Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by computer on za 02-07-2016 at 18:36:40,06. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\computer\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 2-7-2016 18:39:55 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Users\computer\AppData\Local\ActiveSync deleted successfully C:\Users\computer\AppData\Local\NetworkTiles deleted successfully C:\Users\computer\AppData\Local\VirtualStore deleted successfully C:\Users\hfm32\AppData\Local\ActiveSync deleted successfully C:\Users\hfm32\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe C:\WINDOWS\SysWOW64\spdsvc.exe C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\computer\AppData\Local\Viber\Viber.exe C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Users\computer\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe R2 - [ApHidMonitorService] - Alps HID Monitor Service - c:\program files\apoint2k\hidmonitorsvc.exe R2 - [Unchecky] - Unchecky - c:\program files (x86)\unchecky\bin\unchecky_svc.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [Garmin Device Interaction Service] - Garmin Device Interaction Service - c:\program files (x86)\garmin\device interaction service\garminservice.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3913 MB CPU Info: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz CPU Speed: 2295,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8E1 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 443,5GB Hard Disks - Free: C: 373,5GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer VA70_HC Country: Nederland Language: NLD ==== System Specs (Software) ====================== Internet Explorer Version: 11.420.10586.0 Google Chrome version: 51.0.2704.103 Adobe Reader version: 15.16.20045.188096 Flash Player version: 22.0.0.192 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-07-01 19:48:31 7EFB1577EFBD72521E670188AA546C7D 53208 ----a-w- C:\WINDOWS\avastSS.scr 2016-06-14 20:10:39 E15BEB03592BA12C5C99E2BA46146BDD 4515264 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\computer\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-07-01 19:48:49 4E118AC95A15BD14B8C1E49C5B4CD79B 390984 ----a-w- C:\WINDOWS\Sysnative\aswBoot.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2016-07-01 19:49:14 DF190688D993A3DB227BFB0BB40BD7D4 103064 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDD5E.tmp 2016-07-01 19:49:14 D873455DFA27680585AE238503917DF5 74544 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDD90.tmp 2016-07-01 19:49:14 BA4CDCD8C0395E91C38CD2C5CE3E7FA2 287528 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDDA1.tmp 2016-07-01 19:49:14 A371A06EC8F4830C263D3F5CA5A11B65 1070904 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDD3D.tmp 2016-07-01 19:49:14 6B7F6CE19A16240EE9DE2C528897ED9C 465792 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDD91.tmp 2016-07-01 19:49:14 3575F9226251DE48E065ED5C384A21EF 166432 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDDA2.tmp 2016-07-01 19:49:14 33D0DD0471FDF449C81338863FC63978 107792 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDD7F.tmp 2016-07-01 19:49:14 1694434F5B9AB16772C7A8E2EF9134CA 37656 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDD6E.tmp 2016-07-01 19:49:13 786E8BCDFF674068F3C950615FC2E71C 37144 ----a-w- C:\WINDOWS\Sysnative\drivers\aswDCEE.tmp 2016-06-14 20:10:46 3996DF4D52FD6273750C7033D1447C0A 31744 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsdport.sys 2016-06-14 20:10:36 8B83335B6A86F39785FC7C9DE5F5B29F 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-06-14 20:10:30 425CFD45BDF5B9F8B790BEB20E0A8721 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-06-14 20:10:25 C03E926B0E7D66D68994067231DC3246 278528 ----a-w- C:\WINDOWS\Sysnative\drivers\netbt.sys 2016-06-14 20:10:25 2568B86F6A50D254324CB89022CA9EFC 690176 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2016-06-14 20:10:24 CF78AF126B00C1B0A6FF45BD838E8EFE 331616 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-06-14 20:10:22 BE88248427A6AA548A904FD867667F70 406528 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys 2016-06-14 20:10:22 3F7C80D9F16B94367646CBF8B8C052F4 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-06-14 20:10:19 8E9E48E4BC6EACB811FE6066ADACC7A5 577376 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-06-14 20:10:18 87B9ABB965F7AF987D52791F0DD1663D 211296 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2016-06-14 20:10:17 6E520D6B16EA8AE23D1F81C1194F00C8 237056 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2016-06-14 20:10:16 D330D74B5F99309B5CCA30AE41C57CDE 118624 ----a-w- C:\WINDOWS\Sysnative\drivers\partmgr.sys 2016-06-14 20:10:15 05DD22294A4F3F89E52351C7721E6D2C 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys 2016-06-14 20:10:13 883A36E2FF7FA3E1281CB575579FE3AF 124928 ----a-w- C:\WINDOWS\Sysnative\drivers\Ndu.sys 2016-06-14 20:10:12 FFB773E4AA55E4F5FBBB084B41D7A86F 954368 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-06-14 20:10:12 020F3FD207AFEDAC8E05E4C567547A78 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2016-06-14 20:10:09 BE265ABFB467BBAC8C73A55AD94F4216 84992 ----a-w- C:\WINDOWS\Sysnative\drivers\BTHUSB.SYS 2016-06-14 20:10:09 3C7DE7B7CAD633CD2DA07710BC17361C 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\bthenum.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\computer\AppData\Roaming ====== 2016-06-30 05:55:38 -------- d-----w- C:\Users\computer\AppData\Local\Viber ====== C:\Users\computer ====== 2016-07-02 14:36:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\computer\Downloads\RSITx64.exe ====== C: exe-files == 2016-07-02 14:36:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\computer\Downloads\RSITx64.exe 2016-07-01 19:48:49 4E118AC95A15BD14B8C1E49C5B4CD79B 390984 ----a-w- C:\Windows\System32\aswBoot.exe 2016-06-30 05:55:52 7702959B378203E98ED340FD83CA160B 71876176 ----a-w- C:\Users\computer\AppData\Local\Viber\Viber.exe 2016-06-30 05:55:51 4A4147FABE703046D15B86DF6D165FED 19024 ----a-w- C:\Users\computer\AppData\Local\Viber\QtWebEngineProcess.exe 2016-06-30 05:55:45 724C7A719239C0A08B34C7030998B81C 544336 ----a-w- C:\Users\computer\AppData\Local\Viber\updater.exe 2016-06-29 21:21:35 F56F4BE771DCE9ECBBC0954D39DF660E 544336 ----a-w- C:\Users\computer\AppData\Roaming\ViberPC\6.1.1.2\6.1.1.2\updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Google Update"="C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Viber"="C:\Users\computer\AppData\Local\Viber\Viber.exe StartMinimized" "ToolwizTimeFreeze"="C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe -autorun" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Google Update"="C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Viber"="C:\Users\computer\AppData\Local\Viber\Viber.exe StartMinimized" "ToolwizTimeFreeze"="C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe -autorun" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [17-06-2016 18:48] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-03-2016 16:35] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-03-2016 16:35] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001Core.job --a-------- C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [20-03-2016 15:17] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001UA.job --a-------- C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [20-03-2016 15:17] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001Core" [C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001UA" [C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1462020770" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{64FA7FC7-198A-438F-BD7F-E3A1CD13457E}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-03-20 12:15:02 -------- d-----w- C:\PROGRA~3\regid.1991-06.com.microsoft 2016-03-20 12:15:02 -------- d-----w- C:\PROGRA~3\USOPrivate 2016-03-20 12:15:02 -------- d-s---w- C:\PROGRA~3\Microsoft 2016-03-20 12:45:19 -------- d-----w- C:\PROGRA~3\USOShared 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Application Data 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Bureaublad 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Documenten 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Menu Start 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Sjablonen 2016-03-20 13:00:43 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2016-03-20 13:10:18 -------- d-----w- C:\PROGRA~3\Trusteer 2016-03-20 13:12:59 -------- d-----w- C:\PROGRA~3\Samsung 2016-03-20 13:14:55 -------- d-----w- C:\PROGRA~3\Malwarebytes 2016-03-20 14:08:38 -------- d-----w- C:\PROGRA~3\AVAST Software 2016-03-20 18:13:17 -------- d-----w- C:\PROGRA~3\Adobe 2016-03-24 13:08:15 -------- d-----w- C:\PROGRA~3\boost_interprocess 2016-03-30 12:14:34 -------- d-----w- C:\PROGRA~3\NortonInstaller 2016-03-30 13:18:18 -------- d-----w- C:\PROGRA~3\Norton 2016-04-08 13:27:01 -------- d-----w- C:\PROGRA~3\Unchecky 2016-05-26 12:19:01 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe 2016-05-31 13:06:12 -------- d-----w- C:\PROGRA~3\Garmin ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [01-07-2016 21:48] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [26-05-2016 14:16] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30-04-2016 14:48] Google Slides - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Norton Home Page for Chrome - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe Google Sheets - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Norton Safe Search as default for Chrome - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl Chrome Web Store Payments - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sear ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Viber] "C:\Users\computer\AppData\Local\Viber\Viber.exe" StartMinimized O4 - HKCU\..\Run: [ToolwizTimeFreeze] "C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe" -autorun O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: @oem2.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\Apoint2K\HidMonitorSvc.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\WINDOWS\system32\\spdsvc.exe O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\hfm32\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\hfm32\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\hfm32\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=503 folders=83 263775268 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\computer\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 02-07-2016 at 19:13:51,40 ======================