Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Gurdius on do 05/05/2016 at 0:52:27,86. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gurdius\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 5/05/2016 0:52:51 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\PROGRA~3\Synology deleted successfully C:\Users\Gurdius\AppData\Local\ActiveSync deleted successfully C:\Users\Gurdius\AppData\Local\CrashDumps deleted successfully C:\Users\Gurdius\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe C:\Program Files (x86)\Steam\bin\steamwebhelper.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Gurdius\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe R2 - [Killer Service V2] - Killer Service V2 - c:\program files\killer networking\network manager\killerservice.exe R2 - [LogiRegistryService] - Logitech Gaming Registry Service - c:\program files\logitech gaming software\drivers\aposervice\logiregistryservice.exe R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe R2 - [Razer Chroma SDK Service] - Razer Chroma SDK Service - c:\program files (x86)\razer chroma sdk\bin\rzsdkservice.exe R2 - [Razer Game Scanner Service] - Razer Game Scanner - c:\program files (x86)\razer\razer services\gss\gamescannerservice.exe R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe R2 - [TeamViewer] - TeamViewer 11 - c:\users\public\temp\teamviewer\teamviewer_service.exe R2 - [UsbClientService] - UsbClientService - c:\program files (x86)\synology\assistant\usbclientservice.exe R2 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [NvStreamNetworkSvc] - NVIDIA Streamer Network Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe R3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe R3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 32614 MB CPU Info: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz CPU Speed: 3992,5 MHz Sound Card: Luidsprekers (Logitech G930 Gam | 2757M-8 (NVIDIA High Definition | Realtek Digital Output (Realtek | Realtek Digital Output(Optical) | 2757M-0 (NVIDIA High Definition | Display Adapters: NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 Monitors: 2x; AOC 2757 | AOC 2757 | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Killer E2200 Gigabit Ethernet Controller CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH24NSC0 Ports: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 476,2GB | E: 213,4GB | F: 223,0GB | G: 208,5GB | H: 718,1GB | I: 500,0GB Hard Disks - Free: C: 385,3GB | E: 35,0GB | F: 217,7GB | G: 58,4GB | H: 197,6GB | I: 378,0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/30/14 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Gigabyte Technology Co., Ltd. Z97X-Gaming 7 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Internet Explorer Version: 11.212.10586.0 Google Chrome version: 50.0.2661.94 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Gurdius\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-05-03 04:03:52 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2016-05-03 04:03:33 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2016-05-03 04:03:33 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2016-05-03 04:03:33 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2016-04-12 23:05:40 3B866F8CB10719A5AF9E410B1B149714 605440 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-04-12 23:05:39 19BD8A88AAC580592668B070AC0727D9 2152280 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2016-04-12 23:05:30 63C3F74DC398A1C1A77E39DFB9C312CA 1089888 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2016-04-12 23:05:23 083A727D784009F9CCFB120C7841B7AF 2403680 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-04-12 23:05:21 28B8E1C6CBCF9FFE2FABFF3160C26ADF 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys 2016-04-12 23:05:20 9E9D58F5E1702955B2F4D62996F80E8E 378208 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2016-04-12 23:05:18 E582DA849A58524E645545FB68B6625D 1152864 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2016-04-12 23:05:16 935823F79CBEDB91637B63D37E3A5A36 148480 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2016-04-12 23:05:12 B24408471C1BCB17FC44F5B47EA8DEA3 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2016-04-12 23:05:12 AA4CD20708B7E0412A5316D7E2875103 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2016-04-12 23:05:11 8359F776CA899E761852F2293B724EAE 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2016-04-12 23:05:11 2BC2E99623119521EEF7910A11D0FDE0 694784 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys 2016-04-12 23:05:04 249A563C48DFD9E42A37587653E003BB 83968 ----a-w- C:\WINDOWS\Sysnative\drivers\serial.sys 2016-04-12 23:05:02 0731E8F4D8D3B8D3FD98A46A8ABFE0A0 333824 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys 2016-04-12 23:04:59 DA0807D87A62D076C29C4E30F1E84F46 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys 2016-04-12 00:13:12 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ====== C:\WINDOWS\Tasks ====== 2016-05-03 22:50:13 12C035747A6892DF3A800496C4423CA5 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-05-03 21:18:51 -------- d-----w- C:\Program Files\trend micro 2016-05-03 04:23:29 -------- d-----w- C:\Program Files\Speccy 2016-04-25 18:09:25 -------- d-----w- C:\Program Files\Handbrake ======= C:\PROGRA~2 ===== 2016-05-02 23:45:05 -------- d-----w- C:\PROGRA~2\Plex 2016-05-02 20:17:30 -------- d-----w- C:\PROGRA~2\Overwatch 2016-05-02 17:47:34 -------- d-----w- C:\PROGRA~2\Battle.net 2016-04-25 16:41:35 -------- d-----w- C:\PROGRA~2\Synology 2016-04-07 02:59:48 -------- d-----w- C:\PROGRA~2\Webteh ======= C: ===== ====== C:\Users\Gurdius\AppData\Roaming ====== 2016-05-03 22:49:31 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2016-05-03 04:03:20 -------- d-----w- C:\Users\Gurdius\AppData\Local\Programs 2016-05-02 23:45:13 -------- d-----w- C:\Users\Gurdius\AppData\Local\Plex Media Server 2016-05-02 17:48:04 -------- d-----w- C:\Users\Gurdius\AppData\Local\Blizzard Entertainment 2016-05-02 17:47:58 -------- d-----w- C:\Users\Gurdius\AppData\Local\Battle.net 2016-04-25 22:27:10 -------- d-----w- C:\Users\Gurdius\AppData\Local\TeamViewer 2016-04-25 18:09:26 -------- d-----w- C:\Users\Gurdius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2016-04-20 21:49:49 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow 2016-04-18 16:05:25 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing 2016-04-18 02:24:18 65E102527AFA75EE98C540AD79DFD7E7 210592 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat ====== C:\Users\Gurdius ====== 2016-05-03 21:17:55 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gurdius\Downloads\RSITx64.exe 2016-05-03 04:23:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-05-03 04:23:13 024542793EF5B061EA2AE16D991D2DD3 4845384 ----a-w- C:\Users\Gurdius\Downloads\spsetup125.exe 2016-05-02 23:45:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2016-05-02 23:43:56 A03F81D437159CF25E76B99907802A45 105213528 ----a-w- C:\Users\Gurdius\Desktop\Plex-Media-Server-0.9.1606.1993-5089475-en-US.exe 2016-05-02 20:24:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch 2016-05-02 17:47:58 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2016-05-02 17:47:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2016-05-02 17:46:34 -------- d-----w- C:\ProgramData\Battle.net 2016-04-25 22:26:06 -------- d-----w- C:\Users\Public\temp 2016-04-25 16:41:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology 2016-04-25 16:41:28 AD4BE045294AC7703752B6D966148DEC 8612824 ----a-w- C:\Users\Gurdius\Documents\SynologyAssistantSetup-6.0-7319.exe 2016-04-07 03:03:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player ====== C: exe-files == 2016-05-03 21:18:51 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gurdius.exe 2016-05-03 21:17:55 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gurdius\Downloads\RSITx64.exe 2016-05-03 21:17:46 8CC60B2EFD0ACCFB361B3DA9552F329A 3378720 ----a-w- C:\Users\Gurdius\AppData\Local\NVIDIA\NvBackend\Packages\000089fc\vops-overwatch.20674572.exe 2016-05-03 21:17:37 AF51CE0C04CA81CBC3E445FA5FE6D10E 630344 ----a-w- C:\Users\Gurdius\AppData\Local\NVIDIA\NvBackend\Packages\00008a6d\CoProc update.20715120.exe 2016-05-03 21:17:37 247C2F258801253743B7AC38E83DE5E3 7834992 ----a-w- C:\Users\Gurdius\AppData\Local\NVIDIA\NvBackend\Packages\00008a68\DAO.20712679.exe 2016-05-03 21:16:42 81B8CAEFA11E5DF6C86FEAABA1A3FB33 130 ----a-w- C:\$Recycle.Bin\S-1-5-21-1270815998-3783385619-458173336-1001\$IDAUNOI.exe 2016-05-03 21:16:42 03F47BE2AA5210EE1A25EFA29E979700 108 ----a-w- C:\$Recycle.Bin\S-1-5-21-1270815998-3783385619-458173336-1001\$I6VAYOY.exe 2016-05-03 04:23:13 024542793EF5B061EA2AE16D991D2DD3 4845384 ----a-w- C:\Users\Gurdius\Downloads\spsetup125.exe 2016-05-03 04:12:53 56427CD7A2529AEAB14A7FEA8F945554 6882192 ----a-w- C:\$Recycle.Bin\S-1-5-21-1270815998-3783385619-458173336-1001\$R6VAYOY.exe 2016-05-03 04:03:13 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\$Recycle.Bin\S-1-5-21-1270815998-3783385619-458173336-1001\$RDAUNOI.exe 2016-05-03 02:06:38 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Windows\Temp\EA435469-1D94-4BAD-874C-460CF7D9CD54\DismHost.exe 2016-05-02 23:43:56 A03F81D437159CF25E76B99907802A45 105213528 ----a-w- C:\Users\Gurdius\Desktop\Plex-Media-Server-0.9.1606.1993-5089475-en-US.exe 2016-05-02 20:24:29 67718A0D85CC021AE0BB044778225E00 335920 ----a-w- C:\Program Files (x86)\Overwatch\ErrorReporting\x86\BlizzardError.exe 2016-05-02 20:24:28 860A67B3B3F6AF3445F4AE838015433F 254464 ----a-w- C:\Program Files (x86)\Overwatch\ErrorReporting\x64\CrashMailer_64.exe 2016-05-02 20:24:23 5EDDEFECA544B6472C5CD52BE63BC02F 2973744 ----a-w- C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe 2016-05-02 20:24:21 31D2AAA2F8181D662DD9C2F7423802A2 27368936 ----a-w- C:\Program Files (x86)\Overwatch\Overwatch.exe 2016-05-02 18:56:07 37D06E2CF9E6701FD9CAE82441BD019B 1186968 ----a-w- C:\Windows\Temp\CR_ADFE1.tmp\setup.exe 2016-05-02 18:56:07 0561FDEF6367121744D8FF7516BD3EE4 8521304 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.94\50.0.2661.94_49.0.2623.112_chrome_updater.exe 2016-05-02 17:47:47 83807F69F54D52681D72726B9F150A30 10272744 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net.exe 2016-05-02 17:47:45 3522F489EC88688E129AC52C086F894C 1334760 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe 2016-05-02 17:47:43 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files (x86)\Battle.net\BlizzardError.exe 2016-05-02 17:47:42 DB0EBF4C20EB471017B5DBA283C382AF 2064432 ----a-w- C:\Program Files (x86)\Battle.net\SystemSurvey.exe 2016-05-02 17:47:36 A035B7B52734B362B1B73E1B59DE9554 3006952 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe 2016-05-02 17:47:36 209A336A048FB9929AD8354554B5D493 405480 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.exe 2016-05-02 17:46:58 32EAF9CA942A723DE9BB3E4B4B2AEA2C 4397544 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.4922\Agent.exe 2016-05-02 17:46:46 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\ProgramData\Battle.net\Agent\BlizzardError.exe 2016-05-02 17:46:45 E589CA68E70D8821ACC5717F68FB0438 1420264 ----a-w- C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe 2016-05-02 17:46:45 D0EB6DE349FC86D8947A95FB7299A567 405480 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.exe 2016-05-02 17:46:45 557887B5EABD6B2A353EAC3698A696B3 4349928 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.4791\Agent.exe 2016-05-02 16:10:10 28B3FBB95E3AFA5C95B1217BFBB0ED04 779704 ----a-w- C:\Users\Gurdius\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-05-02 16:10:06 C9FBDF0FBE1DF06DA161DFCF53CF9012 322488 ----a-w- C:\Users\Gurdius\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-04-28 23:37:52 0DB3F3A518C764250C7878C34B8D1FE3 1581048 ----a-w- C:\Users\Gurdius\AppData\Local\Google\Chrome\User Data\SwReporter\6.48.6\software_reporter_tool.exe === C: other files == 2016-05-03 04:23:32 D74D202646E5A6D0D2C4207E1F949826 25320 ----a-w- C:\Users\Gurdius\AppData\Local\Temp\cpuz136\cpuz136_x64.sys 2016-05-03 04:03:52 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-05-03 04:03:33 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys 2016-05-03 04:03:33 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-05-03 04:03:33 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1270815998-3783385619-458173336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-1270815998-3783385619-458173336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [13/02/2016 14:56] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/04/2016 20:50] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/04/2016 20:50] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-02-13 13:29:13 -------- d-----w- C:\PROGRA~3\USOShared 2016-02-13 13:34:23 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2016-04-04 17:11:23 -------- d-sh--we C:\PROGRA~3\Bureaublad 2016-04-04 17:11:23 -------- d-sh--we C:\PROGRA~3\Documenten 2016-04-04 17:11:23 -------- d-sh--we C:\PROGRA~3\Menu Start 2016-04-04 17:11:23 -------- d-sh--we C:\PROGRA~3\Sjablonen 2016-04-04 17:44:47 -------- d-----w- C:\PROGRA~3\Downloaded Installations 2016-04-04 17:45:01 -------- d-----w- C:\PROGRA~3\Killer 2016-04-04 18:44:29 -------- d-----w- C:\PROGRA~3\Razer 2016-04-04 18:45:21 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation 2016-04-04 18:45:26 -------- d-----w- C:\PROGRA~3\NVIDIA 2016-04-04 18:48:13 -------- d-sh--we C:\PROGRA~3\Application Data 2016-04-04 19:08:25 -------- d-----w- C:\PROGRA~3\LogiShrd 2016-04-04 19:45:38 -------- d-----w- C:\PROGRA~3\Riot Games 2016-05-02 17:46:34 -------- d-----w- C:\PROGRA~3\Battle.net 2016-05-02 17:47:58 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment 2016-05-03 04:03:33 -------- d-----w- C:\PROGRA~3\Malwarebytes ==== Chromium Look ====================== Google Slides - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Sheets - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Descarga DEADPOOL 2016 HD MEGA - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehbanhjmnljidpcbacnnilgidgbkbfi Video Converter - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne Chrome Web Store Payments - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gurdius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gurdius\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Global Startup: Killer Network Manager.lnk = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: UsbClientService - Unknown owner - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gurdius\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gurdius\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gurdius\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Gurdius\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gurdius\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=27 folders=27 133816065 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Gurdius\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 05/05/2016 at 1:00:37,76 ======================