Zoek.exe v5.0.0.0 Updated 31-March-2015 Tool run by hfm on wo 01-04-2015 at 9:30:23,20. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hfm\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 1-4-2015 09:33:20 Zoek.exe System Restore Point Created Successfully. ==== Folders Found ====================== 2012-12-20 04:26:50 2014-10-08 21:21:01 -------- d-----w- C:\Program Files\Common Files\mcafee 2012-12-20 04:26:50 2014-10-08 21:21:01 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee 2012-12-20 04:26:45 2014-10-04 17:12:48 -------- d-----w- C:\ProgramData\McAfee 2012-12-20 04:26:45 2014-10-04 17:12:48 -------- d-----w- C:\Users\All Users\McAfee ==== Files Found ====================== ==== Registry Search Results for "mcafee" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension] [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension] @="C:\\Program Files (x86)\\McAfee\\SiteAdvisor\\siteadvisor.mcafee.chrome.extension.json" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Core] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Core] "Install Dir"="C:\\Program Files\\Common Files\\McAfee\\Core" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Events] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Events\MPF] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Events\MPS] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Events\VSO] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McSvcHost] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McSvcHost] "InstallDir"="C:\\Program Files\\Common Files\\McAfee\\McSvcHost" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McSvcHost\McCoreSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McSvcHost\McCoreSvc] @="McMSCSvc;McProxy;McNaiAnn;McNASvc;McMPFSvc;MSK80Service;McAfee SiteAdvisor Service;McOobeSv;McATScheduler;McSchedulerSvc" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McSvcHost\McCoreSvc\OobeExclusionList] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM] "Install Dir"="C:\\Program Files\\McAfee\\MSM" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM] "smurl"="https://sm.mcafee.com/syncmessage.aspx" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM\Providers] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM\Providers\MSC] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM\Providers\MSC] "PPath"="C:\\Program Files\\Common Files\\McAfee\\MSC\\McDspWrp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSM\Providers\MSC] "PUIPath"="C:\\Program Files\\McAfee\\MSM\\mcsmpui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\McSvcHost] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\McSvcHost] "Path"="C:\\Program Files\\Common Files\\McAfee\\McSvcHost\\mcsvchost.inf" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}] "AppPath"="c:\\Program Files (x86)\\McAfee\\SiteAdvisor" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\InProcServer32] @="c:\\progra~2\\common~1\\mcafee\\msc\\coreps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn\shell\open] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn\shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B219F24-094D-4832-97AA-AC4ED2786C02}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc\\mcdspwrp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0B219F24-094D-4832-97AA-AC4ED2786C02}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\nmc\\mcndsv.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\nmc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21744EC7-5D4B-446E-B0D8-EDB444CE70C2}\1.0] @="McAfee Script Helper Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21744EC7-5D4B-446E-B0D8-EDB444CE70C2}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc\\mcscrhlp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{21744EC7-5D4B-446E-B0D8-EDB444CE70C2}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0\0\win32] @="c:\\progra~2\\common~1\\mcafee\\msc\\coreps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\core\\mccoreps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\core" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9A05CED2-C82B-4E04-8164-DF7F08E86834}\1.0] @="McAfee HackerWatch Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9A05CED2-C82B-4E04-8164-DF7F08E86834}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\HACKER~1\\hwapi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9A05CED2-C82B-4E04-8164-DF7F08E86834}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\HACKER~1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A591F293-0DB9-4241-B82A-FD754A9370C4}\1.0] @="McAfee VirusScan API 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A591F293-0DB9-4241-B82A-FD754A9370C4}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B9703596-2432-4229-A61D-E19A9D47AC38}\1.0] @="McAfee VirusScan Shim Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B9703596-2432-4229-A61D-E19A9D47AC38}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcoasshm.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDFC2DE2-7A70-47A8-9A1E-3BC33E987BEE}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\naiann.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ECF02C8C-79EE-461E-9065-278139A5FA7A}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\msm\\mcsmtstr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED1029B8-9E09-4B34-8068-A251FD55AB42}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\msc\\mcmscsub.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0] @="McAfee VirusScan SettingManager API 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsocfg.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAC9A66E-4861-48E1-8165-F43147760B26}\1.0] @="McAfee VirusScan ODS 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAC9A66E-4861-48E1-8165-F43147760B26}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\InProcServer32] @="c:\\progra~2\\common~1\\mcafee\\msc\\coreps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0B219F24-094D-4832-97AA-AC4ED2786C02}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc\\mcdspwrp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0B219F24-094D-4832-97AA-AC4ED2786C02}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\nmc\\mcndsv.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\nmc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21744EC7-5D4B-446E-B0D8-EDB444CE70C2}\1.0] @="McAfee Script Helper Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21744EC7-5D4B-446E-B0D8-EDB444CE70C2}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc\\mcscrhlp.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{21744EC7-5D4B-446E-B0D8-EDB444CE70C2}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\msc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0\0\win32] @="c:\\progra~2\\common~1\\mcafee\\msc\\coreps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\core\\mccoreps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\core" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9A05CED2-C82B-4E04-8164-DF7F08E86834}\1.0] @="McAfee HackerWatch Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9A05CED2-C82B-4E04-8164-DF7F08E86834}\1.0\0\win64] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\HACKER~1\\hwapi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9A05CED2-C82B-4E04-8164-DF7F08E86834}\1.0\HELPDIR] @="c:\\PROGRA~1\\COMMON~1\\mcafee\\HACKER~1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A591F293-0DB9-4241-B82A-FD754A9370C4}\1.0] @="McAfee VirusScan API 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A591F293-0DB9-4241-B82A-FD754A9370C4}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B9703596-2432-4229-A61D-E19A9D47AC38}\1.0] @="McAfee VirusScan Shim Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B9703596-2432-4229-A61D-E19A9D47AC38}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcoasshm.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CDFC2DE2-7A70-47A8-9A1E-3BC33E987BEE}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\naiann.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ECF02C8C-79EE-461E-9065-278139A5FA7A}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\msm\\mcsmtstr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED1029B8-9E09-4B34-8068-A251FD55AB42}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\msc\\mcmscsub.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0] @="McAfee VirusScan SettingManager API 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsocfg.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAC9A66E-4861-48E1-8165-F43147760B26}\1.0] @="McAfee VirusScan ODS 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAC9A66E-4861-48E1-8165-F43147760B26}\1.0\0\win64] @="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11949497-D45E-4D66-B54C-359E4C56EF23}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\Program Files\\Common Files\\mcafee\\mcsvchost\\McSvHost.exe|Name=McAfee Shared Service Host|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{932B982B-00D4-4AAA-A64A-54E429826A6E}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\Program Files\\Common Files\\mcafee\\mcsvchost\\McSvHost.exe|Name=McAfee Shared Service Host|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11949497-D45E-4D66-B54C-359E4C56EF23}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\Program Files\\Common Files\\mcafee\\mcsvchost\\McSvHost.exe|Name=McAfee Shared Service Host|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{932B982B-00D4-4AAA-A64A-54E429826A6E}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\Program Files\\Common Files\\mcafee\\mcsvchost\\McSvHost.exe|Name=McAfee Shared Service Host|" [HKEY_USERS\.DEFAULT\Software\McAfee] [HKEY_USERS\.DEFAULT\Software\McAfee\MSC] [HKEY_USERS\.DEFAULT\Software\McAfee\MSC\Settings] [HKEY_USERS\.DEFAULT\Software\McAfee\MSC\Settings\McProMgr] [HKEY_USERS\.DEFAULT\Software\McAfee\RuntimeMUI] [HKEY_USERS\.DEFAULT\Software\McAfee\VirusScan] [HKEY_USERS\.DEFAULT\Software\McAfee\VirusScan\ODS] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\Certificates] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\CRLs] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\CTLs] [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\Software\McAfee] [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\Software\McAfee\RuntimeMUI] [HKEY_USERS\S-1-5-18\Software\McAfee] [HKEY_USERS\S-1-5-18\Software\McAfee\MSC] [HKEY_USERS\S-1-5-18\Software\McAfee\MSC\Settings] [HKEY_USERS\S-1-5-18\Software\McAfee\MSC\Settings\McProMgr] [HKEY_USERS\S-1-5-18\Software\McAfee\RuntimeMUI] [HKEY_USERS\S-1-5-18\Software\McAfee\VirusScan] [HKEY_USERS\S-1-5-18\Software\McAfee\VirusScan\ODS] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\Certificates] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\CRLs] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\CTLs] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on wo 01-04-2015 at 9:38:29,03 ======================