Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Gaultier on za 27/02/2016 at 11:52:29,53. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gaultier\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 27/02/2016 11:54:43 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Mozilla Firefox.bak deleted successfully C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Comms deleted successfully C:\Users\Gaultier\AppData\Local\ActiveSync deleted successfully C:\Users\Gaultier\AppData\Local\EmieSiteList deleted successfully C:\Users\Gaultier\AppData\Local\EmieUserList deleted successfully C:\Users\Gaultier\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3128253451-1099226070-3226710066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-3128253451-1099226070-3226710066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-3128253451-1099226070-3226710066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3128253451-1099226070-3226710066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== "Windows Live Essentials" ?????? ??????? ?????? Windows Live ???????? ?????????? Windows Live ?????????? ?????????? (????????????? ??????) ??????????? ???????????? æTorrent Adobe Acrobat Reader DC - Nederlands Adobe Flash Player 20 NPAPI Adobe Refresh Manager Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update Battery Calibration BlueStacks App Player Bonjour BurnRecovery Call of Duty: Black Ops III Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 2 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Computer Security 14.139.101.0 (release) Curse Curse Client CyberLink PowerDVD 10 D3DX10 Definition Update for Microsoft Office 2013 (KB3114731) 64-Bit Edition Don't Starve Dropbox ELAN Touchpad 15.13.3.1_X64_WHQL F-Secure CCF Reputation F-Secure CCF Scanning 1.66.103.568 (release) F-Secure Network CCF 1.03.139 F-Secure SafeSearch 1.05.143.0 (release) Foto-galerija Fotoattelu galerija Fotogal‚ria Fotogalerie Fotogalerii Fotogalerija Fotogalleri Fotogalleriet Fotograf Galerisi Fot¢t r Galeria de Fotografias Galeria de Fotos Galer¡a de fotos Galeria fotografii Galerie de photos Galerie foto Galerija fotografija Google Chrome Google Earth Google Update Helper iCloud Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel(R) Update Manager Intel© Trusted Connect Service Client iTunes Java 8 Update 73 Java Auto Updater KB9X Radio Switch Driver Laplink PCmover Express - Personal Use Launch pad League of Legends Logitech Gaming Software Logitech Gaming Software 8.58 Malwarebytes Anti-Malware versie 2.2.0.1024 Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft Application Error Reporting Microsoft ASP.NET MVC 4 Runtime Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Espa¤ol Microsoft Office Shared 32-bit MUI (English) 2013 Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft redistributable runtime DLLs VS2005 SP1(x86) Microsoft redistributable runtime DLLs VS2010 SP1 (x86) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Microsoft Word MUI (English) 2013 Movie Maker Mozilla Firefox 44.0.2 (x86 nl) Mozilla Maintenance Service MSI Remind Manager MSI Social Media Collection MSVCRT MSVCRT110 MSVCRT110_amd64 NVIDIA-configuratiescherm 359.00 NVIDIA GeForce Experience 2.7.4.10 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 359.00 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA Optimus Update 2.7.4.10 NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA ShadowPlay 2.7.4.10 NVIDIA Update 2.7.4.10 NVIDIA Update Core NVIDIA Virtual Audio 1.2.31 Online Safety 2.139.3446.2391 Orcs Must Die 2 Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais PerformanceTest v7.0 PerformanceTest v7.0 (64-bit) Photo Common Photo Gallery Podstawowe programy Windows Live Popcorn Time CE YIFY Qualcomm Atheros Killer Network Manager QuickTime 7 Raccolta foto RaidCall REALTEK Bluetooth Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader REALTEK Wireless LAN Driver ROX Player version 1.480 RuneScape Launcher 1.2.7 S?????? f?t???af??? SAP GUI for Windows 7.40 (Patch 4) SCM Security Update for Microsoft Excel 2013 (KB3114734) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3039734) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3039798) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3054816) 64-Bit Edition Security Update for Microsoft Office 2013 (KB3085572) 64-Bit Edition Security Update for Microsoft Publisher 2013 (KB3085561) 64-Bit Edition Security Update for Microsoft Word 2013 (KB3114724) 64-Bit Edition Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition SHIELD Streaming SHIELD Wireless Controller Driver SkypeT 7.5 Sound Blaster Cinema SpyHunter 4 Steam Super-Charger System Requirements Lab CYRI Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Team Fortress 2 TechPowerUp GPU-Z Tiny Media Player v1.0 Update for Microsoft Access 2013 (KB3114505) 64-Bit Edition Update for Microsoft InfoPath 2013 (KB3039714) 64-Bit Edition Update for Microsoft InfoPath 2013 (KB3114353) 64-Bit Edition Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition Update for Microsoft Office 2013 (KB2880487) 64-Bit Edition Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition Update for Microsoft Office 2013 (KB2889863) 64-Bit Edition Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition Update for Microsoft Office 2013 (KB3023052) 64-Bit Edition Update for Microsoft Office 2013 (KB3023068) 64-Bit Edition Update for Microsoft Office 2013 (KB3039701) 64-Bit Edition Update for Microsoft Office 2013 (KB3039720) 64-Bit Edition Update for Microsoft Office 2013 (KB3039766) 64-Bit Edition Update for Microsoft Office 2013 (KB3039778) 64-Bit Edition Update for Microsoft Office 2013 (KB3039800) 64-Bit Edition Update for Microsoft Office 2013 (KB3054783) 64-Bit Edition Update for Microsoft Office 2013 (KB3054785) 64-Bit Edition Update for Microsoft Office 2013 (KB3054805) 64-Bit Edition Update for Microsoft Office 2013 (KB3054819) 64-Bit Edition Update for Microsoft Office 2013 (KB3054856) 64-Bit Edition Update for Microsoft Office 2013 (KB3054941) 64-Bit Edition Update for Microsoft Office 2013 (KB3055006) 64-Bit Edition Update for Microsoft Office 2013 (KB3055007) 64-Bit Edition Update for Microsoft Office 2013 (KB3055011) 64-Bit Edition Update for Microsoft Office 2013 (KB3085479) 64-Bit Edition Update for Microsoft Office 2013 (KB3085482) 64-Bit Edition Update for Microsoft Office 2013 (KB3085506) 64-Bit Edition Update for Microsoft Office 2013 (KB3085570) 64-Bit Edition Update for Microsoft Office 2013 (KB3085578) 64-Bit Edition Update for Microsoft Office 2013 (KB3101487) 64-Bit Edition Update for Microsoft Office 2013 (KB3114715) 64-Bit Edition Update for Microsoft Office 2013 (KB3114717) 64-Bit Edition Update for Microsoft Office 2013 (KB3114727) 64-Bit Edition Update for Microsoft Office 2013 (KB3114736) 64-Bit Edition Update for Microsoft OneDrive for Business (KB3114509) 64-Bit Edition Update for Microsoft OneNote 2013 (KB3114344) 64-Bit Edition Update for Microsoft Outlook 2013 (KB3114729) 64-Bit Edition Update for Microsoft Outlook Social Connector 2013 (KB3054854) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB3114716) 64-Bit Edition Update for Microsoft Project 2013 (KB3114739) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition Update for Skype for Business 2015 (KB3039776) 64-Bit Edition Update for Skype for Business 2015 (KB3114732) 64-Bit Edition Valokuvavalikoima Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Liven peruspaketti WinRAR 5.00 (32-bit) WinZip 16.5 World of Warcraft ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\WINDOWS\SysWOW64\DllHost.exe C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe C:\ProgramData\Battle.net\Agent\Agent.4477\Agent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Gaultier\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Gaultier\AppData\Roaming\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692 user.js not found ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 0); ---- FireFox user.js and prefs.js backups ---- prefs_20162702_1206_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Mozilla Firefox.bak not found C:\Users\Gaultier\AppData\Local\ROX Player deleted C:\windows\SysNative\Tasks\ParetoLogic Registration deleted C:\WINDOWS\tasks\ParetoLogic Registration.job deleted C:\PROGRA~3\Avg_Update_1015avt deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\Package Cache deleted C:\Users\Gaultier\AppData\Local\BTServer.log deleted C:\Users\Gaultier\AppData\Local\WebPlayer deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Users\Gaultier\AppData\Roaming\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692\searchplugins\wikipedia-en.xml deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8112 MB CPU Info: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz CPU Speed: 2430,0 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: This Killer e2200 Network Controller connects you to the network. | Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC | Microsoft Wi-Fi Direct Virtual Adapter CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT90N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 468,2GB | D: 209,6GB Hard Disks - Free: C: 180,6GB | D: 165,9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MSI_NB - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Micro-Star International Co., Ltd. MS-1757 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Default Browser: Firefox 44.0.2 Internet Explorer Version: 11.103.10586.0 Mozilla Firefox version: 44.0.2 (x86 nl) Google Chrome version: 48.0.2564.116 Adobe Reader version: 15.10.20056.167417 Sun Java version: 1.8.0_73 (32-bit) Sun Java version: 1.8.0_73 (64-bit) Flash Player version: 20.0.0.306 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-02-10 09:35:59 95D730526EF81792CD6848D8D10FAA1C 4502352 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\Gaultier\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-02-26 14:39:37 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\WINDOWS\Sysnative\drivers\EsgScanner.sys 2016-02-20 16:55:10 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2016-02-20 16:54:48 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2016-02-20 16:54:48 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2016-02-20 16:54:48 08DECFCB9BA97786165A69AB1015BC30 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2016-02-10 09:36:16 CC0A2F91C231E0D25EE3DBBF11B660D9 1998176 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-02-10 09:36:05 299B5570571185DB929194C40A1A0DB0 576352 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-02-10 09:35:50 A1105260EEEE3DBD8D38FD054B22BD00 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-02-10 09:35:49 BF6CA7EA5ECD6CF72D3D76652A9B8280 144384 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys 2016-02-05 15:55:18 C05B34E971A4AA805241A2ED17D1DEA6 170128 ----a-w- C:\WINDOWS\Sysnative\drivers\e2xw10x64.sys 2016-01-28 18:14:20 318E816717431D3C23DC82779900C744 1089880 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-01-28 18:14:12 F259A45D6B555B14CC8365AA6BC8DC20 67072 ----a-w- C:\WINDOWS\Sysnative\drivers\usbser.sys ====== C:\WINDOWS\Tasks ====== 2016-02-26 14:39:56 CA4D98183250AD5B6B294ED13EA15703 3426 ----a-w- C:\WINDOWS\Sysnative\Tasks\SpyHunter4Startup 2016-02-21 10:49:01 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Safer-Networking ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-02-27 10:03:47 -------- d-----w- C:\Program Files\trend micro 2016-02-26 14:39:33 -------- d-----w- C:\Program Files\Enigma Software Group 2016-02-21 10:52:16 -------- d-----w- C:\Program Files\Common Files\AV ======= C:\PROGRA~2 ===== 2016-02-27 10:51:48 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-02-27 10:51:16 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== 2016-02-26 14:40:22 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Gaultier\AppData\Roaming ====== 2016-02-21 10:51:55 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs 2016-02-20 16:50:15 -------- d-----w- C:\Users\Gaultier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Gaultier ====== 2016-02-27 10:51:33 -------- d-----w- C:\Users\Gaultier\.oracle_jre_usage 2016-02-26 14:39:56 -------- d-----w- C:\Users\Gaultier\Start Menu ====== C: exe-files == 2016-02-27 10:51:26 DB409F9BD2FA779E75835B1E0FE1181C 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\unpack200.exe 2016-02-27 10:51:25 C84504D069A78BE5E4444EA06AA5E102 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\orbd.exe 2016-02-27 10:51:25 ABC1BAF673FA608029D45EB6C78E1D04 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssvagent.exe 2016-02-27 10:51:25 AB6E988F108E2437E65536F3F5550BA2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\ktab.exe 2016-02-27 10:51:25 A3AA0A0935506C7ECA6EF2F584CD416F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\policytool.exe 2016-02-27 10:51:25 8BD1E7120713F9581645D5FDD14B8D25 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\rmid.exe 2016-02-27 10:51:25 876744373E18627410A9F23C348C5D9E 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2launcher.exe 2016-02-27 10:51:25 6ABADA3CA8DC4AC2AFDA69A6836C362F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\pack200.exe 2016-02-27 10:51:25 66550F1F363BC66AFD9A530AD8CB6570 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\kinit.exe 2016-02-27 10:51:25 4383D5735FD7743D01AD04E9AAD1D6CF 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\keytool.exe 2016-02-27 10:51:25 3B74EE580794FCBDE389639E9D8ECEFB 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\rmiregistry.exe 2016-02-27 10:51:25 2942578781EFB763366176C015F09ACD 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\tnameserv.exe 2016-02-27 10:51:25 16E2FE80EE89DCCA1907D97E34656E19 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\jjs.exe 2016-02-27 10:51:25 0A7708846A0629D518739075A40DDD06 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\servertool.exe 2016-02-27 10:51:25 04E0265E964D9ECB07B105D456B96982 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\klist.exe 2016-02-27 10:51:24 B100697A0837596183F3BBD94448F68E 30816 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\jabswitch.exe 2016-02-27 10:51:24 5B98DCE4893425BA4F08C2BE134CABE5 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\javaw.exe 2016-02-27 10:51:24 328A57535A2B74C924FA34DD29039E9D 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\java-rmi.exe 2016-02-27 10:51:24 249C1C8BD8AC9568E5C5A0EC2FB39018 191072 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\java.exe 2016-02-27 10:51:24 237CDD69D6E3866533B402F321A11A4E 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\javacpl.exe 2016-02-27 10:51:24 2211C51BABE577798343D69F818E25AB 278624 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\bin\javaws.exe 2016-02-27 10:45:42 5961C5D8EDD2E2A3B99F1782AE1AC21F 146888 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 2016-02-27 10:45:42 56ACC7C5AF0F30FB53B40176A80065DA 88670 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 2016-02-27 10:38:29 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Gaultier\AppData\Local\Temp\7D599E6C-03E2-4A28-B37B-B6BDCE2CAF63\DismHost.exe 2016-02-27 10:25:00 557887B5EABD6B2A353EAC3698A696B3 4349928 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.4791\Agent.exe 2016-02-27 10:03:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gaultier.exe 2016-02-27 10:01:23 C9D9EEBCCEF20D637F193490CEC05E79 10274136 ----a-w- C:\Program Files (x86)\Steam\SteamApps\downloading\311210\_CommonRedist\vcredist\2010\vcredist_x64.exe 2016-02-27 10:01:23 7D834DFF843BFCEAFA2B30C065F8D57C 692224 ----a-w- C:\Program Files (x86)\Steam\SteamApps\downloading\311210\CrashUploader.exe 2016-02-27 10:01:23 1D6B28CE58EA2E007FE6DC4459977C37 43631120 ----a-w- C:\Program Files (x86)\Steam\SteamApps\downloading\311210\BlackOps3.exe 2016-02-27 10:01:23 1801436936E64598BAB5B87B37DC7F87 8990552 ----a-w- C:\Program Files (x86)\Steam\SteamApps\downloading\311210\_CommonRedist\vcredist\2010\vcredist_x86.exe 2016-02-27 09:17:39 F6AD227821C324DCE9B629EA892FCCCB 7311408 ----a-w- C:\Users\Gaultier\AppData\Local\NVIDIA\NvBackend\Packages\00008690\DAO.20480151.exe 2016-02-26 14:40:03 29AC556ACEBDED818F9AA954B85F92A2 3286400 ----a-w- C:\Users\Gaultier\AppData\Roaming\Enigma Software Group\sh_installer.exe 2016-02-26 14:39:37 801C5F8A09BB30C1E649CE1C58543CDC 30080 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\native.exe 2016-02-26 14:39:35 6038920DE896194BEC23394D5205886E 8472448 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 2016-02-26 14:39:35 29120F41CFC43EB730687F97A93E2E9E 1042304 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe 2016-02-26 13:02:00 06686DA78580EA614F187299B99CD6F2 630200 ----a-w- C:\Users\Gaultier\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-02-26 13:01:58 670B99C157FE84736AEC2968AAF1C68E 172984 ----a-w- C:\Users\Gaultier\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-02-22 09:07:41 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Gaultier\AppData\Local\Temp\6CBEA934-4557-477B-8C49-191036CD31AF\DismHost.exe 2016-02-21 17:03:39 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Gaultier\AppData\Local\Temp\50A68FF0-F600-4C97-8EA8-86186FB0A288\DismHost.exe 2016-02-20 16:50:04 04DFE14916AFB5CEE023562C62C8FB60 18392 ----a-w- C:\Users\Gaultier\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe 2016-02-20 16:49:59 3B116ADE27A0CE53021AC74D5632DC75 173032 ----a-w- C:\Users\Gaultier\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2016-02-20 16:49:58 679AA16EED91927FAA40736D9B408B88 25122080 ----a-w- C:\Users\Gaultier\AppData\Roaming\Dropbox\bin\Dropbox.exe 2016-02-20 16:48:40 AE0A0D869F0AA3D790FB40BF1673C237 70766040 ----a-w- C:\Users\Gaultier\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.14.7\DropboxClient_3.14.7.exe 2016-02-20 12:11:30 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Gaultier\AppData\Local\Temp\387E0D92-CC06-4861-BE17-B420ABA2BDF3\DismHost.exe === C: other files == 2016-02-27 10:51:26 EFE4B4EBEBBF14DE84461AFCC281DA12 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_73\lib\deploy\ffjcext.zip 2016-02-27 09:56:46 DF66F7835AE099046DE2C590F88C48FD 27034 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\data\anim\hat_ox.zip 2016-02-26 14:40:22 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2016-02-26 14:39:41 6038920DE896194BEC23394D5205886E 8472448 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com 2016-02-26 14:39:38 7AEC5E76816178BF6C543A155D8208B6 15920 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2016-02-26 14:39:37 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys 2016-02-26 14:39:37 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys 2016-02-24 21:48:49 8A82E66741B2C7BF2FB7527C8109AEC9 16794057 ----a-r- C:\Users\Gaultier\AppData\Local\Temp\LC.zip 2016-02-20 16:55:10 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-02-20 16:54:48 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-02-20 16:54:48 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2016-02-20 16:54:48 08DECFCB9BA97786165A69AB1015BC30 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-02-20 16:49:58 C328AF98CA42AD89E948E31FA0F4BC74 58480 ----a-w- C:\Users\Gaultier\AppData\Roaming\Dropbox\bin\driver_amd64\dbx.sys 2016-02-20 16:49:58 5E7989A23ADB365A2B5F69CB55DE5A1E 48752 ----a-w- C:\Users\Gaultier\AppData\Roaming\Dropbox\bin\driver_x86\dbx.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3128253451-1099226070-3226710066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lync"="C:\Program Files\Microsoft Office\Office15\lync.exe /fromrunkey" "uTorrent"="C:\Users\Gaultier\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Dropbox Update"="C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "hddhealth"="C:\Program Files (x86)\HDD Health\hddhealth.exe -wl" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_USERS\S-1-5-21-3128253451-1099226070-3226710066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" "Uninstall C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sound Blaster Cinema"="C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe /r" "UpdReg"="C:\Windows\UpdReg.EXE" "Super-Charger"="C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "BlueStacks Agent"="c:\Program Files (x86)\BlueStacks\HD-Agent.exe" "F-Secure Manager"="C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE /splash" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "F-Secure Hoster (44163)"="C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe -app -hosterid:1" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Lync"="C:\Program Files\Microsoft Office\Office15\lync.exe /fromrunkey" "uTorrent"="C:\Users\Gaultier\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Dropbox Update"="C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "hddhealth"="C:\Program Files (x86)\HDD Health\hddhealth.exe -wl" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" "Uninstall C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "MBCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " "Radio Manager"="C:\Program Files (x86)\SCM\Radio Manager.exe" "SCM"="C:\Program Files (x86)\SCM\SCM.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdAndroidSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdLogRotatorSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ETDService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\fshoster] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FSMA] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FSORSPClient] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GfExperienceService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HDDHealth] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\igfxCUIService2.0.0.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service Interface] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service TCP IP Interface] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) ME Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iOSinstallerUpdater] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iumsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Micro Star SCM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSI_SuperCharger] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamNetworkSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PornTime Updater] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Qualcomm Atheros Killer Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update service] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25/02/2016 18:10] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3128253451-1099226070-3226710066-1002Core.job --a-------- C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/06/2015 10:37] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3128253451-1099226070-3226710066-1002UA.job --a-------- C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/06/2015 10:37] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/08/2015 09:07] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/08/2015 09:07] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3128253451-1099226070-3226710066-1002Core" [C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3128253451-1099226070-3226710066-1002UA" [C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\WINDOWS\SysNative\tasks\Java Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{D6091491-4EF9-43A4-8F67-DDFF9052521D}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Norton Anti-Theft\Norton Error Analyzer" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Anti-Theft\Norton Error Processor" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Gaultier\AppData\Roaming\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692 user_pref("browser.startup.homepage", "about:home"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ols@f-secure.com"="C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi" [16/11/2015 13:29] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Gaultier\AppData\Roaming\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692 - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gaultier\AppData\Roaming\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692 C899B98999270821EDFFA56044DE2377 - C:\Users\Gaultier\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin C62322C77D1AAB77B1CF1130FCC3673A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash 6FE651F6E3025AD51CC1D54913AEEADC - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jmjjnhpacphpjmnnlnccpfmhkcloaade - C:/Program Files (x86)/Telenet Security Pack/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx[16/11/2015 13:29] Google Docs - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Logitech Smooth Scrolling - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk tinymediaplayer - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnjbpfkbiophjcpjfhojffigapncemg Google Docs Offline - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gaultier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://msi13.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://msi13.msn.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{C65B21D5-28D6-4720-BD34-D33ADEA41703}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{C65B21D5-28D6-4720-BD34-D33ADEA41703} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS; HKLM\Wow6432Node\SearchScopes "DefaultScope"="{C65B21D5-28D6-4720-BD34-D33ADEA41703}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{C65B21D5-28D6-4720-BD34-D33ADEA41703} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAMIJS; HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{C65B21D5-28D6-4720-BD34-D33ADEA41703} - No_Url_Value ==== HijackThis Entries ====================== O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Browsing Protection by F-Secure - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [BlueStacks Agent] c:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [F-Secure Hoster (44163)] "C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey O4 - HKCU\..\Run: [uTorrent] "C:\Users\Gaultier\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Gaultier\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe -wl O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gaultier\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: Curse.lnk = Gaultier\AppData\Roaming\Curse Client\Bin\Curse.exe O4 - Startup: CurseClientStartup.ccip O4 - Startup: Dropbox.lnk = Gaultier\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Qualcomm Atheros Killer Network Manager.lnk = C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.hola.org O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gaultier\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gaultier\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gaultier\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Gaultier\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Gaultier\AppData\Local\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692\Cache emptied successfully C:\Users\Gaultier\AppData\Local\Mozilla\Firefox\Profiles\7rbkulry.default-1444292171692\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Gaultier\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=551 folders=100 111329571 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Gaultier\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 27/02/2016 at 12:16:59,09 ======================