Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Jochen on wo 20-01-2016 at 20:07:51,00. Microsoft Windows 10 Pro 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jochen\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 20-1-2016 20:08:54 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\InstallShield Installation Information deleted successfully C:\PROGRA~2\MarkAny deleted successfully C:\PROGRA~3\c76a45d000006a5d deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\Jochen\AppData\Local\ActiveSync deleted successfully C:\Users\Jochen\AppData\Local\DriverToolkit deleted successfully C:\Users\Jochen\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Jochen\AppData\Local\EmieSiteList deleted successfully C:\Users\Jochen\AppData\Local\EmieUserList deleted successfully C:\Users\Jochen\AppData\Local\genienext deleted successfully C:\Users\Jochen\AppData\Local\PeerDistRepub deleted successfully C:\Users\Jochen\AppData\Local\Samsung deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{402DE2-38E8-45EA-8E76-132D56D18D56} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5593BD0-7A0-4F0F-82A8-891CBE856AA} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{587BFBC8-EDC2-4CCB-946A-0829D81ECB1} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E3253AB-D1AE-430F-BD39-AAD1E49EF18F} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{775a14ea-2c34-467b-88f6-3eac0093d479} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8856CA6D-B360-493E-B61A-D98790A7A5F} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b3652fe-411d-4942-ae7d-31a2c93dab8c} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0B59B42-8FC0-4D11-BCD-7AC9D9C4FEFB} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A29EF5C0-E123-4A70-BC3B-9FFF7FE267A5} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC58472D-1F8B-48F6-9CD9-989A9FF2CD3} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5CFEB8-8C30-48B9-9D73-1711DA5BA828} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2F932E7-2C2B-413E-BFD5-69DC8E4B5F3} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEDC1D72-8D44-4F12-90EF-E95DA2606D24} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D342B81F-127B-45E7-9733-8ED8F2587D8F} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAFBD39E-3A9E-464B-BE8A-B4631E4B6B33} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD61F2F2-AD-4457-91A1-E898A412EB47} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E720B527-2D6-4047-8D48-9D11AD72CEC1} deleted successfully HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1ED505F-6647-46EE-B3E7-DFF5B8673166} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{775a14ea-2c34-467b-88f6-3eac0093d479} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b3652fe-411d-4942-ae7d-31a2c93dab8c} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ęTorrent Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Flash Player 20 NPAPI Adobe Refresh Manager Apple Application Support Apple Software Update CCleaner Java 8 Update 71 Java Auto Updater League of Legends LibreOffice 4.1.3.2 Malwarebytes Anti-Malware versie 2.2.0.1024 Microsoft .NET Framework 4.5.2 Microsoft ASP.NET MVC 4 Runtime Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 MyDriveConnect 4.0.7.2442 NVIDIA 3D Vision controllerstuurprogramma 347.09 NVIDIA 3D Vision Driver 358.91 NVIDIA Control Panel 358.91 NVIDIA GeForce Experience 2.4.1.21 NVIDIA GeForce Experience Service NVIDIA Graphics Driver 358.91 NVIDIA HD Audio Driver 1.3.34.3 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.14.0702 NVIDIA ShadowPlay 17.12.8 NVIDIA Stereoscopic 3D Driver NVIDIA Update 2.4.1.21 NVIDIA Update Core NVIDIA Virtual Audio 1.2.27 PowerISO QuickTime 7 Rapport SHIELD Streaming SHIELD Wireless Controller Driver SSDlife Free Trusteer Eindpuntbeveiliging Unity Web Player Visual Studio C++ 10.0 Runtime WinRAR archiver ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Jochen\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\InstallShield Installation Information not found C:\PROGRA~2\MarkAny not found C:\Users\Jochen\.android deleted C:\PROGRA~2\globalUpdate deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\Package Cache deleted C:\Users\Jochen\AppData\Local\nse942E.tmp deleted C:\Users\Jochen\AppData\Local\Unity deleted C:\Users\Jochen\AppData\Local\globalUpdate deleted C:\Users\Jochen\AppData\Local\Mobogenie deleted C:\Users\Jochen\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Jochen\AppData\LocalLow\Unity deleted C:\WINDOWS\Reimage.ini deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted "C:\Users\Jochen\AppData\Roaming\BYAIAMUF" deleted "C:\WINDOWS\tasks\BYAIAMUF.job" deleted "C:\WINDOWS\SysNative\tasks\BYAIAMUF" deleted "C:\Users\Jochen\AppData\Roaming\IYAAOBBS" deleted "C:\Users\Jochen\AppData\Roaming\OPQHM" deleted "C:\PROGRA~3\e9fcbfc96c00a91\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}.20141217222456" deleted "C:\PROGRA~3\e9fcbfc96c00a91\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}.20141217222817" deleted "C:\Users\Jochen\AppData\Roaming\driver\driver.html" deleted "C:\PROGRA~3\e9fcbfc96c00a91" deleted "C:\Users\Jochen\AppData\Roaming\driver" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6144 MB CPU Info: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz CPU Speed: 3254,8 MHz Sound Card: Speakers (High Definition Audio | Digital Audio (S/PDIF) (High De | Display Adapters: NVIDIA GeForce GTX 560 Ti | NVIDIA GeForce GTX 560 Ti Monitors: 1x; SyncMaster 2043NW/2043NWX | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller CD / DVD Drives: 4x (E: | F: | G: | H: | ) E: TSSTcorpCDDVDW SH-S223F | F: | G: | H: Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 111,3GB | D: 1863,0GB Hard Disks - Free: C: 59,9GB | D: 1431,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/19/09 | A_M_I_ - 2000919 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer INC. P5E Country: Nederland Language: NLD ==== System Specs (Software) ====================== Internet Explorer Version: 11.63.10586.0 Adobe Reader version: 15.10.20056.167417 Sun Java version: 1.8.0_71 (32-bit) Sun Java version: 1.8.0_71 (64-bit) Flash Player version: 20.0.0.286 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Jochen\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-01-18 16:23:03 CD3D99AC21727FBE0D71F1C5E17CAB11 102520 ----a-w- C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-01-13 10:40:04 21F36915236B7B1466632A0E66E11FBA 13018624 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-13 10:40:01 AD780450655553B8A55B327E2051D42F 2180128 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll 2016-01-13 10:39:58 FB105327027BFD691840687456690BBA 2796032 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-01-13 10:39:58 268366A5E301A61823E95D14258EAC17 18677760 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2016-01-13 10:39:55 1F7C4CBC0C5788E3E91C08A3D32F7BB9 1118208 ----a-w- C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-01-13 10:39:54 44CBF47585584D74C3D0C2320031E539 569856 ----a-w- C:\WINDOWS\SysWOW64\qdvd.dll 2016-01-13 10:39:53 1661BE40F2ADC5FABF3EEA50655AEA42 5660160 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2016-01-13 10:39:52 EF3D963CD01DBBBAA7394BB1A638A1BB 116728 ----a-w- C:\WINDOWS\SysWOW64\mfps.dll 2016-01-13 10:39:52 AD509AC05E94B96768165FA744642AD9 703840 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe 2016-01-13 10:39:51 6E7BF3FB027D46B7DEFCFFBEF8C4511D 2026736 ----a-w- C:\WINDOWS\SysWOW64\msxml6.dll 2016-01-13 10:39:51 0A8409C137B580A3EEB80E33649044F3 701384 ----a-w- C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-01-13 10:39:50 0B7C5790893F3650162BED4BEA35D9A6 695752 ----a-w- C:\WINDOWS\SysWOW64\WMADMOD.DLL 2016-01-13 10:39:49 C8892F76C2D15CB1175E3F7A04D07904 890880 ----a-w- C:\WINDOWS\SysWOW64\WMSPDMOD.DLL 2016-01-13 10:39:49 B582395C45BEE500A33FDD1F4D6F9F47 3667456 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2016-01-13 10:39:48 53C56BBD38D51810E2221C3BDDA8D9C9 652312 ----a-w- C:\WINDOWS\SysWOW64\evr.dll 2016-01-13 10:39:48 30440486E1D0DF0A4F6EFB714AB53898 709688 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-13 10:39:48 2B6C84CF3AE5E1CEE5C763115DAF5FB4 389120 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll 2016-01-13 10:39:48 039AD4C3FDCF13CE3196C0258C24D0C7 1371792 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2016-01-13 10:39:47 5B4A72F4E698940C858F54BE2E1E21C1 1542656 ----a-w- C:\WINDOWS\SysWOW64\quartz.dll 2016-01-13 10:39:47 30C2700A2CDEF6042585C9296ABC9054 499432 ----a-w- C:\WINDOWS\SysWOW64\advapi32.dll 2016-01-13 10:39:47 0B8C82099C16CC3AF45ABBE9BADC0B0C 498176 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-01-13 10:39:46 7BA4B67BDA4222B55FA700E31B63F32D 208176 ----a-w- C:\WINDOWS\SysWOW64\mftranscode.dll 2016-01-13 10:39:46 51B550A0FBFA6E04F8595ED0BD99C202 100160 ----a-w- C:\WINDOWS\SysWOW64\MP3DMOD.DLL 2016-01-13 10:39:45 6F1EEEF679AFA703C7C328BD87C5AB68 558592 ----a-w- C:\WINDOWS\SysWOW64\uReFS.dll 2016-01-13 10:39:45 627DC6C1A8D38FFC64BF884C2DE90410 573440 ----a-w- C:\WINDOWS\SysWOW64\qedit.dll 2016-01-13 10:39:44 94A99147A62D9830676B47D2BFA8FA46 125440 ----a-w- C:\WINDOWS\SysWOW64\wshom.ocx 2016-01-13 10:39:44 6CE4F5BC53932C885B2276C2B352065C 34816 ----a-w- C:\WINDOWS\SysWOW64\usermgrcli.dll 2016-01-13 10:39:44 626E736B04150EC59601D2D3EEFEDA6D 123392 ----a-w- C:\WINDOWS\SysWOW64\ProximityCommon.dll 2016-01-13 10:39:43 64F7A89D4DBFA69D40C7C1FF5BB4457E 166912 ----a-w- C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2016-01-13 10:39:43 29EF8EC898FE21680DB5FB15DB513EC8 235008 ----a-w- C:\WINDOWS\SysWOW64\ksproxy.ax 2016-01-13 10:39:43 132209E26098FCDDEC023B460E68EBEB 1070080 ----a-w- C:\WINDOWS\SysWOW64\WMSPDMOE.DLL 2016-01-13 10:39:42 EDD93EDB3758471A4862D3CF70FE9007 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-01-13 10:40:05 7C60661994699C46DA511131697AE7F2 16986112 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2016-01-13 10:40:01 C5BEFFC71C5584000F7DD92BC2AE27DC 2544256 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll 2016-01-13 10:40:01 5D0AADA2231BBC252D71D65CA98D33CE 3428864 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2016-01-13 10:40:00 C85084053134A7FDA9D3BCB174654A1C 22393856 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2016-01-13 10:39:56 5CB2CB9410BD09BE144D64BF447D6582 1299504 ----a-w- C:\WINDOWS\Sysnative\mfnetsrc.dll 2016-01-13 10:39:55 43807C26BF18DA3EDFB5F4FFFD92BCD8 7477600 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2016-01-13 10:39:54 602E23B67E82266E1D1B1D0E4B623F5C 7826432 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2016-01-13 10:39:53 C46159A366C6AA90F1B742999745FA36 2280448 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2016-01-13 10:39:53 903F7858A69A95836B0C1D36CBEC5E5B 387072 ----a-w- C:\WINDOWS\Sysnative\qdvd.dll 2016-01-13 10:39:53 76F240DE951303CD5B717C9583C4C8C0 808800 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe 2016-01-13 10:39:53 36EC82F0E399F36BD25F593D63DC144A 912384 ----a-w- C:\WINDOWS\Sysnative\usermgr.dll 2016-01-13 10:39:52 CCFE330C465256D5D835E9248C676E9E 245840 ----a-w- C:\WINDOWS\Sysnative\mfps.dll 2016-01-13 10:39:52 70E822EC30C93426C2C51D8CB8BBCDDF 2587696 ----a-w- C:\WINDOWS\Sysnative\msxml6.dll 2016-01-13 10:39:51 8F0749D5F46FDC5C82E74AC26138B7E5 796352 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2016-01-13 10:39:51 67C00AEDBE4B3AD408A4910A357E046F 786696 ----a-w- C:\WINDOWS\Sysnative\WMADMOD.DLL 2016-01-13 10:39:51 06B4CA3A5033B775B8C33DD56899C32C 4894720 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2016-01-13 10:39:50 D1824F779289CA26635A186FF30C0F92 858952 ----a-w- C:\WINDOWS\Sysnative\mfnetcore.dll 2016-01-13 10:39:50 B84FEAB09387BECCA1900E4BFBD899A9 1009152 ----a-w- C:\WINDOWS\Sysnative\WMSPDMOD.DLL 2016-01-13 10:39:50 93373D10F0F00D1DEE2EB822654735A5 275968 ----a-w- C:\WINDOWS\Sysnative\facecredentialprovider.dll 2016-01-13 10:39:50 48D356CBA869FA4720A32B6285E7018D 785088 ----a-w- C:\WINDOWS\Sysnative\evr.dll 2016-01-13 10:39:50 0522361AB3FE5B9C63D7B8C793E793F6 638464 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll 2016-01-13 10:39:49 F5F72E0612286EE2A3700211015BF16B 848160 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll 2016-01-13 10:39:49 7E0BD4140FFB06EB7253074C872EAF54 513888 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2016-01-13 10:39:49 5F88CE195745E419A444E1CBED58AB00 1674240 ----a-w- C:\WINDOWS\Sysnative\quartz.dll 2016-01-13 10:39:49 3FF05901B36C55E61E0C30B208B884F8 713568 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2016-01-13 10:39:48 E00F94FADD6FE28F62841F8D31EF47BF 1594408 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2016-01-13 10:39:48 63B9376F17E6DE7DE8B25BC6F3319A98 671472 ----a-w- C:\WINDOWS\Sysnative\advapi32.dll 2016-01-13 10:39:48 3A6DFDE14FEDB078985C6D0EA8C19FC9 162816 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe 2016-01-13 10:39:48 11B74BAF9BD95FC3B7F17658A8CDBF3C 1804664 ----a-w- C:\WINDOWS\Sysnative\WMALFXGFXDSP.dll 2016-01-13 10:39:47 DFDA465D7D14906ECC04071E20D0F19E 644096 ----a-w- C:\WINDOWS\Sysnative\uReFS.dll 2016-01-13 10:39:47 DEEA03E61DCE718C64BF68D446E8ABA0 1309376 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2016-01-13 10:39:47 C7A6CC05D5D1BE5A863F858D963F7E0C 628736 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll 2016-01-13 10:39:47 7B24B823404D53DA4748F21AD2BF04C9 584704 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2016-01-13 10:39:47 7677EA28D43C73FBD58BFA7C8E21FE97 479232 ----a-w- C:\WINDOWS\Sysnative\schannel.dll 2016-01-13 10:39:46 815D17429CBDA7DD5D11AA57B379E94B 119320 ----a-w- C:\WINDOWS\Sysnative\MP3DMOD.DLL 2016-01-13 10:39:46 5E509E7E8AA0DC686F749AC2996F4124 208896 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll 2016-01-13 10:39:46 57606281E23B0F53347527691E947B2B 749056 ----a-w- C:\WINDOWS\Sysnative\PhoneService.dll 2016-01-13 10:39:46 55FB0D95CC3EF6A0EB40DBDBC529787A 1255936 ----a-w- C:\WINDOWS\Sysnative\WMSPDMOE.DLL 2016-01-13 10:39:46 29A61BF9EAB31507C36060CFAFEBE154 234504 ----a-w- C:\WINDOWS\Sysnative\mftranscode.dll 2016-01-13 10:39:46 0C59D6C4129FDDCAB29B432DD2F57AC5 1173344 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2016-01-13 10:39:45 EF3D67F37ACC4CEFFDC853B960EC5856 1141496 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2016-01-13 10:39:45 90AA1A4C3B4FF984BB33D74C23D71536 678912 ----a-w- C:\WINDOWS\Sysnative\qedit.dll 2016-01-13 10:39:45 4EA244C67F3D3B0EB0CC694443D3F5AA 167936 ----a-w- C:\WINDOWS\Sysnative\ProximityCommon.dll 2016-01-13 10:39:45 26DFF195B1A59942541CE199C586F0D4 43520 ----a-w- C:\WINDOWS\Sysnative\usermgrcli.dll 2016-01-13 10:39:45 0C4257E848E186BD4624DD12C6B5507E 1317640 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2016-01-13 10:39:44 B94746868C7AD8F0449662E8552E55DE 145920 ----a-w- C:\WINDOWS\Sysnative\omadmclient.exe 2016-01-13 10:39:44 8321155AACF85779A42582B0CD5084A4 148992 ----a-w- C:\WINDOWS\Sysnative\wshom.ocx 2016-01-13 10:39:44 503FFDCC4319F7419DE2B201B03BDB54 305664 ----a-w- C:\WINDOWS\Sysnative\ksproxy.ax 2016-01-13 10:39:43 E95EA71BD560BF02276DF339FA412FCB 472576 ----a-w- C:\WINDOWS\Sysnative\DscCore.dll 2016-01-13 10:39:43 C8C10002DF980C3830D103960957AA3C 1582080 ----a-w- C:\WINDOWS\Sysnative\aitstatic.exe 2016-01-13 10:39:43 7ADDFA6327AD43B2D1DB974FE1B35BD4 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2016-01-13 10:39:43 561B71EE613240D3CC643E2E308BD3F7 248832 ----a-w- C:\WINDOWS\Sysnative\UserMgrProxy.dll 2016-01-13 10:39:43 4DAAEB83744362082EA91B05C9CC13F3 604672 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2016-01-13 10:39:42 671DA2607117AC3BC7C028C0A6F4555E 210432 ----a-w- C:\WINDOWS\Sysnative\aepic.dll ====== C:\WINDOWS\Sysnative\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-01-20 11:16:43 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-01-20 18:03:25 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Jochen\AppData\Roaming ====== 2016-01-20 19:16:21 -------- d-----w- C:\Users\DefaultAppPool\AppData\LocalLow ====== C:\Users\Jochen ====== 2016-01-20 11:16:19 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jochen\Downloads\RSITx64.exe 2016-01-19 16:44:50 F37F42AABC38FDC6F8F4CDD3B8992719 146432784 ----a-w- C:\Users\Jochen\Downloads\msert.exe ====== C: exe-files == 2016-01-20 19:06:35 C9A194BCDD0C1E5F05780B4F1DFFFF9C 106 ----a-w- C:\$Recycle.Bin\S-1-5-21-2322011093-2357719294-2687073453-1001\$IDGEV0V.exe 2016-01-20 19:06:32 6549F7F76C9018F7EEBFD1A88DB13F28 106 ----a-w- C:\$Recycle.Bin\S-1-5-21-2322011093-2357719294-2687073453-1001\$IE22KJD.exe 2016-01-20 19:06:19 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-2322011093-2357719294-2687073453-1001\$RE22KJD.exe 2016-01-20 19:06:12 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-2322011093-2357719294-2687073453-1001\$RDGEV0V.exe 2016-01-20 18:26:14 C1AEA21B159A02AEA9D649EB5FEDA5AD 4319736 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcher.exe 2016-01-20 18:26:14 7E8C6A2009B7715A49EFFB205CC4A782 3107320 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\LoLPatcherUx.exe 2016-01-20 18:26:12 8EC1093E2389E97F3C355DA6037AF63F 114680 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.47\deploy\jpatch.exe 2016-01-20 18:26:04 198B259D279811462804D195084EB5CC 2344440 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.7\deploy\LoLLauncher.exe 2016-01-20 18:26:03 8EC1093E2389E97F3C355DA6037AF63F 114680 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.7\deploy\jpatch.exe 2016-01-20 18:02:56 F64E8F84D184DB9E1DAA06C468A96564 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssvagent.exe 2016-01-20 18:02:56 DFF3A99FE7DF7896A952B758A534364D 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\rmiregistry.exe 2016-01-20 18:02:56 D2702A2D5C98EB6E2524251099856954 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\servertool.exe 2016-01-20 18:02:56 B562AA86D55096C033BD0CE39BAEE6E7 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\tnameserv.exe 2016-01-20 18:02:56 A12B125D9D3CF87944E7E7A1BA0ED2A3 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\policytool.exe 2016-01-20 18:02:56 8F6A3DF8AEC9E79BF83472783C3EE86F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\rmid.exe 2016-01-20 18:02:56 7E18299A2B425FB60E47E11DF13CD43E 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\unpack200.exe 2016-01-20 18:02:56 72A41AFF0F7041FEA03914E157C2E22E 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\pack200.exe 2016-01-20 18:02:56 4A94B0D6D2322581E0D8C6749AA5EA35 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\orbd.exe 2016-01-20 18:02:55 E1CCCE3EF4323A08240442EE6D8F9F23 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2launcher.exe 2016-01-20 18:02:55 6F93569D77CB789727C4E0F33F934741 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\jjs.exe 2016-01-20 18:02:55 5684DB15C4FDDD66CB41A238586C229E 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\klist.exe 2016-01-20 18:02:55 51FDBC4B82654F534D8AF5F39AE249DD 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\keytool.exe 2016-01-20 18:02:55 3B25D8E78E7DC350FF489E814C8302FE 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\kinit.exe 2016-01-20 18:02:55 041F2531B37C13CE5211B860DF5EFC64 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\ktab.exe 2016-01-20 18:02:54 F9B4CC285D23A3CC144C5E2EB89413A9 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\javacpl.exe 2016-01-20 18:02:54 D317A632CFEE0ED03AAAF884B503421A 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\java-rmi.exe 2016-01-20 18:02:54 C1A4EED6CE27B89E3CF63839DDE14D98 278624 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\javaws.exe 2016-01-20 18:02:54 7F39A458F3F444973AF0EEE1035D533A 30816 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\jabswitch.exe 2016-01-20 18:02:54 3C30DF6FF0EEA713F1F4D251696B93A7 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\javaw.exe 2016-01-20 18:02:54 099E74EDE92C0B07E85AF3EE6A0C1248 191072 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\bin\java.exe 2016-01-20 18:02:20 679D63D4D5C393DAFC6DB17D4C4E90E4 644704 ----a-w- C:\Users\Jochen\AppData\Local\Temp\jre-8u71-windows-au.exe 2016-01-20 17:42:06 3F2438AEB26AB9B92D929E423CA51D10 602872 ----a-w- C:\Users\Jochen\AppData\Local\NVIDIA\NvBackend\Packages\0000852d\CoProc update.20357943.exe 2016-01-20 11:16:43 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jochen.exe 2016-01-20 11:16:19 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jochen\Downloads\RSITx64.exe 2016-01-19 17:26:28 421ED79D572F8D4E660DFBABBF2F7FC7 7084848 ----a-w- C:\Users\Jochen\AppData\Local\NVIDIA\NvBackend\Packages\0000851f\DAO.20353285.exe 2016-01-19 16:44:50 F37F42AABC38FDC6F8F4CDD3B8992719 146432784 ----a-w- C:\Users\Jochen\Downloads\msert.exe 2016-01-19 09:51:52 4D8354001D6D145EEF9AB5957C26575A 630200 ----a-w- C:\Users\Jochen\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-01-19 09:51:48 A4E3C151BCD8AB02576743F70FEFCFE3 172984 ----a-w- C:\Users\Jochen\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-01-18 17:26:01 41F9238288CC12C50A5026A504BCC9CC 354416 ----a-w- C:\Users\Jochen\AppData\Local\NVIDIA\NvBackend\Packages\00008245\DRS update.20141141.exe 2016-01-18 16:23:42 C54BD5431D226B2311080B0474CA86D0 422728 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{0904CE76-B44F-4782-B5D5-06690EE23311}\setup.exe 2016-01-18 16:23:42 2234B29A40F64EA1335E2F74C2C40EB2 1881232 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9DAC06EF-1E58-47D8-8C19-D18013AEFE06}\NVNetworkService.exe 2016-01-18 16:23:29 C54BD5431D226B2311080B0474CA86D0 422728 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{941D756C-8DF4-43C4-A631-1BD4B5A1612C}\setup.exe 2016-01-18 16:23:29 2234B29A40F64EA1335E2F74C2C40EB2 1881232 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{765FCEB0-51D7-4C84-8B77-19CEBF8829D1}\NVNetworkService.exe 2016-01-18 16:23:04 8ACD5E67C990D6751BDFD3929B90E8E7 437368 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe 2016-01-18 16:23:04 830CFEC94DB8EC71CAAF3AD5DE4240C4 2402936 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvsttest.exe 2016-01-18 16:23:04 6B1E37318142B6FA322F6EAF5CE2EC38 1691256 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 2016-01-18 16:23:04 4B69274A77C6254937CB1A013748938F 7846008 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NVStWiz.exe 2016-01-18 16:23:03 ED131735EC4F15CEACAC51D68B56E9C1 896120 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe 2016-01-18 16:23:03 D0CA441A2E7CC1F181EC2D36F61A1C3C 596600 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe 2016-01-18 16:23:03 CD3D99AC21727FBE0D71F1C5E17CAB11 102520 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe 2016-01-18 16:23:03 78681EC0EE8777896F8F93005E87AB45 316024 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe 2016-01-18 16:23:03 044C02B6E0359B310C5881261DD9C484 417400 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2016-01-18 16:22:18 792293E1F36C6ABD2DBA0E5BFFB08DAE 18179088 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{928C216A-7127-459B-8151-70C5CE2EC025}\3DVision.exe 2016-01-18 16:22:17 C872E916549808EF3E4B3BF58D0FE0ED 84824 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\nvsetup.exe 2016-01-18 16:22:17 6E11BE7432AFA5750E6EC2B7FBD83060 106824 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\NvSplashService.exe 2016-01-18 16:22:17 4FF68BB5BA1C7A0ED946139A72268A9A 28534744 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\NvCplSetupEng.exe 2016-01-18 16:22:17 4BD7C21DB9AD227F978837BC0C539740 2720400 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\GeForce_iCafe.exe 2016-01-18 16:22:17 44A57ECCBCD448A3D3F22C339A666404 94926208 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\NvCplSetupInt.exe 2016-01-18 16:22:17 25D4A3719EA583C91F9CBD3C5041F036 2346640 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\NvSplash.exe 2016-01-18 16:22:16 4159D636830CBA8702B7920F21082A37 458056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{60E1D7AB-DE0E-4070-98A4-E796EC660D86}\dbInstaller.exe 2016-01-18 16:22:08 2234B29A40F64EA1335E2F74C2C40EB2 1881232 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{675316D3-5801-47E6-B826-533BCD6A83DD}\NVNetworkService.exe 2016-01-15 18:36:27 51A769B2AEF46A39A86D4E880941823B 19598840 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.1.57\deploy\League of Legends.exe === C: other files == 2016-01-20 18:02:57 61351FF4B83204E6477FBBCB7107B919 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_71\lib\deploy\ffjcext.zip 2016-01-18 16:23:47 C3A683B470ED126CE8159D7996489CE9 463464 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{AA6FA0F1-60C5-45C8-B8F4-F91E8D6EBDEF}\nvstusb32.sys 2016-01-18 16:23:47 81470B9600F7504D0581BD4533F45CFC 478392 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{AA6FA0F1-60C5-45C8-B8F4-F91E8D6EBDEF}\nvstusb64.sys 2016-01-18 16:23:46 9B38048B4C88F39E4AAB92045A95457C 146752 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{EFACEA4F-B2C7-4BC6-AB81-6AE0856569E7}\nvhda32.sys 2016-01-18 16:23:46 80D359EA05F1C23F9C2A833A56D4D97D 178832 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{EFACEA4F-B2C7-4BC6-AB81-6AE0856569E7}\nvhda32v.sys 2016-01-18 16:23:46 4CEAD20BF10475C31A625C7F9CD460DA 179024 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{EFACEA4F-B2C7-4BC6-AB81-6AE0856569E7}\nvhda64.sys 2016-01-18 16:23:46 1F346E981A76BA8B98540B3481C1D659 214168 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{EFACEA4F-B2C7-4BC6-AB81-6AE0856569E7}\nvhda64v.sys 2016-01-18 16:23:42 AEB191BB41713051647860EECD4E7899 24208 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{0904CE76-B44F-4782-B5D5-06690EE23311}\NVI2SystemService64.sys 2016-01-18 16:23:42 5E0E107518395172AC96C3C09F96F4A1 23368 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{0904CE76-B44F-4782-B5D5-06690EE23311}\NVI2SystemService32.sys 2016-01-18 16:23:35 C3A683B470ED126CE8159D7996489CE9 463464 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{5E5A95CE-44C4-491D-A2A8-875776F89689}\nvstusb32.sys 2016-01-18 16:23:35 81470B9600F7504D0581BD4533F45CFC 478392 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{5E5A95CE-44C4-491D-A2A8-875776F89689}\nvstusb64.sys 2016-01-18 16:23:34 9B38048B4C88F39E4AAB92045A95457C 146752 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{BCAA2582-0D7C-42F8-8D0B-9F0118AB96D1}\nvhda32.sys 2016-01-18 16:23:34 80D359EA05F1C23F9C2A833A56D4D97D 178832 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{BCAA2582-0D7C-42F8-8D0B-9F0118AB96D1}\nvhda32v.sys 2016-01-18 16:23:34 4CEAD20BF10475C31A625C7F9CD460DA 179024 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{BCAA2582-0D7C-42F8-8D0B-9F0118AB96D1}\nvhda64.sys 2016-01-18 16:23:34 1F346E981A76BA8B98540B3481C1D659 214168 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{BCAA2582-0D7C-42F8-8D0B-9F0118AB96D1}\nvhda64v.sys 2016-01-18 16:23:30 AEB191BB41713051647860EECD4E7899 24208 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{941D756C-8DF4-43C4-A631-1BD4B5A1612C}\NVI2SystemService64.sys 2016-01-18 16:23:30 5E0E107518395172AC96C3C09F96F4A1 23368 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{941D756C-8DF4-43C4-A631-1BD4B5A1612C}\NVI2SystemService32.sys 2016-01-18 16:21:40 1BAA8D6913574F87F5983294A076631D 11151488 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\nvlddmkm.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2322011093-2357719294-2687073453-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [20-01-2016 19:21] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\new tab helper oursurfing" [C:\Users\Jochen\AppData\Roaming\oursurfing\newtab_hlpr.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{84B00553-6036-4FA0-A10F-9526F4BDD121}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{20915DED-A480-4775-87E8-98C57FBE933D}" [C:\Riot Games\League of Legends\lol.launcher.exe] "C:\WINDOWS\SysNative\tasks\{9A4A8DF4-41CA-4059-A907-50BF3BB5598D}" [C:\Riot Games\League of Legends\lol.launcher.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Jochen\AppData\Local\Torch deleted Fake profile C:\Users\Jochen\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Jochen\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== YouTube - Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Jochen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{617C5F7D-BF4C-487C-88BD-D496F793C6B0}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKCU\SearchScopes\{617C5F7D-BF4C-487C-88BD-D496F793C6B0} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Silverlight\Office14\EXCEL.EXE/3000 O9 - Extra button: Platinum Play Flash Casino - {c1d41251-0578-4d5b-a049-641007494a0c} - https://platinumplay2.gameassists.co.uk/platinumplay/default.aspx?clienttype=1&usertype=-1&a=howtoregister&btag=P20521-PR116-CM14210-TS72918&btag2=039b3f7a-2878-4bec-bdb8-443ac533a30b&btag3=557d7d9d-f2c7-402c-8182-44b1afe59529&btag4=00000000-0000-0000-000 (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jochen\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jochen\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jochen\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Jochen\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jochen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=286 folders=132 634141134 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Jochen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 20-01-2016 at 20:54:26,16 ======================