Zoek.exe v5.0.0.1 Updated 16-November-2015 Tool run by Ilse on di 17-11-2015 at 21:49:00,69. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ilse\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 17-11-2015 21:50:41 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Ilse\AppData\Local\CRE deleted successfully C:\Users\Ilse\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Ilse\AppData\Local\EmieSiteList deleted successfully C:\Users\Ilse\AppData\Local\EmieUserList deleted successfully C:\Users\Ilse\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== c:\programdata\{2b2e49bb-bc12-ddee-2b2e-e49bbbc126ee} not found C:\PROGRA~2\EditThisCookie deleted C:\windows\SysNative\Tasks\PolishPics deleted C:\WINDOWS\tasks\PolishPics.job deleted C:\PROGRA~3\Package Cache deleted C:\Users\Ilse\AppData\Local\Unity deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Ilse\AppData\LocalLow\Unity deleted C:\Users\Ilse\AppData\LocalLow\TB deleted C:\WINDOWS\wininit.ini deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\WINDOWS\Syswow64\SET1634.tmp deleted C:\WINDOWS\Syswow64\SET19C0.tmp deleted C:\WINDOWS\Syswow64\SET44F2.tmp deleted C:\WINDOWS\Syswow64\SET771D.tmp deleted C:\Users\Ilse\AppData\Roaming\Mozilla\Firefox\Profiles\NSYlbhJR.default\extensions\abs@avira.com deleted "C:\PROGRA~2\Bonjour\mdnsNSP.dll" deleted "C:\PROGRA~2\Bonjour\mDNSResponder.exe" deleted "C:\PROGRA~2\Bonjour" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Ilse\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-11-13 08:25:22 A1B94C8C5C9DD2780B83C7435EE18BED 1997336 ----a-w- C:\WINDOWS\SysWOW64\msxml6.dll 2015-11-13 08:25:22 18CCB72B537EEE6CB24E8A4A3803475E 18803712 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-13 08:25:20 E2EFED5C9E4BF8EC6F35CF63CA5B589F 1594368 ----a-w- C:\WINDOWS\SysWOW64\msxml3.dll 2015-11-13 08:25:20 D794DE423CD7C96DB38917C553665E13 19326464 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-13 08:25:20 B9573AE51518377CC31D9F3C92839298 441344 ----a-w- C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-13 08:25:20 988FE631BF928BF4FE0A0AB856FAE574 11262976 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-13 08:25:20 10BD43B952C7A59D31EA976566B624E6 767488 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-13 08:25:13 77BFF88DF139AEB20BE0F5AB7737A981 13027840 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-11-13 08:25:10 D6BF254925FD35955C99F402F8DF4773 20858360 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2015-11-13 08:25:08 FD47D5526827398C371D100284664078 2049536 ----a-w- C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-13 08:25:08 48CCDE23CA8D3380D1491EAD0E7A3ECE 3580416 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-11-13 08:25:08 441947103FF76ED33BC46E50AFC55D57 5454848 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2015-11-13 08:25:08 2986B2B617DD50857FC614B64E9BE1F9 2647040 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-13 08:25:07 EE04BA6667EC970382AEB544F1D89283 1918976 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-13 08:25:07 BDD296468C14755DB20DB5C22C8880B6 650240 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-11-13 08:25:07 52432E91FF09B6AA8113F241ADEA1E1A 2878512 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-13 08:25:07 16271541E6C89AC46316DC276DF33C76 2639872 ----a-w- C:\WINDOWS\SysWOW64\esent.dll 2015-11-13 08:25:06 BBF8ACF14694C6E2DA08CA22E7C544A4 961376 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-13 08:25:06 9157489ABA83D6FEAAAEC8E3F79714E8 928256 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll 2015-11-13 08:25:06 471921FC25E6EC0AA5755C78DD9F7C4E 613376 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll 2015-11-13 08:25:05 DF3F02FA4AEB7064FAC76D2E31BE4DC4 311296 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-13 08:25:05 C15E2900919126DCE4C2A927D3D45158 464896 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-13 08:25:05 B81FC272B92CE1A7542EECF1416D17B9 579584 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll 2015-11-13 08:25:05 99F56FA8CC016E026C38D4CC338B0A15 762888 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-13 08:25:05 860E5BC4CA5AB3FD20051D09270D1A26 504320 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-11-13 08:25:05 685105400BCA64E0D19534A516F36454 625152 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll 2015-11-13 08:25:05 5F7ADEE18B15B9D629F9875C9604A696 557568 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll 2015-11-13 08:25:05 39518661140BE931D676EF657E877048 131072 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2015-11-13 08:25:05 29975419D8EE4827301777ECE10AF30F 1380864 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-13 08:25:05 0C6AA21007BE1389A4D5C3772D7E262D 525312 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll 2015-11-13 08:25:04 E4A4BC49568745BDA44F293E3D29A910 466432 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2015-11-13 08:25:03 D055C7AC2514A999D8C636B39457B98B 172032 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2015-11-13 08:25:03 CA4303787A36890CE6EE34DC1C993F3E 195584 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2015-11-13 08:25:03 4F5230393F48421846F1EEC44F98148B 539728 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-13 08:24:59 9E590FA5A1BF50F2E7B7005244F8D31D 574464 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-11-17 20:47:40 BDE6B63423CD3ED90BB5D98CCF9F6527 16148 ----a-w- C:\WINDOWS\Sysnative\ILSEJOERI_Ilse_HistoryPrediction.bin 2015-11-13 08:25:20 F9042F366B9695FD564E9485112453E2 1871360 ----a-w- C:\WINDOWS\Sysnative\msxml3.dll 2015-11-13 08:25:20 8F643B386A381879A90946ACB6E7F30D 502272 ----a-w- C:\WINDOWS\Sysnative\dlnashext.dll 2015-11-13 08:25:19 C56E82DA13F1433C7E8AC8E31529E41E 949760 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2015-11-13 08:25:19 A09B1B7581BEE8BAC7502A55E71E48EB 12504064 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-11-13 08:25:19 839BD56425530973FF3F6F7C0057CD22 288256 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll 2015-11-13 08:25:19 73AF2D8038FCEF4C4EB4B3106B41967A 2573768 ----a-w- C:\WINDOWS\Sysnative\msxml6.dll 2015-11-13 08:25:19 43BE4036BC793A48BB0021B0FFF943CF 2180608 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2015-11-13 08:25:18 B622D84C585A82A42E6C9EEF3320D505 21873664 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2015-11-13 08:25:18 ADDBAD6945DFB0590B053C3BB4B1C833 8020832 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-11-13 08:25:17 FF5819053CE86FBDC4D7BFA4536A1ABE 24597504 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-11-13 08:25:17 57A3E25D7DA89E65953D254A946C5734 1795072 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll 2015-11-13 08:25:17 378FB144F13D0FB94A5794C3D104AD2C 1383936 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2015-11-13 08:25:17 34E38B59C1AF16BE0531A72326CF144C 3587072 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2015-11-13 08:25:16 19DB66E644058AA880AE20144FA40839 713216 ----a-w- C:\WINDOWS\Sysnative\usermgr.dll 2015-11-13 08:25:16 17159DF4093B2F33B95AB9F703EA8391 796160 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll 2015-11-13 08:25:15 212E5C2C279835CBFEBF935EB0E7EC5D 16708608 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2015-11-13 08:25:12 B1622CB61E1C2166C0DEADBCDA611378 541024 ----a-w- C:\WINDOWS\Sysnative\mcupdate_GenuineIntel.dll 2015-11-13 08:25:11 EBBD7066B59D8D0C22E6F59DD22AB486 76800 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll 2015-11-13 08:25:11 A7C48B051A9C5D5054916DE5BEBBCA2D 579072 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2015-11-13 08:25:11 5A863500AB522EFA6270019D613F15F9 757760 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll 2015-11-13 08:25:11 547D2BC05916E97FC8F48CB22DD1CFA1 22322624 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2015-11-13 08:25:09 BEE5FBF5ECAEE9281023092F07F8E552 4792320 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-11-13 08:25:09 872A77BDA3B9967118659E2B195EF23F 7523840 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2015-11-13 08:25:08 78760751FBCB900F6F68CA1700DAE2DC 2675200 ----a-w- C:\WINDOWS\Sysnative\Windows.StateRepository.dll 2015-11-13 08:25:08 736BB47B4D0F66039E0AB9A7B885D0F0 3248128 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll 2015-11-13 08:25:08 63CCD4D03566A23A26E00A85452B7816 1392480 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll 2015-11-13 08:25:08 4452B7B47A0BA77457B5173D6E46776F 1083072 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2015-11-13 08:25:08 2417466C4F7DE615EFD9717CB569322F 826880 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-11-13 08:25:08 19C4F8570B675E940CFFA9DB25CBDA05 2418688 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2015-11-13 08:25:08 184EA31BE714F3B33A5E96CBE103561C 78528 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-11-13 08:25:08 0D75CBD29B38A8D9361033A6884848AF 25280 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe 2015-11-13 08:25:07 D920A8B070A9BA5C9DEFC3BA7C3883B5 145408 ----a-w- C:\WINDOWS\Sysnative\dssvc.dll 2015-11-13 08:25:07 429E7B01BBEB38EA55464918811D3373 515072 ----a-w- C:\WINDOWS\Sysnative\internetmail.dll 2015-11-13 08:25:07 02EEC53EA6C2382001A5B471F76B827B 3621248 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-11-13 08:25:06 DF84555A734BA2BDA55BCCCC47095ADD 1015808 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll 2015-11-13 08:25:06 D33C8E7B495A668F4F9740CC93AF6496 453120 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Usb.dll 2015-11-13 08:25:06 BF77FC08A7D4DC37A659561B29FA23EC 163840 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll 2015-11-13 08:25:06 6300722E8527EC54D426FD00EE5196B2 1068032 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll 2015-11-13 08:25:06 5D1F633C10EC9E00211E6C3D429AC1FB 2987520 ----a-w- C:\WINDOWS\Sysnative\esent.dll 2015-11-13 08:25:06 59BD4C7EC035B59B77A7D9CE71F1B9AE 1276416 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll 2015-11-13 08:25:06 32212C0FE0556915E763C29DEB6D267E 1423872 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll 2015-11-13 08:25:06 0D5C9E27E93AAEA3E30A1E59A7AC3DFF 1205248 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll 2015-11-13 08:25:05 E650DD63BF9C8F4369C547B72DC81888 333312 ----a-w- C:\WINDOWS\Sysnative\MusUpdateHandlers.dll 2015-11-13 08:25:05 CA7800F03BF0281D4D38E1006618E82E 627712 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll 2015-11-13 08:25:05 C6BA8ADCD2F2A626E01B20D740C5A9AF 1602560 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-11-13 08:25:05 C5890CAD6482B12ECA19E680B779560F 858408 ----a-w- C:\WINDOWS\Sysnative\winresume.exe 2015-11-13 08:25:05 AB3B184665305AD0149150DD72DB0238 576000 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-11-13 08:25:05 A92AFC8FB13ADC1CB59719B3E519C843 1294352 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2015-11-13 08:25:05 863E39BB1F8779B8A6CEEC4BA93401C2 1018568 ----a-w- C:\WINDOWS\Sysnative\winresume.efi 2015-11-13 08:25:05 7E8811597D2752736B776F15A1C8FAA6 856576 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll 2015-11-13 08:25:05 64D7B91B7D667A70782D9C76D6292C3C 980832 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi 2015-11-13 08:25:05 3DB512EC071AB5656EECA3611E24C797 752640 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll 2015-11-13 08:25:05 3CCF1EDBF6EC23174F4700E6DB3FFBDF 966416 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll 2015-11-13 08:25:05 11648E08564ECFC6CB435990261F1A34 1123400 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2015-11-13 08:25:04 F548C34A6FF655F0A716316133B4DD5D 590336 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll 2015-11-13 08:25:04 9C71FA3F776218AD2394833B8DE79031 685568 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll 2015-11-13 08:25:04 9045120B390CDA9C0C7DB93745B92554 720896 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll 2015-11-13 08:25:04 74C965E6A46F070196BDBC1CBD7DB8F8 607408 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2015-11-13 08:24:59 75051FAAA293FA5414105A2BDA6BAC05 223232 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll 2015-11-13 08:24:59 4A805F2C7EF79017D6F67441439A6B18 771072 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2015-11-13 08:24:59 230C8AEE3C7F4723ABEA09C93DF47AF3 257024 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-11-13 08:25:18 A3D96563BF46FC8A0E5756B796127D14 577888 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2015-11-13 08:25:12 D42AC03ACF9CA67693D1D9BB4D2A0BC8 116064 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys 2015-11-13 08:25:12 91756EE69E63D66F77E3B791D33F7078 459104 ----a-w- C:\WINDOWS\Sysnative\drivers\netio.sys 2015-11-13 08:25:05 0A368247A900656CC0678117DFC3A87C 498016 ----a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys 2015-10-28 18:53:31 AC64440ED4AC767EBF140F9793619E3F 52208 ----a-w- C:\WINDOWS\Sysnative\drivers\ati2erec.dll ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-11-15 09:22:00 -------- d-----w- C:\Program Files\trend micro 2015-10-28 19:00:44 -------- d-----w- C:\Program Files\ATI Technologies ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Ilse\AppData\Roaming ====== ====== C:\Users\Ilse ====== 2015-11-15 09:21:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ilse\Downloads\RSITx64.exe 2015-11-14 10:51:34 AE8A0303ACCAF7A43675677759C47A1C 1729536 ----a-w- C:\Users\Ilse\Downloads\adwcleaner_5.020.exe 2015-11-10 16:32:50 -------- d-----w- C:\ProgramData\ATI 2015-10-28 19:00:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center ====== C: exe-files == 2015-11-17 19:17:28 E592267DCDB73EDD427737A0E9934CB6 48082112 ----a-w- C:\Users\Ilse\AppData\Local\Spotify\Update\spotify_installer-1.0.18.60.g5fe0413d-290.exe 2015-11-15 09:22:00 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ilse.exe 2015-11-15 09:21:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ilse\Downloads\RSITx64.exe 2015-11-14 10:51:34 AE8A0303ACCAF7A43675677759C47A1C 1729536 ----a-w- C:\Users\Ilse\Downloads\adwcleaner_5.020.exe 2015-11-13 09:11:16 1B16795D3CB7A9FAA3FC41C56EF2966D 149184 ----a-w- C:\Users\Ilse\AppData\Local\Temp\E74A2023-8416-4521-B52F-DECE53B4E45F\DismHost.exe 2015-11-13 08:57:36 1B16795D3CB7A9FAA3FC41C56EF2966D 149184 ----a-w- C:\Users\Ilse\AppData\Local\Temp\A560202C-5861-41D7-AC1E-6CFEDA4BBCB8\DismHost.exe 2015-11-13 08:46:34 1B16795D3CB7A9FAA3FC41C56EF2966D 149184 ----a-w- C:\Users\Ilse\AppData\Local\Temp\1D73CC82-DC5E-4EE6-9807-D62147564C17\DismHost.exe 2015-11-13 08:25:18 ADDBAD6945DFB0590B053C3BB4B1C833 8020832 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-11-13 08:25:12 8EAF7D244FCBB1F33DBCD9312E2D97FF 6264688 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 2015-11-13 08:25:11 A7C48B051A9C5D5054916DE5BEBBCA2D 579072 ----a-w- C:\Windows\System32\winlogon.exe 2015-11-13 08:25:08 0D75CBD29B38A8D9361033A6884848AF 25280 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2015-11-13 08:25:05 C5890CAD6482B12ECA19E680B779560F 858408 ----a-w- C:\Windows\System32\winresume.exe 2015-11-13 08:25:05 C5890CAD6482B12ECA19E680B779560F 858408 ----a-w- C:\Windows\System32\Boot\winresume.exe 2015-11-13 08:25:05 AC9DBC3DCA6F57839B8056D6B6835CB3 780640 ----a-w- C:\Windows\Boot\PCAT\memtest.exe 2015-11-13 08:25:05 55C29E89E33C6B7B5F0A22D46130C10C 624480 ----a-w- C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe 2015-11-13 08:25:05 11648E08564ECFC6CB435990261F1A34 1123400 ----a-w- C:\Windows\System32\winload.exe 2015-11-13 08:25:05 11648E08564ECFC6CB435990261F1A34 1123400 ----a-w- C:\Windows\System32\Boot\winload.exe 2015-11-13 08:25:04 74C965E6A46F070196BDBC1CBD7DB8F8 607408 ----a-w- C:\Windows\System32\fontdrvhost.exe 2015-11-13 08:25:03 4F5230393F48421846F1EEC44F98148B 539728 ----a-w- C:\Windows\SysWOW64\fontdrvhost.exe === C: other files == 2015-11-13 08:25:18 A3D96563BF46FC8A0E5756B796127D14 577888 ----a-w- C:\Windows\System32\drivers\afd.sys 2015-11-13 08:25:17 378FB144F13D0FB94A5794C3D104AD2C 1383936 ----a-w- C:\Windows\System32\win32kbase.sys 2015-11-13 08:25:17 34E38B59C1AF16BE0531A72326CF144C 3587072 ----a-w- C:\Windows\System32\win32kfull.sys 2015-11-13 08:25:12 D42AC03ACF9CA67693D1D9BB4D2A0BC8 116064 ----a-w- C:\Windows\System32\drivers\tdx.sys 2015-11-13 08:25:12 91756EE69E63D66F77E3B791D33F7078 459104 ----a-w- C:\Windows\System32\drivers\netio.sys 2015-11-13 08:25:05 0A368247A900656CC0678117DFC3A87C 498016 ----a-w- C:\Windows\System32\drivers\usbhub.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3298537341-875879834-1357718131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent" "BitTorrent"="C:\Users\Ilse\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" "OneDrive"="C:\Users\Ilse\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify Web Helper"="C:\Users\Ilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Ilse\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" "avgnt"="C:\Program Files (x86)\Avira\Antivirus\avgnt.exe /min" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent" "BitTorrent"="C:\Users\Ilse\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" "OneDrive"="C:\Users\Ilse\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify Web Helper"="C:\Users\Ilse\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Ilse\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "Samsung Link"="C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 35.0.1916.114 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] {scripts [background.js]}content_scripts:[{js:[content.js]matches:[]run_at:document_end}]content_security_policy:script-src 'self' 'unsafe-eval' https://gravityspace-a.akamaihd.net https://gravityspace-a.akamaihd.net https://cdn.gravityspace.net; object-src 'self'description:homepage_url:http://www.gravityspace.neticons:{48:icon.png}key:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5I3+1Rf/vGBR3IsGTVph8ulK+LCZN0Huja59hzNeJGWm5YsO7feX93dSRmXWWLBMiythFEdgh0uNpOwlJN98afdPMK998HSI/NYCAa1FEKd+KGlrjvZblVxKSb8JX2zX5YlpSkAtXLHEjWWYatbx7JmmSt++dszdOtQkxFg84adcreBgb1CpHBxwuQ3Ngzn0yF0/tkVBsow0L33lgC7bkW2kqN30lRX9N7hzGlqsf4VRQ+/dlZ1txq6d+Jo++ANsl44gW/uksB+4BRqiyR58LDFlFe48qmvJJ6XQqMDf94Ez1YQ5bmtpsP6kzo7Y/YotjVfLkpmcqTVD/G3HdJ0QGwIDAQABmanifest_version:2name:Gravity Spacepermissions:[managementstoragetabswebRequestwebRequestBlocking]update_url:http://cdn.gravityspace.net/updateversion:1.0.5696.29977} - Ilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejncjppdnhkbnooppigldeocimdeodnf ==== Chromium Startpages ====================== C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.oursurfing.com/?type=hp&ts=1439113070&z=963fbcd33b54434d6ce9a88g7z3cat2g5gbc7e2b4g&from=dig2&uid=WDCXWD7500AZEX-00RKKA0_WD-WMC1S021549715497", "startup_urls": [ "http://www.oursurfing.com/?type=hp&ts=1439113070&z=963fbcd33b54434d6ce9a88g7z3cat2g5gbc7e2b4g&from=dig2&uid=WDCXWD7500AZEX-00RKKA0_WD-WMC1S021549715497" ], ==== Chromium Fix ====================== C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_gravityspace-a.akamaihd.net_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_gravityspace-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.6min.today_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.6min.today_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dealsandcoupons-net2.com_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dealsandcoupons-net2.com_0.localstorage-journal deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejncjppdnhkbnooppigldeocimdeodnf deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejncjppdnhkbnooppigldeocimdeodnf_0.localstorage deleted successfully C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejncjppdnhkbnooppigldeocimdeodnf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://search.avira.net/#web/result?source=art&q=" "Search Bar"="http://www.google.com/ie" "Search Page"="http://www.google.com" "First Home Page"="http://www.google.com" "Default_Search_URL"="https://search.avira.net/#web/result?source=art&q=" "Default_Page_URL"="https://search.avira.net/#web/result?source=art&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="https://search.avira.net/#web/result?source=art&q=" "Default_Search_URL"="https://search.avira.net/#web/result?source=art&q=" "Search Page"="https://search.avira.net/#web/result?source=art&q=" "Start Page"="https://search.avira.net/#web/result?source=art&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="https://search.avira.net/#web/result?source=art&q=" "Default_Search_URL"="https://search.avira.net/#web/result?source=art&q=" "Search Page"="https://search.avira.net/#web/result?source=art&q=" "Start Page"="https://search.avira.net/#web/result?source=art&q=" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "First Home Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="https://search.avira.net/#web/result?source=art&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" HKCU\SearchScopes "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ilse\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ilse\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Ilse\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=358 folders=77 76452938 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Ilse\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\Bonjour" not found ==== EOF on di 17-11-2015 at 22:10:45,55 ======================