-10-2014 7:07:17 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files\Enigma Software Group deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Jan-Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vh5hqydk.default\jetpack deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Jan-Paul\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-20 12:13:04	B9F9FD6188CC732F19DB69CAE5CC597C	272808	----a-w-	C:\Windows\SysWOW64\javaws.exe
2014-10-20 12:12:55	8FA677D5F2AFE2A3F111C50D68A93542	98216	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 12:12:55	3594C0ABBFFE10B3CF95714B8B3C89A4	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2014-10-20 12:12:55	095826BCBBFA5C09C72463A82612B23C	175528	----a-w-	C:\Windows\SysWOW64\java.exe
2014-10-16 06:35:25	A139A5E6B34F136405B030EA04595A20	156824	----a-w-	C:\Windows\SysWOW64\mscorier.dll
2014-10-16 06:35:25	8580484193CE0A0788830FBAB97CF13B	1131664	----a-w-	C:\Windows\SysWOW64\dfshim.dll
2014-10-16 06:35:24	D5D5BBF6AA45D820BAA0BD1303B8AAF6	81560	----a-w-	C:\Windows\SysWOW64\mscories.dll
2014-10-16 06:35:16	DF59F2510EDABBF216FA837D5D964106	51200	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 06:35:16	D78C4DB153874DB7AC6AA6A03BE38B66	331448	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 06:35:16	BD66BA5A924DCC8392CFAEB67131A246	597504	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 06:35:16	97F2F82BF0B4AF86A85FFDD78DFDC87D	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 06:35:16	604C67F58747D6A333EA641BCCC2C842	32768	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-10-16 06:35:16	3065FF6794A7FDC882F0DA8B6230AB6E	1190400	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-10-16 06:35:16	201EAFA3F17BE4990999C28657212D8E	69632	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 06:35:15	F91E55DA404B834648A3B0A2477C10DB	17484800	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-10-16 06:35:15	B89F5D2B3D3BC730FAB93CFCD931742F	607744	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 06:35:15	B5B1C277E46A5B0E2FC63E5FC5624CE5	365056	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 06:35:14	8FAA1E45198C4ECEC691326B7F5E71C5	61952	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-10-16 06:35:14	835807E2AC0A8FA15B9A2EA80E2D5169	2017280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 06:35:14	58EC068116BCE16A94B1B2C429A35E41	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 06:35:14	55A400FDB21D157E947A0EE65AEDB1B3	2187264	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-10-16 06:35:13	EF94FA1F3D90520CCA4AE65D639A9E62	11807232	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-10-16 06:35:13	B74B348D13134D67B4F68ADDDC76A447	43008	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 06:35:13	410BECCA3354D471E45344F0754CC0E4	243200	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 06:35:13	158690737381C49120165A7F3F5D13EB	440320	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-10-16 06:35:11	FBE852643EDEB9D6D6502AFE6017CD64	678400	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 06:35:11	DF4BA130BD41F29A894E026E456B8481	454656	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-10-16 06:35:11	D03EB7605435FE24ADE670661A932651	4201472	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-10-16 06:35:11	AA103FEAD721863B86A1B1260948E662	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 06:35:11	8E8E6E7B4CC27B92F40F74E29C1F6290	1068032	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 06:35:11	7AE80F921027CF88CB9D0433088A3E55	1810944	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-10-16 06:35:11	6D4DD5706C297234F457B9D9018C493F	61952	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 06:35:11	2409C41081D657A3FABE3659BB989AFB	164864	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-10-16 06:34:58	3888D02CE6413C2A06D903DE1C778BF5	2363904	----a-w-	C:\Windows\SysWOW64\msi.dll
2014-10-16 06:34:53	6BEA81D3173FC13402033ADC86C88E29	1050112	----a-w-	C:\Windows\SysWOW64\mstsc.exe
2014-10-16 06:34:53	471B09D4C3A4EFE36A18CC1F433FE299	4922368	----a-w-	C:\Windows\SysWOW64\mstscax.dll
2014-10-16 06:34:53	22FE6C9FB6C490F9D279F95E5996323D	37376	----a-w-	C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 06:34:53	157E827DCEF60AB109537FD34885725A	269312	----a-w-	C:\Windows\SysWOW64\aaclient.dll
2014-10-16 06:34:49	37C395C075E6FA66623C82DE50A8FAED	372736	----a-w-	C:\Windows\SysWOW64\rastls.dll
2014-10-16 06:34:41	FD67683FBA9B2C4BB551780BD8846F64	157696	----a-w-	C:\Windows\SysWOW64\winsta.dll
2014-10-16 06:34:40	DB1D6751689B4A7EE2439C64F2ADF1C9	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2014-10-16 06:34:40	13829161C1297F4170A5546430147BBD	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 06:34:35	C120855C1133DF8FFD5E0C04A7E70B67	67072	----a-w-	C:\Windows\SysWOW64\packager.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-16 06:35:27	5602D4C331FD7938ADE06D9242138922	3198976	----a-w-	C:\Windows\Sysnative\win32k.sys
2014-10-16 06:35:25	2D6C77A3DB3D8EE00FB55834A67E4073	156312	----a-w-	C:\Windows\Sysnative\mscorier.dll
2014-10-16 06:35:24	50EC828370CB5F5E9FF08B10F1B701C8	73880	----a-w-	C:\Windows\Sysnative\mscories.dll
2014-10-16 06:35:24	5083CC5456FE8A5D21ECF9E32ACC779F	1943696	----a-w-	C:\Windows\Sysnative\dfshim.dll
2014-10-16 06:35:20	974F83636F841739FEA5CC6219BFB241	276480	----a-w-	C:\Windows\Sysnative\generaltel.dll
2014-10-16 06:35:20	510D5492BCA9E63E10E3CE0285965722	507392	----a-w-	C:\Windows\Sysnative\aepdu.dll
2014-10-16 06:35:19	767D478BB4B2F84B47B3C0956E6A5A05	424448	----a-w-	C:\Windows\Sysnative\aeinv.dll
2014-10-16 06:35:16	C109D5136DF0A6CA668C7AD888AA125F	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-10-16 06:35:16	739D9C9F220CCEDAFD8212C6B976B60D	33792	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-10-16 06:35:16	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-10-16 06:35:15	DD8E9C85F9F428859713055183661956	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-16 06:35:15	4D21F4FDF57DF86FAD9149ED1C071D15	72704	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-16 06:35:14	87D14AF9A2C3F3D5233B613CFA9C321D	378552	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2014-10-16 06:35:14	0F5A279522FA6A30C9C5A297A1064933	1447936	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-10-16 06:35:13	E9109E91BB8366759822DC2FC9B5DA8B	111616	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-10-16 06:35:13	DAF317E9F4CEC206D0D443014A427341	446464	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-10-16 06:35:13	B07E9AFF50DC007E7D5AC54736AA5A25	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-16 06:35:13	45B736E3184B68515FDB71D4083A9BCF	731136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-10-16 06:35:12	646C004F58AA4762F92BF7C595216C37	2108416	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-10-16 06:35:12	050FD78BA4EFA62417F61F4C098B5B25	2796032	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-10-16 06:35:12	0467A4DDA6B2CE8E27A8178BF035BA18	66048	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-10-16 06:35:11	BE37AA454460539877420951EEA16EF0	51200	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-10-16 06:35:10	A2105E46DC9CE38A1D57FB124436E1BC	85504	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-10-16 06:35:10	98241BE7EB26C41562D33393DD12608F	289280	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-10-16 06:35:10	88D2165E07CEDC3F34CBE1A5A807673D	595968	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-10-16 06:35:10	7E60EE8A68F7270D1E1662CBA275D4FA	13619200	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-10-16 06:35:09	F9FA80C1CB6EAC55A7F534937F6AC4E4	139264	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-10-16 06:35:09	DB101A62F9BF8E7765685950169EF52B	758272	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-10-16 06:35:09	D3B07C2FABEAE749E4E51F1E93CABA23	5829632	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-10-16 06:35:09	70527367E5779C3537992F0768D9C59A	1249280	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-16 06:35:09	328143D6BC5951E1797BD524C4E98CDC	547328	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-10-16 06:35:09	2E5AF1507CBE735B4D7EBFF1908EA0E1	775168	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-10-16 06:35:08	EB710A3AF29BEC4EE7475A1ED5C575DE	195584	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-10-16 06:35:08	9D98D4F390F0B14A782F3B931E613A1A	2309632	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-10-16 06:35:08	30FB9ABB6C45C3299CFA5F556904DD5F	83968	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2014-10-16 06:35:08	15847E14811FEDDF77E934AF4F0BEF45	940032	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-16 06:35:07	7415B29AFE2E4494A57358B8C7E78600	23631360	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-10-16 06:34:59	ADD3F2C3E6B89BD16D4BFC61B3658DD9	3241472	----a-w-	C:\Windows\Sysnative\msi.dll
2014-10-16 06:34:53	E345E529C548F9A876DE0FCC9447F32C	1125888	----a-w-	C:\Windows\Sysnative\mstsc.exe
2014-10-16 06:34:53	C234A772C8A9198F302ECE50B05AC258	322560	----a-w-	C:\Windows\Sysnative\aaclient.dll
2014-10-16 06:34:53	760453BB975A6615D360651718CA3866	44032	----a-w-	C:\Windows\Sysnative\tsgqec.dll
2014-10-16 06:34:52	FDC825DBD7B8FD5AEFE573E19342071B	5780480	----a-w-	C:\Windows\Sysnative\mstscax.dll
2014-10-16 06:34:52	E9CB5F138943D383DB67F29AAB60453F	3179520	----a-w-	C:\Windows\Sysnative\rdpcorets.dll
2014-10-16 06:34:49	DD7C31F12936795C0516BB6C59CBCCD8	424448	----a-w-	C:\Windows\Sysnative\rastls.dll
2014-10-16 06:34:42	4FC4C50985E5B840F4D72E57286887B8	681984	----a-w-	C:\Windows\Sysnative\termsrv.dll
2014-10-16 06:34:41	C23B6D9D16FD86F446BE607CA18389D9	235520	----a-w-	C:\Windows\Sysnative\winsta.dll
2014-10-16 06:34:41	0374D83D003043E7DE33036294A2EFAE	150528	----a-w-	C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-16 06:34:40	85E03B6E05939845BC924C91AEDE0E24	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2014-10-16 06:34:40	560CF90C026C0FE51CC6820302FF94FE	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2014-10-16 06:34:36	1DB68B8A1E3BDE3C19F1D3612CE436CA	77312	----a-w-	C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-16 06:34:41	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 06:34:40	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-09-23 06:09:15	--------	d-----w-	C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-23 06:07:14	--------	d-----w-	C:\Program Files\Microsoft Office 15
======= C:\PROGRA~2 =====
2014-10-20 13:21:24	--------	d-----w-	C:\PROGRA~2\OpenOffice 4
2014-10-20 12:13:15	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2014-10-20 12:12:46	--------	d-----w-	C:\PROGRA~2\Java
2014-09-23 06:14:32	--------	d-----w-	C:\PROGRA~2\Microsoft OneDrive
2014-09-23 06:12:46	--------	d-----w-	C:\PROGRA~2\COMMON~1\DESIGNER
======= C: =====
2014-10-16 08:03:04	05916CAF1B9DEC2BD05AC5276B675584	3288	------w-	C:\bootsqm.dat
2014-10-03 10:34:59	F31BEDAD72F183171855512150F7705D	782286848	----a-w-	C:\WildWales.avi
====== C:\Users\Jan-Paul\AppData\Roaming ======
2014-10-20 13:29:02	--------	d-----w-	C:\Users\Jan-Paul\AppData\Roaming\OpenOffice
2014-10-14 18:17:14	--------	d-----w-	C:\Users\Jan-Paul\AppData\Local\Adobe
====== C:\Users\Jan-Paul ======
2014-10-21 17:35:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Jan-Paul\Downloads\RSITx64.exe
2014-10-20 13:22:27	--------	d-s---w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-20 13:19:17	41C25B061772336930C28DBC828BB023	138907477	----a-w-	C:\Users\Jan-Paul\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_nl.exe
2014-10-20 12:12:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 06:14:32	--------	d-----r-	C:\Users\Jan-Paul\OneDrive
2014-09-23 06:14:23	--------	d-----w-	C:\ProgramData\Microsoft OneDrive
2014-09-23 06:09:10	--------	d-----w-	C:\ProgramData\regid.1991-06.com.microsoft
2014-09-23 06:08:24	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

====== C: exe-files ==
2014-10-21 17:35:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Jan-Paul\Downloads\RSITx64.exe
2014-10-20 13:19:17	41C25B061772336930C28DBC828BB023	138907477	----a-w-	C:\Users\Jan-Paul\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_nl.exe
2014-10-20 12:13:04	B9F9FD6188CC732F19DB69CAE5CC597C	272808	----a-w-	C:\Windows\SysWOW64\javaws.exe
2014-10-20 12:12:55	3594C0ABBFFE10B3CF95714B8B3C89A4	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2014-10-20 12:12:55	095826BCBBFA5C09C72463A82612B23C	175528	----a-w-	C:\Windows\SysWOW64\java.exe
2014-10-20 12:12:50	EAFDA2D17FF6CC0B2AFEE21E9134EBF8	145832	----a-w-	C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-10-20 12:12:50	CBE8C6FAEDBA9A2C2577133F0321CBD8	16808	----a-w-	C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-10-20 12:12:49	DB769E9AE525963168BD4B60BFBF55EB	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-10-20 12:12:49	BFEC01FEA21A749C43DE15F1644E7900	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-10-20 12:12:49	BDB4ABB929ADBC7B98E1087830809564	16808	----a-w-	C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-10-20 12:12:49	9FF29AE2E75939EFF8A390AD51F5FEFF	50088	----a-w-	C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-10-20 12:12:49	9D9A28606B59C3D8D8FD1F7704AAAD81	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-10-20 12:12:49	74222EDB01CF2D9865D8AC1EEE7C5B63	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-10-20 12:12:49	6DCF8B667B6C9AD851B2B5CB256521ED	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-10-20 12:12:48	EEFD7F935D944118FED39D3041352990	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-10-20 12:12:48	DBDB1A25291B2D18C614F5CA963156A8	182696	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-10-20 12:12:48	C935769C537A94BC026BD813015DA450	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-10-20 12:12:48	93F297984DB0561694F6454A3066D542	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-10-20 12:12:48	93CFE0C1473D2220FBDA2A9C08848F34	75688	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-10-20 12:12:48	6A4970A237A9FE01A36C4181E2A8C1B0	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-10-20 12:12:47	E04E87CDF6CA797BA7C8EA45228FE9E0	48040	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-10-20 12:12:47	DD8E9CE0BDF8CE1131004673D9C5444D	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-10-20 12:12:47	D3BC8953C21770FC147064B0BAE78063	68008	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-10-20 12:12:47	B9F9FD6188CC732F19DB69CAE5CC597C	272808	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-10-20 12:12:47	3594C0ABBFFE10B3CF95714B8B3C89A4	175528	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-10-20 12:12:47	095826BCBBFA5C09C72463A82612B23C	175528	----a-w-	C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-10-20 12:11:27	3842C46F2FBC7522EF625F1833530804	145408	----a-w-	C:\Users\Jan-Paul\AppData\LocalLow\Sun\Java\jre1.7.0_71\lzma.exe
2014-10-18 09:04:03	8D7A1204CC0086FDE7C3C3A08D1840C9	6014120	----a-w-	C:\Program Files\Microsoft Office 15\root\Integration\onedrivesetup.exe
2014-10-18 09:03:55	E9429F79D6CB4A55507670848CB4C114	1092304	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe
2014-10-18 09:03:55	2E758A0977496EFA266A83D799C9DB8D	39576	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe
2014-10-18 09:03:52	D30F6062378AC3841FB6DAB3BF8985BC	550584	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe
2014-10-18 09:03:51	EF5CDAC3A3CE8B9A7F357805A96DB35D	207008	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msoxmled.exe
2014-10-18 09:03:51	10BE343895F94B7426A03DD84026DD64	480984	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe
2014-10-18 09:03:50	CB4DFF5A901C67427ADEE1D3BEC52950	5646032	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe
2014-10-18 09:03:50	5CD0D12DDEF5C55F7A64DCECFBDA69EF	81640	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
2014-10-18 09:03:50	40217D2B91E975A2B0B1ABECD138609F	7683792	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe
2014-10-18 09:03:48	BFE82F5FE97A17DD9123B5258B0FD254	474336	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe
2014-10-18 09:03:48	5E593E51508443A06C6D1CEAF337FEB7	528584	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe
2014-10-18 09:03:48	368658067770F2D16144B14252BEBACE	217768	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\msoxmled.exe
2014-10-18 09:03:48	026130F14E4B37D5C4301FDCEB57880B	842448	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe
2014-10-18 09:03:47	6CCAF0A53351077CA8E5EE0499ADB576	1846952	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe
2014-10-18 09:03:47	5B27F9BE01A48BD5AC13DFCF51419A41	25705112	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\excel.exe
2014-10-18 09:03:46	261F4557C83373370330F2E48B9B7DFB	1923232	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\winword.exe
2014-10-18 09:03:45	CDE3EEF1B73343A8C4DBC2CEC213A3B5	18945704	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
2014-10-18 09:03:45	9AB01296A58B780E181879B3797AECC3	874152	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2014-10-18 09:03:41	81527A17C053AF3E3727773D2C450BB3	569584	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\orgchart.exe
2014-10-18 09:03:39	7576EBAE4823160E869E7BE0159A809B	1764512	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\onenote.exe
2014-10-18 09:03:37	8165B35717D280000ECD14E76E910FE6	15518880	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msaccess.exe
2014-10-18 09:03:36	F710ED039556A1B99BDD2052897BE1A2	10773152	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\mspub.exe
2014-10-18 09:03:35	B303F05ACAC08E4C382CA0B304B36258	449208	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
2014-10-18 09:03:35	4AFE484AE31937293601AD30CDEBB9A9	497848	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msouc.exe
2014-10-18 09:03:33	C4DB721EDCD74219F5E0F02D5823597D	517360	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe
2014-10-18 09:03:33	2F2A1441874F210ED25A1AA4683F218F	4522680	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\graph.exe
2014-10-18 09:03:32	78203615303DCBDA99BA7E3FFDACC022	21930648	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2014-10-18 09:03:32	0384F9AD56CB8EFA5BC7165EF531A87A	991904	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\firstrun.exe
2014-10-18 09:03:30	9152AE0B52305D48C9E291936501823C	228536	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\clview.exe
2014-10-16 06:35:20	D43F34B4901C499FE13798149879DCD8	161960	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-10-16 06:35:19	97EBB8C10D4A6CA575E3D916B25A3BEF	46752	----a-w-	C:\Windows\System32\CompatTel\wicainventory.exe
2014-10-16 06:35:16	6B9FDB34A5A490FF6A7EDE280062626A	810680	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-10-16 06:35:16	54C9747BB0A64F4D9D401E4648363386	222720	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-10-16 06:35:16	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\Windows\System32\ie4uinit.exe
2014-10-16 06:35:14	F9F310F9FB7F294F00ABDD03453D8CEE	812736	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-16 06:35:14	649E8F572EC0D929F4EED13A53AC0475	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-16 06:35:14	53E24F2DB97EFAF85FE093AA254790EC	470528	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-16 06:35:13	E9109E91BB8366759822DC2FC9B5DA8B	111616	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-10-16 06:35:12	C876F8303AA30481A36FE2AACDE77671	483840	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-16 06:35:11	AA103FEAD721863B86A1B1260948E662	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 06:35:09	F9FA80C1CB6EAC55A7F534937F6AC4E4	139264	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-10-16 06:35:08	15847E14811FEDDF77E934AF4F0BEF45	940032	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-16 06:34:53	E345E529C548F9A876DE0FCC9447F32C	1125888	----a-w-	C:\Windows\System32\mstsc.exe
2014-10-16 06:34:53	6BEA81D3173FC13402033ADC86C88E29	1050112	----a-w-	C:\Windows\SysWOW64\mstsc.exe
=== C: other files ==
2014-10-20 13:12:48	C09B15A64E82065D73CDE01A62C46806	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2150365848-409445085-48682015-1000\$IJ5I2DN.zip
2014-10-20 13:07:27	0CC381DB4AF2778BFFBA3A9157575C38	8140199	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2150365848-409445085-48682015-1000\$RJ5I2DN.zip
2014-10-20 12:12:50	EC9D939B904C3A942484AFB3293AA413	18714	----a-w-	C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-10-16 06:35:27	5602D4C331FD7938ADE06D9242138922	3198976	----a-w-	C:\Windows\System32\win32k.sys
2014-10-16 06:34:41	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2014-10-16 06:34:40	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\System32\drivers\tssecsrv.sys

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d=60"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Configuration"="C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe /RunWithOS"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTSyncService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSyncService"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\InstallShield Installation Information\\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\\AMBSPISyncService.exe /StartRunKey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RunDLLEntry]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLLEntry"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\RunDLL32.exe C:\\Windows\\system32\\AmbRunE.dll,RunDLLEntry"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\Windows\\UpdReg.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VolPanel]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VolPanel"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Creative\\SB X-Fi MB\\Volume Panel\\VolPanlu.exe\" /r"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16-10-2014 10:11]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-05-2013 13:32]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-05-2013 13:32]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{50E5875B-5036-42DC-91D0-71B258C441D0}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jan-Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vh5hqydk.default
- Lightbeam - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jan-Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vh5hqydk.default
63F8C13F269B10BC9363B007DAAACAE6	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll -	Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Chromium Look ======================


==== Chromium Startpages ======================

C:\Users\Jan-Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msn.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msn.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan-Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan-Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jan-Paul\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=7 5885888 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jan-Paul\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jan-Paul\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on wo 22-10-2014 at  7:36:22,47 ======================