Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Michael on wo 01/06/2016 at 10:03:18,77. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-05-31-201125.log 21907 bytes ==== System Restore Info ====================== 1/06/2016 10:04:51 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\VIA_XHCI\usb3Monitor.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe D:\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AcrSch2Svc] - Acronis Scheduler2 Service - c:\program files (x86)\common files\acronis\schedule2\schedul2.exe R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [afcdpsrv] - Acronis Nonstop Backup Service - c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe R2 - [CmdAgent] - COMODO Internet Security Helper Service - c:\program files\comodo\comodo internet security\cmdagent.exe R2 - [EPSON_EB_RPCV4_01] - EPSON V5 Service4(01) - c:\programdata\epson\epw!3 ssrp\e_s40stb.exe R2 - [EPSON_PM_RPCV4_01] - EPSON V3 Service4(01) - c:\programdata\epson\epw!3 ssrp\e_s40rpb.exe R2 - [MemeoBackgroundService] - MemeoBackgroundService - c:\program files (x86)\memeo\autobackup\memeobackgroundservice.exe R2 - [PURE Flow Server] - PURE Flow Server - c:\program files (x86)\pure flow server\twonkymediaserverwatchdog.exe R2 - [ss_conn_service] - SAMSUNG Mobile Connectivity Service - c:\program files (x86)\samsung\usb drivers\27_ssconn\conn\ss_conn_service.exe R2 - [syncagentsrv] - Acronis Sync Agent Service - c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe R2 - [WDDriveService] - WD Drive Manager - c:\program files (x86)\western digital\wd drive manager\wddriveservice.exe R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [cmdvirth] - COMODO Virtual Service Manager - c:\program files\comodo\comodo internet security\cmdvirth.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\Partner not found ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3562 MB CPU Info: AMD A8-5500 APU with Radeon(tm) HD Graphics CPU Speed: 3210,4 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon HD 7560D + 7670 Dual Graphics | AMD Radeon HD 7560D + 7670 Dual Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-216BB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 237,4GB | D: 629,9GB | Y: 250,6GB | Z: 50,0GB Hard Disks - Free: C: 175,0GB | D: 514,7GB | Y: 200,2GB | Z: 27,0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/09/12 | MEDION - 11112011 Time Zone: Romance (standaardtijd) Motherboard *: MEDION MS-7800 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall *Disabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} Internet Explorer Version: 11.0.9600.18314 Mozilla Firefox version: 46.0.1 (x86 nl) Google Chrome version: 51.0.2704.63 Adobe Reader version: 11.0.16.13 Sun Java version: 1.8.0_91 (32-bit) Sun Java version: 1.8.0_91 (64-bit) Flash Player version: 21.0.0.242 Shockwave Player version: 12.2.4r194 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Michael\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-05-14 12:11:38 4371705697BBB2CAA7C7523058109CE9 264936 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2016-05-14 12:11:38 3A9D7D464BDB3B70D7ECF689ADABBD4D 986344 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2016-05-14 12:10:43 C08CCCE2BE68D04E6C142614736959DA 154344 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-05-14 12:10:43 8308FC2E9147D7632221E3279BB14660 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-05-14 12:10:43 6474F8823C7188D2DA579F01FB6CED6B 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-05-14 12:10:43 1F8DA4ECAEA7E2BCD97E738795817431 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-05-14 12:10:43 0878723427BA190E5ABA5AA0112FA4D4 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-05-14 12:10:43 035C0A9A63DF3F3A52B90D8F6BF0F166 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-05-31 16:00:22 -------- d-----w- C:\Program Files\trend micro 2016-05-30 14:08:06 -------- d-----w- C:\Program Files\WDCSAM ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Michael\AppData\Roaming ====== 2016-05-30 19:22:19 -------- d-----w- C:\Users\Michael\AppData\Local\ESET ====== C:\Users\Michael ====== ====== C: exe-files == 2016-05-31 16:00:22 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Michael.exe 2016-05-30 19:22:37 5A8A8851E277577D82EE742BC1AA41C7 6858912 ----a-w- C:\Users\Michael\AppData\Local\ESET\ESETOnlineScanner\esetonlinescanner_enu_upd.exe 2016-05-26 06:16:21 FA34E3A8FF05F69B2EDEA72438E7FFFF 454144 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe 2016-05-26 06:16:21 DAE5C698C08E4FDFB052D4A2B05FAF2B 358400 ----a-w- C:\Windows\System32\GWX\GWXDetector.exe 2016-05-26 06:16:21 A93954A96CC7B19F88C8211A88E5949A 421488 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe 2016-05-26 06:16:21 7003287A5032A3AF1CCF1B9A6FFAA057 534016 ----a-w- C:\Windows\System32\GWX\GWX.exe 2016-05-26 06:16:21 5A1761A6B80DFA60523A0A1850E214EC 755200 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe 2016-05-26 06:16:21 246CE916C4EB466C436EFB2E1827C7B6 119296 ----a-w- C:\Windows\System32\GWX\GWXUX.exe 2016-05-25 18:35:40 B6006C521621E1EB34C22671D3A92C97 12803672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.63\51.0.2704.63_50.0.2661.102_chrome_updater.exe === C: other files == 2016-06-01 00:25:58 0B28E9A8A36FD0718C261E7D19256852 4870 ----a-w- C:\Users\Michael\AppData\Local\Temp\xpi\tmp.zip ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3281580978-1972669021-3677266868-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "VIAxHCUtl"="C:\VIA_XHCI\usb3Monitor.exe" "COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Michael\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Michael\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PURE FlowServer Tray Control.lnk] "item"="PURE FlowServer Tray Control" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PURE FlowServer Tray Control.lnk" "backup"="C:\\Windows\\pss\\PURE FlowServer Tray Control.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\PUREFL~1\\TWONKY~2.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2016 13:12] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 15:41] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 15:41] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1460499630" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\Windows\SysNative\tasks\{683D24B5-3D25-4FA8-8BF2-45D4990F1D1D}" [C:\Program Files (x86)\CoolPro\coolpro.exe] "C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\Windows\SysNative\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"] "C:\Windows\SysNative\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\SysNative\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-01-25 19:14:59 -------- d-----w- C:\PROGRA~3\G DATA ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5x1neyqd.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.selectedEngine", "Google (avast)"); user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2016 21:56] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [29/04/2016 21:56] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5x1neyqd.default 8CE35D76726DFC8C3848BB26B3C79A54 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll - Shockwave for Director / Shockwave for Director 258693279212838A6A879A69A17BE215 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Comodo DragDrop Service - Michael\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo Comodo Web Inspector - Michael\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn Comodo Share Page Service - Michael\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf Google Wallet - Michael\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Web Store Payments - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.aldi.com/" "Default_Page_URL"="http://www.aldi.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.aldi.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{177E3AFC-D91C-42BE-9FB1-431D57B668B6}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{177E3AFC-D91C-42BE-9FB1-431D57B668B6} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - (no file) O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6491D85E-5C53-4B8A-A763-B33FC43E2128}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{88246C3E-2A13-4974-83C9-CA57F3D4EDA5}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{6491D85E-5C53-4B8A-A763-B33FC43E2128}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{6491D85E-5C53-4B8A-A763-B33FC43E2128}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS3\Services\Tcpip\..\{6491D85E-5C53-4B8A-A763-B33FC43E2128}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe O23 - Service: devolo Network Service (DevoloNetworkService) - devolo AG - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PURE Flow Server - Unknown owner - C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Michael\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=17 folders=5 3034792 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Michael\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Michael\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 01/06/2016 at 12:50:51,08 ======================