
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Johan on vr 31-07-2015 at 17:47:09,47.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Johan\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

31-7-2015 17:49:40 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes Anti-Malware deleted successfully
C:\Users\Johan\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Johan\AppData\Local\EmieSiteList deleted successfully
C:\Users\Johan\AppData\Local\EmieUserList deleted successfully
C:\Users\Johan\AppData\Local\PackageStaging deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 

==== Deleting Files \ Folders ======================

C:\zoek_backup deleted
C:\Program Files\AVG Web TuneUp deleted
C:\Program Files (x86)\AVG Web TuneUp deleted
C:\Users\Johan\AppData\Local\AVG Web TuneUp deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Johan\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-07-29 19:05:37	CA2A8AF1DBAD0F31F9B33A2827DFBC16	207	----a-w-	C:\Windows\tweaking.com-regbackup-SOMMERS-Windows-8.1-(64-bit).dat
====== C:\Users\Johan\AppData\Local\Temp ====
2015-07-31 15:43:22	BCA0388139FF5F60970FB96E56BC00EB	71168	----a-w-	C:\Users\Johan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphmosbx.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-07-30 20:53:40	2BC0B2D0D19A65FF74E27BC9C6BEC393	367104	----a-w-	C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-30 20:53:37	F07E7EF7DC9FF275853A164AC02AA006	19734960	----a-w-	C:\Windows\SysWOW64\shell32.dll
2015-07-30 20:53:36	00E077C85F64897F5A4B093DD45CDE93	2706432	----a-w-	C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-30 20:53:34	5D3EADE2F3C9F79F8ED40E724CBBB5EC	811008	----a-w-	C:\Windows\SysWOW64\WSShared.dll
2015-07-30 20:53:24	910003CCC721F96A7C7017D53A3AB4A6	5264384	----a-w-	C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-30 20:53:22	4321AD4636F0E8E11A7B06B346D44AF0	513480	----a-w-	C:\Windows\SysWOW64\locale.nls
2015-07-30 20:53:17	00DDCA458B06F9FDBD94B0245011D108	2471424	----a-w-	C:\Windows\SysWOW64\msftedit.dll
2015-07-30 20:51:09	FFFFA05A3C67F715D91978351F84D254	2460160	----a-w-	C:\Windows\SysWOW64\authui.dll
2015-07-30 20:51:08	C68E1EC5B40FA3BAEF5088F15A687BA3	3607552	----a-w-	C:\Windows\SysWOW64\msi.dll
2015-07-30 20:51:08	052FBC5525FA2975FC08EBD130BC0209	59904	----a-w-	C:\Windows\SysWOW64\msiexec.exe
2015-07-30 20:51:05	780F3D4149BB3F98F1B5C97C74CCA527	332120	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2015-07-30 20:51:05	51A403F76D38BBA81E52AACB4CF858A1	802816	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2015-07-30 20:51:05	20E1183B113478AD3223DE56EF27B017	324096	----a-w-	C:\Windows\SysWOW64\certcli.dll
2015-07-30 20:51:05	16170A51A9C84F364E5CBF0F6C7A25A8	747520	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2015-07-30 20:50:11	6125B69B76160B3B7D07653EE8034272	27136	----a-w-	C:\Windows\SysWOW64\wups.dll
2015-07-30 20:50:11	00AFDE50445AE39F2B6DE0FAC937D7DF	721920	----a-w-	C:\Windows\SysWOW64\wuapi.dll
2015-07-30 20:50:10	DE3A47073AE1D0554C6BC8209EAA61D6	81920	----a-w-	C:\Windows\SysWOW64\wudriver.dll
2015-07-30 20:50:10	9F8E5FF86AD54E60537158E30230A4FD	29696	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2015-07-30 20:50:10	73C97B94FDCA957A2BEF94EEF66B9D82	124928	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
2015-07-30 20:48:20	A7AF3885B327D574682693E4E71CDD68	1097216	----a-w-	C:\Windows\SysWOW64\gdi32.dll
2015-07-30 20:47:53	7F99D7C779056615EA4F110AB11D0BE5	1212248	----a-w-	C:\Windows\SysWOW64\ole32.dll
2015-07-30 20:46:01	EFAEF87C3500B146CBD620EDD815B75D	301056	----a-w-	C:\Windows\SysWOW64\atmfd.dll
2015-07-30 20:46:01	48814EF371C4C7A5AE6DAAEA63E6F614	35840	----a-w-	C:\Windows\SysWOW64\atmlib.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-07-30 20:53:40	8B9F3796EC1762CF255BDB324E5529C8	522240	----a-w-	C:\Windows\Sysnative\GeofenceMonitorService.dll
2015-07-30 20:53:38	E2428B9CCECB17A3D42E985099BF621B	22292672	----a-w-	C:\Windows\Sysnative\shell32.dll
2015-07-30 20:53:36	711D110F426EF6C2E705AE1E749F8F02	3109376	----a-w-	C:\Windows\Sysnative\ExplorerFrame.dll
2015-07-30 20:53:34	35A4955E1D2646FC01EDC70C6738E3B2	971776	----a-w-	C:\Windows\Sysnative\WSShared.dll
2015-07-30 20:53:30	F91793E2D348FB3D1C8EAD70ECBB3F49	764928	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-07-30 20:53:30	F368216A5F98B92AD02E7F61229B1B5B	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
2015-07-30 20:53:30	B96E8ECF192F2549A30F6A6E5548191D	67584	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-07-30 20:53:30	8A973B47CAC256D9882E093490692B7B	1084928	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-07-30 20:53:30	7C20B163DE8138A311537C65B9E58EC0	26288	----a-w-	C:\Windows\Sysnative\CompatTelRunner.exe
2015-07-30 20:53:30	6D8BE0E262EE5D45DE47B772F9D6C3F3	1145856	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-07-30 20:53:30	195770B066EBA124F9363A8A3E5E51C6	726528	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-07-30 20:53:29	D73DBBB96CEE90C2856164AAD8543425	294912	----a-w-	C:\Windows\Sysnative\SystemEventsBrokerServer.dll
2015-07-30 20:53:29	C20BFFEA714E9F71FC7BCDCFB2502396	433152	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-07-30 20:53:29	0547AC2CA333162E928351B1DF3144F3	410739	----a-w-	C:\Windows\Sysnative\ApnDatabase.xml
2015-07-30 20:53:25	201A0988DB1113FE506781AC77BBCC3F	7784448	----a-w-	C:\Windows\Sysnative\Windows.Data.Pdf.dll
2015-07-30 20:53:22	4321AD4636F0E8E11A7B06B346D44AF0	513480	----a-w-	C:\Windows\Sysnative\locale.nls
2015-07-30 20:53:21	ABF88BB697E853B29915EE72CEF0382F	130048	----a-w-	C:\Windows\Sysnative\WiFiDisplay.dll
2015-07-30 20:53:20	C8D39A07CAD9EF1C86BD5D7CAC98DA54	227328	----a-w-	C:\Windows\Sysnative\profsvc.dll
2015-07-30 20:53:18	2B13658119199E4F06ED32E6C266DF85	332800	----a-w-	C:\Windows\Sysnative\fhcpl.dll
2015-07-30 20:53:17	30BAC398731D69A658BE751C74CFDD31	3084288	----a-w-	C:\Windows\Sysnative\msftedit.dll
2015-07-30 20:51:50	DD3D37B54CFB348BA23D174CF1EF1F47	4177920	----a-w-	C:\Windows\Sysnative\win32k.sys
2015-07-30 20:51:09	A7E6931FBB62F18C5DAE52E9AC379C05	3320320	----a-w-	C:\Windows\Sysnative\msi.dll
2015-07-30 20:51:09	4043D5D64F57F86DE757ACD07FB500DB	2774528	----a-w-	C:\Windows\Sysnative\authui.dll
2015-07-30 20:51:08	2403EA62E45389F353E507A4EDA94F5D	65024	----a-w-	C:\Windows\Sysnative\msiexec.exe
2015-07-30 20:51:05	B01F3377CB949F72366D0B014FF060B9	442712	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2015-07-30 20:51:05	63040C9A508532F90F6D0BF57E556B82	989184	----a-w-	C:\Windows\Sysnative\kerberos.dll
2015-07-30 20:51:05	415862B5FF298A751D775AC49730D04C	1441792	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2015-07-30 20:51:05	2F802C0E8B7714268C788D0625E6FBE2	1311960	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2015-07-30 20:51:05	14AADFF241A96629D64DD7F015976E82	445440	----a-w-	C:\Windows\Sysnative\certcli.dll
2015-07-30 20:50:27	C6264DEDF8FE95FAB9AFC47C3F95A6A8	37888	----a-w-	C:\Windows\Sysnative\werdiagcontroller.dll
2015-07-30 20:50:27	431FE56F5A2F5937994CB2DA330B47DB	230400	----a-w-	C:\Windows\Sysnative\AudioEndpointBuilder.dll
2015-07-30 20:50:27	0F03CC00645D7F841879A048787D6AC7	911360	----a-w-	C:\Windows\Sysnative\audiosrv.dll
2015-07-30 20:50:11	DE5203BE4C45434F1EE6FB3FB451F9F8	891904	----a-w-	C:\Windows\Sysnative\wuapi.dll
2015-07-30 20:50:11	B137687B02C877047CCD4873D2925814	359936	----a-w-	C:\Windows\Sysnative\WinSetupUI.dll
2015-07-30 20:50:11	AEE0035F389ED7EFE23E01253BFA382E	35840	----a-w-	C:\Windows\Sysnative\wuapp.exe
2015-07-30 20:50:11	6AFBB018517367B69076CC84ABF9CA80	136904	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2015-07-30 20:50:11	50CEC061C6D6FD2B9C89BECD08991CCB	3701760	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2015-07-30 20:50:11	27BF17D45CEBD10D0096038C5B38D288	2229248	----a-w-	C:\Windows\Sysnative\wucltux.dll
2015-07-30 20:50:10	F8B153D04E96D5E24C4F482133B99753	140288	----a-w-	C:\Windows\Sysnative\wuwebv.dll
2015-07-30 20:50:10	B50599B542623B6C3A731F15A8C0D5AB	66048	----a-w-	C:\Windows\Sysnative\wups.dll
2015-07-30 20:50:10	97A706C00A1ADCF8C5875BC29BB9DBA3	95744	----a-w-	C:\Windows\Sysnative\wudriver.dll
2015-07-30 20:50:10	89DCA2C3E77CDAC198A395DB73617CCF	409088	----a-w-	C:\Windows\Sysnative\WUSettingsProvider.dll
2015-07-30 20:50:10	2DF64AE63F4A95252E9AA626C5C65740	52224	----a-w-	C:\Windows\Sysnative\wups2.dll
2015-07-30 20:48:20	04659158548DB53FFFC51ADC5CBE3858	1380600	----a-w-	C:\Windows\Sysnative\gdi32.dll
2015-07-30 20:47:54	171705D0C4E4442241C6098D4FF1C059	1661576	----a-w-	C:\Windows\Sysnative\ole32.dll
2015-07-30 20:46:40	6306792367F832DE7738D11049335CF6	564224	----a-w-	C:\Windows\Sysnative\apphelp.dll
2015-07-30 20:46:01	EE451A7551CE545D07CED5710ABA9204	358912	----a-w-	C:\Windows\Sysnative\atmfd.dll
2015-07-30 20:46:01	A6880A81F2C8C403683B45AF5825D4A0	44032	----a-w-	C:\Windows\Sysnative\atmlib.dll
====== C:\Windows\Sysnative\drivers =====
2015-07-30 20:53:40	8CD840A062F6BDF41DDE3ACB96164B72	32256	----a-w-	C:\Windows\Sysnative\drivers\kbdhid.sys
2015-07-30 20:53:40	5FCBAB60598AE119E02B4C27DE6B99EA	30208	----a-w-	C:\Windows\Sysnative\drivers\mouhid.sys
2015-07-30 20:53:40	5917AFE4A3F695A54B99C1849C8207FE	59712	----a-w-	C:\Windows\Sysnative\drivers\kbdclass.sys
2015-07-30 20:53:40	49EE0AE9E5B64FFBBD06D55C4984B598	108544	----a-w-	C:\Windows\Sysnative\drivers\i8042prt.sys
2015-07-30 20:53:40	148195AE95D9BC7375A08846439FDAC1	26112	----a-w-	C:\Windows\Sysnative\drivers\sermouse.sys
2015-07-30 20:53:40	08374E4E5B8914DE6067CBA99F61E930	51008	----a-w-	C:\Windows\Sysnative\drivers\mouclass.sys
2015-07-30 20:53:36	0CC00ADC1B84C93FB46E1A0974E956E1	1201664	----a-w-	C:\Windows\Sysnative\drivers\bthport.sys
2015-07-30 20:53:18	312BB35275EB15145F4B6D1FFCE56C50	20992	----a-w-	C:\Windows\Sysnative\drivers\usb8023.sys
2015-07-30 20:51:05	BCBD64220AD85C26823453FF1DC3EFBD	284672	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2015-07-30 20:51:05	6FBDF2B1B025A8E6E069234362FFFFB7	401408	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-07-30 20:51:05	57C2473D501331211D6885FD59F3E44B	202240	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-07-30 20:51:05	46711F40D0F9E63F786ED23F9BD5215E	178008	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2015-07-30 21:14:13	C3BFCB892F555F21263DDEA6324FC68F	3758	----a-w-	C:\Windows\Sysnative\Tasks\Open Chrome
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-07-30 17:30:52	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2015-07-29 19:11:43	--------	d--h--w-	C:\PROGRA~2\Uninstall Information
2015-07-29 18:39:46	--------	d-----w-	C:\PROGRA~2\Tweaking.com
======= C: =====
2015-07-30 20:04:33	FB2302B37E71A1F0CF8A85BDEA5FE51B	607	----a-w-	C:\DelFix.txt
====== C:\Users\Johan\AppData\Roaming ======
2015-07-30 14:04:52	--------	d-----w-	C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-27 19:02:50	--------	d-----w-	C:\Users\Johan\AppData\Local\Programs
2015-07-25 18:42:10	--------	d-----w-	C:\Users\Johan\AppData\Local\ElevatedDiagnostics
2015-07-25 18:13:24	--------	d-----w-	C:\Users\Johan\AppData\Local\Popcorn-Time
2015-07-25 18:12:51	--------	d-----w-	C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-07-25 18:11:15	--------	d-----w-	C:\Users\Johan\AppData\Local\Popcorn Time
====== C:\Users\Johan ======
2015-07-30 20:00:12	A7B44413D4E015B125AC1080E3C4AC57	3907296	----a-w-	C:\Users\Johan\Downloads\CrystalDiskInfo6_5_2-en.exe
2015-07-29 18:58:35	--------	d-----w-	C:\Users\Johan\Pictures
2015-07-29 18:37:59	39C0D9080466991E4ADCB2BC7D84C500	17974472	----a-w-	C:\Users\Johan\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-07-27 19:02:41	D3B6FA14CB7E12B7FBC0B3AA26235898	24345872	----a-w-	C:\Users\Johan\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-27 19:02:34	D3B6FA14CB7E12B7FBC0B3AA26235898	24345872	----a-w-	C:\Users\Johan\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-25 18:10:35	FC692BE1C84468DE930E1A94D5DD5974	29103264	----a-w-	C:\Users\Johan\Downloads\Popcorn-Time-0.3.8-0-Setup.exe

====== C: exe-files ==
2015-07-30 20:00:12	A7B44413D4E015B125AC1080E3C4AC57	3907296	----a-w-	C:\Users\Johan\Downloads\CrystalDiskInfo6_5_2-en.exe
2015-07-30 17:58:39	E33A0AB793722DAD14490815A1B44E78	25512	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe
2015-07-30 17:58:39	D52765E58BD45144429844CC8052FA94	71592	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avguirux.exe
2015-07-30 17:58:39	8B6D4826F7F797CF55233246BD09B918	6822672	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
2015-07-30 17:58:39	81045CC5E4303B048A74B95FBF8935E5	24488	----a-w-	C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe
2015-07-30 17:56:10	51539966269C0B0E3EC0A19E929973C6	794192	----a-w-	C:\Program Files (x86)\Google\Update\Install\{D9056CF3-DC8C-400E-9415-38E3BC084FE0}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
2015-07-30 17:56:10	51539966269C0B0E3EC0A19E929973C6	794192	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.125\44.0.2403.125_44.0.2403.107_chrome_updater.exe
2015-07-30 17:30:52	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Johan.exe
2015-07-30 14:02:55	A01180B391FA520936CD8347A005AF63	48888168	----a-w-	C:\Users\Johan\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.8.5\DropboxClient_3.8.5.exe
2015-07-29 18:37:59	39C0D9080466991E4ADCB2BC7D84C500	17974472	----a-w-	C:\Users\Johan\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-07-27 19:02:41	D3B6FA14CB7E12B7FBC0B3AA26235898	24345872	----a-w-	C:\Users\Johan\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-27 19:02:34	D3B6FA14CB7E12B7FBC0B3AA26235898	24345872	----a-w-	C:\Users\Johan\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-25 18:12:51	BC5148A18019DFB193670C562B09CEB0	377428	----a-w-	C:\Users\Johan\AppData\Local\Popcorn Time\Uninstall.exe
2015-07-25 18:10:35	FC692BE1C84468DE930E1A94D5DD5974	29103264	----a-w-	C:\Users\Johan\Downloads\Popcorn-Time-0.3.8-0-Setup.exe
2015-07-25 11:56:09	7E808838855F10CFB8E3AD68B805EE9B	7357520	----a-w-	C:\Program Files (x86)\Google\Update\Install\{1A6178FB-3E90-44F6-9A59-89541BF90A92}\44.0.2403.107_43.0.2357.134_chrome_updater.exe
2015-07-25 09:28:45	A2346D388AA310C21FFB7F92FDF9FF8D	7812296	----a-w-	C:\Users\Johan\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2015-07-25 09:28:45	A2346D388AA310C21FFB7F92FDF9FF8D	7812296	----a-w-	C:\Users\Johan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\OneDriveSetup.exe
2015-07-25 09:28:36	A676E1826167B836263DB51E96777D66	145608	----a-w-	C:\Users\Johan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncConfig.exe
=== C: other files ==
2015-07-30 20:53:40	8CD840A062F6BDF41DDE3ACB96164B72	32256	----a-w-	C:\Windows\System32\drivers\kbdhid.sys
2015-07-30 20:53:40	5FCBAB60598AE119E02B4C27DE6B99EA	30208	----a-w-	C:\Windows\System32\drivers\mouhid.sys
2015-07-30 20:53:40	5917AFE4A3F695A54B99C1849C8207FE	59712	----a-w-	C:\Windows\System32\drivers\kbdclass.sys
2015-07-30 20:53:40	49EE0AE9E5B64FFBBD06D55C4984B598	108544	----a-w-	C:\Windows\System32\drivers\i8042prt.sys
2015-07-30 20:53:40	148195AE95D9BC7375A08846439FDAC1	26112	----a-w-	C:\Windows\System32\drivers\sermouse.sys
2015-07-30 20:53:40	08374E4E5B8914DE6067CBA99F61E930	51008	----a-w-	C:\Windows\System32\drivers\mouclass.sys
2015-07-30 20:53:36	0CC00ADC1B84C93FB46E1A0974E956E1	1201664	----a-w-	C:\Windows\System32\drivers\bthport.sys
2015-07-30 20:53:18	312BB35275EB15145F4B6D1FFCE56C50	20992	----a-w-	C:\Windows\System32\drivers\usb8023.sys
2015-07-30 20:51:50	DD3D37B54CFB348BA23D174CF1EF1F47	4177920	----a-w-	C:\Windows\System32\win32k.sys
2015-07-30 20:51:05	BCBD64220AD85C26823453FF1DC3EFBD	284672	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-30 20:51:05	6FBDF2B1B025A8E6E069234362FFFFB7	401408	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2015-07-30 20:51:05	57C2473D501331211D6885FD59F3E44B	202240	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys
2015-07-30 20:51:05	46711F40D0F9E63F786ED23F9BD5215E	178008	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2015-07-25 09:28:35	8CF4163521FDB8E53482003C7EFA7121	5850	----a-w-	C:\Users\Johan\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\CollectOneDriveLogs.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-777622149-3708658094-3571478758-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Johan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Dropbox Update"="C:\Users\Johan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TSVU"="c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Johan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Dropbox Update"="C:\Users\Johan\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"TSSSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe"
"TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe"
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "

==== Startup Folders ======================

2015-04-27 10:31:55	1196	----a-w-	C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-777622149-3708658094-3571478758-1001Core.job --a-------- [Undetermined Task]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-777622149-3708658094-3571478758-1001UA.job --a-------- C:\Users\Johan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18-06-2015 19:51]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19-04-2014 01:20]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19-04-2014 01:20]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-777622149-3708658094-3571478758-1001Core" [C:\Users\Johan\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-777622149-3708658094-3571478758-1001UA" [C:\Users\Johan\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP AR Program Upload - a312babcecfd40239f67858f1539e4a4174cd972056147b99ebd36eaa4494e62" [C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\Open Chrome" [c:\program files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\Resolution+ Setting Task" [C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{C5027A6A-E2BB-4217-BE3A-458042E1F200}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\CommonNotifier" [C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"]

==== Chromium Look ======================

Google Docs - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome Web Store Payments - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Preferences
xkaart 5x8inch\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"152\",\"width_microns\":127000},{\"custom_display_name\":\"8,5x13inch\",\"height_microns\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"153\",\"width_microns\":215900}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP Deskjet 2540 series (netwerk)\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"isColorEnabled\":false,\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\"}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{"https://www.rewe.de:443,https://www.rewe.de:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"*,*":{"per_resource":{"npsitesafety.dll":1}}},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://www.rewe.de:443,https://www.rewe.de:443":{"geolocation":1,"last_used":{"geolocation":1416331000}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"36.0.1985.125","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","password_manager_groups_for_domains":[null,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{},"selectfile":{"last_directory":"C:\\rsit"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13052312668491184"},"sync_promo":{"startup_count":10},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":57},"translate_denied_count_for_language":{"en":3},"translate_last_denied_time":1.414606e+12,"translate_last_denied_time_for_language":{"en":1.438191e+12},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"en":true},"translate_whitelists":{}}
","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"B28F249414293AC4141EB25757CE6EDA8A5EBBC158CF052582D72323B3C4D4F4"},"default_search_provider":{"keyword":"75BFE2A07AA7B15634ED54A36186DB622E92939C6FECB1C991C44E544EC1DCE3","name":"C9D332DABC1F102A511FC459FBE9D326D272F8B063A91F15EF09795D273ADC9C","search_url":"5DB0518CB05B2B6B807CB182302665569FC70BA46AFC9698658D62AA5425E5E1"},"default_search_provider_data":{"template_url_data":"21C10965EE72B30E7681BD60615FE06D05730891F1EBBC190249E6245F9C270B"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"33F832BD3B1916AD2A016EC2600FDE3FD2AB3153293503E945B3AE387E8D169B","aohghmighlieiainnegkcijnfilokake":"E7DB6203A4490E9C82F8081EF3723B0A9B8B7E5B045F362AEDCFD961FE475082","apdfllckaahabafndbhieahigkjlhalf":"4692E9287DC78ECA82536131B61C43EA62BEE64CFB11275D2F23C2E2FF6CF235","bepbmhgboaologfdajaanbcjmnhjmhfn":"ABEE1BEBE754C504E075AC95DD222C05C70A569EEC11324BA5790DEC833CEBA8","blpcfgokakmgnkcojhhkbfbldkacnbeo":"7E56D95B07F868BFA2E1437DC89E78884071F4086D9E73F8513C9F95B073C233","coobgpohoikkiipiblmjeljniedjpjpf":"19C3781942BF8286192D0D499E7517F18634144C76D3839946F2448AFFEE4DBA","eemcgdkfndhakfknompkggombfjjjeno":"1C71B0BBC84BEF913BC2B2CF968AE7CDC3737FDB1324424C519156751DD1F31B","ennkphjdgehloodpbhlhldgbnhmacadg":"C4944FC9C06999B1F011AC60F490BB146867C2C7E44384F57BE33C143C9E00E5","gfdkimpbcpahaombhbimeihdjnejgicl":"D68E3DB467E09972DDCC1A98CE6A037D65D66027CED6A6C9025FBCA1075F5DFB","gnaghjfblmncnfgjddgelpkbhfdflicf":"5162E8E5152A81CB3447305F624A98384C13686307293713E042B83799F454CB","kmendfapggjehodndflmmgagdbamhnfd":"BC28B290F4F0720EA471265E4A764E094698ECAC5385D901D0E2118AFB453A84","mfehgcgbbipciphmccgaenjidiccnmng":"87938F96B186CB881894E57147207544B54506C859559AD027C3917AF5D5C1F0","mfffpogegjflfpflabcdkioaeobkgjik":"8A1F7F1662A3496D8E9A9052BF3507A42A22CF38B44974F617463B7158F985F5","mgndgikekgjfcpckkfioiadnlibdjbkf":"014AD86A4971DBEC42DBBA0C3482C3AEC6EAF74D5CDFFDD2C48D25CAC6F9494D","mhjfbmdgcfjbbpaeojofohoefgiehjai":"8D8D6C33E22B51D834249222FB764CE5B4D6196AB8A7ED5FD15985C24712E745","neajdppkdcdipfabeoofebfddakdcjhd":"49A68B2E1C0C9ADACD48643BDB3F70A79CBA0F703DC8A0FBD76C136668661525","nkeimhogjdpnpccoofpliimaahmaaome":"C71A0D57CC86399D12016556A3C4909DD903B3695363ED6A426ABFA3F43BC748","nmmhkkegccagdldgiimedpiccmgmieda":"99770ED71E747DE99B2DA5578D946FB2CE2486E7C6FF8FD138B5CF46D1B201EF","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"EAD747F3BEF7541889E66EBCC9D169180AE60E9BA987B66074357CEF71760D77","pjkljhegncpnkpknbcohdijeoejaedia":"A27C7E2D1431D4A0C760A3DC248E4C9337F8FDE47DE7E61EAE28105FBE2BE0EC"}},"google":{"services":{"account_id":"C67CBA355AB48B2CDD921AD8C3B0E1247A5A9D4CA9EE9527B4B563C1D72E66BC","last_username":"5EAD7ACA14B17CEB2F065A046F265C9A5064CCF553364F674388C9761331D887","username":"BA23A3A1A20F5EA265E87AFC084517976B79F0FE7F4A7A83E42E1F5B11C66382"}},"homepage":"6BDE6EBC2FF5C745F9CD807632BC5193C171164080C748303EB833DBD5FC39B6","homepage_is_newtabpage":"C2B54BCE35A57475DF73C7ADCA5B7220F150A691A3EA07C68A6B1899EEAFBDDF","pinned_tabs":"EC3EB970B340A843808F12492B8EF01FC581A5A3FFE879A7F840B922091CC132","prefs":{"preference_reset_time":"FCF015342E35E4AE7889EB68B0277A29A56F82D7F34B2FD9D882C5E117063B42"},"profile":{"reset_prompt_memento":"4FB691CEEC5C328E1CA95A2272ABA744BCC13C1F25D2827A91DE985BFEC2D50C"},"safebrowsing":{"incidents_sent":"B55C1BA2DD04232F66EC350D5F2EC3FDDBDE07631FF97BD1874181B87E50EE20"},"search_provider_overrides":"8CB8E50BD0D54A61C4063B08C1F993898C9E049AA1A1B88231F587027B9023A3","session":{"restore_on_startup":"A63399C1982ADCB88FFF5E9A42FA9B316CE3DB51733EC46581627931109F920E","startup_urls":"24EDEEC01ACCC05058F9876BFCB44C0543DAE0670D5C73692AF44245CB6C4340"},"software_reporter":{"prompt_reason":"E6691424F9AD6BAD7B7647C9091C080E1FF33927193C19EE8452F89ACF8E293D","prompt_seed":"41DB0E2FE80330265F26673AB49DCA72EA49ACD9C3B8BBA7599CD186E9060A46","prompt_version":"541B049A3166CB2B83B26307543F36D383B71371453812C95FD5E108E8CF6B6B"},"sync":{"remaining_rollback_tries":"B0036C867C0955D1F0770E9ED2AD37AC78C19F51D71D83AF3B9E25C4D96C8DC5"}},"super_mac":"5625FFC31BABC90DF2FF05C00C5CFD8002BD8F9FA688193CBB17F21295D69D42"},"session":{"restore_on_startup":4,"startup_urls":["https://www.google.nl/"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://mysearch.avg.com/?cid={1A7CAA2A-AEA5-4A83-A287-849DA9F178DF}&mid=56f458e5500b47d2a1ccb5134237841a-16cfd12cc6685fd3dffddfdcef3b2e7ca898e1fe&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 21:07:55&v=4.1.5.143&pid=wtu&sg=&sap=hp"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{456D5764-9435-4BDF-A3BD-E183B3FA62D4} Unknown  Url="Not_Found"
{FB27D240-420F-43EA-8DA1-FC7940C5B2F1} Google  Url="http://www.google.nl/search?hl=nl&q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-777622149-3708658094-3571478758-1001\Software\Microsoft\Internet Explorer\SearchScopes\{456D5764-9435-4BDF-A3BD-E183B3FA62D4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{456D5764-9435-4BDF-A3BD-E183B3FA62D4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{456D5764-9435-4BDF-A3BD-E183B3FA62D4} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Johan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Johan\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Johan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Johan\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=
==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Johan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Johan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 31-07-2015 at 18:21:49,53 ======================