Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by van la Parra on do 14-07-2016 at 9:34:34,88. Microsoft Windows 10 Pro 10.0.10586 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\van la Parra\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-07-13-150633.log 21010 bytes C:\zoek-results2016-07-13-161023.log 17257 bytes ==== Empty Folders Check ====================== C:\Users\van la Parra\AppData\Local\ActiveSync deleted successfully C:\Users\van la Parra\AppData\Local\PeerDistRepub deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Users\van la Parra\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3319 MB CPU Info: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz CPU Speed: 1847,0 MHz Sound Card: Not detected Display Adapters: Microsoft Basic Display Driver Monitors: 1x; Screen Resolution: 1024 X 768 - 32 bit Network: Network Present Network Adapters: Intel(R) PRO/100 VE Network Connection CD / DVD Drives: 1x (I: | ) I: TSSTcorpCD/DVDW TS-H653L Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 259,7GB | D: 205,1GB Hard Disks - Free: C: 219,2GB | D: 163,2GB Manufacturer *: Phoenix Technologies, LTD BIOS Info: AT/AT COMPATIBLE | 05/25/07 | HPQOEM - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: MSI 0A90 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Internet Explorer Version: 11.420.10586.0 Mozilla Firefox version: 47.0.1 (x86 en-US) Adobe Reader version: 15.17.20050.192152 Flash Player version: 22.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-07-02 12:47:25 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\winstart.bat 2016-06-14 19:54:43 E15BEB03592BA12C5C99E2BA46146BDD 4515264 ----a-w- C:\Windows\explorer.exe ====== C:\Users\VANLAP~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-07-02 12:47:25 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\SysWOW64\CONFIG.NT 2016-07-02 12:47:25 81051BCC2CF1BEDF378224B0A93E2877 2 --shatr- C:\Windows\SysWOW64\AUTOEXEC.NT ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-06-28 19:40:16 07F83829E7429E60298440CD1E601A6A 21984 ----a-w- C:\Windows\Sysnative\drivers\semav6msr64.sys 2016-06-20 16:01:49 C44F174F83B1F244EE14E169417B293D 27872 ----a-w- C:\Windows\Sysnative\drivers\GdPhyMem.sys 2016-06-20 16:01:47 F7134187AD4D1997EBCC32B9F27DE5B5 116296 ----a-w- C:\Windows\Sysnative\drivers\GRD.sys 2016-06-20 15:32:48 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_gddcd64_01007.Wdf 2016-06-20 15:32:48 8D08E86C511503D837EA286B7E824A2B 69192 ----a-w- C:\Windows\Sysnative\drivers\gddcv64.sys 2016-06-20 15:32:47 14C0178E02279087B7141A4B80E711BF 89160 ----a-w- C:\Windows\Sysnative\drivers\gddcd64.sys 2016-06-20 15:32:42 DD7D5196EB9C4321EA57B668AF873840 37400 ----a-w- C:\Windows\Sysnative\drivers\GDKBB64.sys 2016-06-20 15:32:39 AC43FC300024DBB0CC02C61785ECB5A9 29720 ----a-w- C:\Windows\Sysnative\drivers\GDKBFlt64.sys 2016-06-20 15:32:37 A1B2BF637E6CEAD413399645D34DE6E6 109128 ----a-w- C:\Windows\Sysnative\drivers\TS4nt.sys 2016-06-20 15:32:18 71D54661F74B4D7DB5A8B482818A1414 77384 ----a-w- C:\Windows\Sysnative\drivers\gdwfpcd64.sys 2016-06-20 15:25:51 66070F6BEB84E4C82EE1182A0593BA37 102984 ----a-w- C:\Windows\Sysnative\drivers\PktIcpt.sys 2016-06-20 15:25:40 7B03EF320216AADD400E634B3ABC5A37 149576 ----a-w- C:\Windows\Sysnative\drivers\HookCentre.sys 2016-06-20 15:25:40 64450A65B3887FF6B92C67B7F6E5182E 262112 ----a-w- C:\Windows\Sysnative\drivers\MiniIcpt.sys 2016-06-20 15:25:40 06CA6B236A0D9D4C72B5E884A85194AD 176712 ----a-w- C:\Windows\Sysnative\drivers\GDBehave.sys 2016-06-14 19:54:50 3996DF4D52FD6273750C7033D1447C0A 31744 ----a-w- C:\Windows\Sysnative\drivers\dumpsdport.sys 2016-06-14 19:54:41 8B83335B6A86F39785FC7C9DE5F5B29F 1996640 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2016-06-14 19:54:37 425CFD45BDF5B9F8B790BEB20E0A8721 161632 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-06-14 19:54:36 C03E926B0E7D66D68994067231DC3246 278528 ----a-w- C:\Windows\Sysnative\drivers\netbt.sys 2016-06-14 19:54:36 2568B86F6A50D254324CB89022CA9EFC 690176 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2016-06-14 19:54:35 CF78AF126B00C1B0A6FF45BD838E8EFE 331616 ----a-w- C:\Windows\Sysnative\drivers\pci.sys 2016-06-14 19:54:33 BE88248427A6AA548A904FD867667F70 406528 ----a-w- C:\Windows\Sysnative\drivers\srv.sys 2016-06-14 19:54:33 3F7C80D9F16B94367646CBF8B8C052F4 604928 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2016-06-14 19:54:31 8E9E48E4BC6EACB811FE6066ADACC7A5 577376 ----a-w- C:\Windows\Sysnative\drivers\dxgmms2.sys 2016-06-14 19:54:29 87B9ABB965F7AF987D52791F0DD1663D 211296 ----a-w- C:\Windows\Sysnative\drivers\tpm.sys 2016-06-14 19:54:24 6E520D6B16EA8AE23D1F81C1194F00C8 237056 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2016-06-14 19:54:22 D330D74B5F99309B5CCA30AE41C57CDE 118624 ----a-w- C:\Windows\Sysnative\drivers\partmgr.sys 2016-06-14 19:54:20 05DD22294A4F3F89E52351C7721E6D2C 258912 ----a-w- C:\Windows\Sysnative\drivers\ufx01000.sys 2016-06-14 19:54:16 883A36E2FF7FA3E1281CB575579FE3AF 124928 ----a-w- C:\Windows\Sysnative\drivers\Ndu.sys 2016-06-14 19:54:15 020F3FD207AFEDAC8E05E4C567547A78 155136 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys ====== C:\Windows\Tasks ====== 2016-07-03 06:18:08 2FE366296D999F449BEC2B5ABE5E2760 214 ----a-w- C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-06-28 20:26:24 -------- d-----w- C:\Program Files\VideoLAN 2016-06-20 17:10:08 -------- d---a-w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2016-07-02 12:46:48 -------- d-----w- C:\PROGRA~2\UnHackMe 2016-06-20 15:18:21 -------- d-----w- C:\PROGRA~2\COMMON~1\G Data ======= C: ===== 2016-07-02 13:25:55 EE88CB0E1BF29B81571F460F82B89025 554 ----a-w- C:\DelFix.txt ====== C:\Users\van la Parra\AppData\Roaming ====== 2016-07-13 17:13:38 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Trusteer 2016-06-28 19:41:07 -------- d-----w- C:\Users\van la Parra\AppData\Local\Intel ====== C:\Users\van la Parra ====== 2016-07-09 20:22:26 CC5AE739C70BCA8C0383BE0AD8E56475 17566624 ----a-w- C:\Users\van la Parra\Downloads\GDCleanUp(2).exe 2016-07-07 19:57:45 12B0836D10022CFC6BE3B5A669D9E16B 2001540 ----a-w- C:\Users\van la Parra\Downloads\pc-decrapifier-3.0.0.exe 2016-07-02 12:33:03 E82B6DD3A963BE860C84F838A6FAD4C2 16597872 ----a-w- C:\Users\van la Parra\Downloads\stinger32.exe 2016-06-28 19:42:12 -------- d-----w- C:\ProgramData\IntelDLM 2016-06-28 19:40:14 -------- d-----w- C:\ProgramData\Intel 2016-06-20 17:10:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-06-20 15:33:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL PROTECTION 2016-06-20 15:22:00 -------- d-----w- C:\ProgramData\G DATA Software ====== C: exe-files == 2016-07-11 16:45:56 38BFBA956EBFB8FA19D9B1A0BC4DF9B1 3723376 ----a-w- C:\EEK\Start Emergency Kit Scanner.exe 2016-07-10 14:13:42 FC98719D6840CF060B8026EB2A48CF9D 41864 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_IENetworkCheckPluginReminder_v2.exe 2016-07-10 14:13:42 56D63ABD27AE3F1CA586C288A54D453D 62856 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_SproutWorkspaceUpdate.exe 2016-07-09 20:22:26 CC5AE739C70BCA8C0383BE0AD8E56475 17566624 ----a-w- C:\Users\van la Parra\Downloads\GDCleanUp(2).exe 2016-07-09 15:32:21 679778DB19CEB759B317677F27BD5B08 596992 ----a-w- C:\Users\van la Parra\AppData\Local\Packages\Microsoft.NetworkSpeedTest_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\NetworkSpeedTest\cdff7ddeecaed8b7fd0ebb143ebe2f1f\NetworkSpeedTest.ni.exe 2016-07-08 14:51:20 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\van la Parra\AppData\Local\Temp\BA409857-45F8-4B33-8D27-75C10342796C\DismHost.exe 2016-07-07 19:57:45 12B0836D10022CFC6BE3B5A669D9E16B 2001540 ----a-w- C:\Users\van la Parra\Downloads\pc-decrapifier-3.0.0.exe === C: other files == 2016-07-07 20:22:56 A1948026A109F1F11CB76B8BC3F4A314 686164 ----a-w- C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\8skzgxbe.default\features\{05939bfd-560b-46a7-a7d5-a5159c9e1120}\firefox@getpocket.com.xpi 2016-07-07 20:22:56 4D7B7D6D5A4691CF80FA7705F9C09D09 1696657 ----a-w- C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\8skzgxbe.default\features\{05939bfd-560b-46a7-a7d5-a5159c9e1120}\loop@mozilla.org.xpi 2016-07-07 20:22:55 F3AA2AA84D02237ECAFEF0C38A22D0F9 6260 ----a-w- C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\8skzgxbe.default\features\{05939bfd-560b-46a7-a7d5-a5159c9e1120}\e10srollout@mozilla.org.xpi ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-234901561-1536892485-3164044181-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Google Update"="C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe /c" "OneDrive"="C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "BingSvc"="C:\Users\van la Parra\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Messenger (Yahoo\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe -quiet" [HKEY_USERS\S-1-5-21-234901561-1536892485-3164044181-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "G Data ASM"="C:\Program Files (x86)\G DATA\TotalProtection\DelayLoader\AutorunDelayLoader.exe /autostart" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Google Update"="C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe /c" "OneDrive"="C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "BingSvc"="C:\Users\van la Parra\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Messenger (Yahoo\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe -quiet" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" "PAC207_Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-07-2016 13:56] C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\Windows\explorer.exe [28-05-2016 07:05] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001Core.job --a-------- C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe [22-05-2016 20:00] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001UA.job --a-------- C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe [22-05-2016 20:00] C:\Windows\tasks\HPCeeScheduleForvan la Parra.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [22-01-2016 21:52] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\Windows\explorer.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001Core" [C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-234901561-1536892485-3164044181-1001UA" [C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForvan la Parra" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{61F07557-C454-4323-9D8E-E7325EA7A1CB}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\van la Parra DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\VANLAP~1\AppData\Roaming\Mozilla\Firefox\Profiles\8skzgxbe.default user_pref("browser.startup.homepage", "http://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=nl-nl"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\VANLAP~1\AppData\Roaming\Mozilla\Firefox\Profiles\8skzgxbe.default - Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\van la Parra\AppData\Roaming\Mozilla\Firefox\Profiles\8skzgxbe.default 62D98B286C805E193568037B70D936D2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash C426F7E678D6E539041847556059D5E8 - C:\Users\van la Parra\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll - Google Update ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=nl-nl" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=nl-nl" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [G Data ASM] "C:\Program Files (x86)\G DATA\TotalProtection\DelayLoader\AutorunDelayLoader.exe" /autostart O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Google Update] "C:\Users\van la Parra\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [OneDrive] "C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [BingSvc] C:\Users\van la Parra\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\RunOnce: [Uninstall C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\van la Parra\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{45fd7784-0ddb-4131-87cc-c675ebba05a4}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{45fd7784-0ddb-4131-87cc-c675ebba05a4}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: G DATA ANTIVIRUS Proxy (AVKProxy) - G DATA Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKService.exe O23 - Service: G DATA Bestandssysteemmonitor (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G DATA\TotalProtection\AVK\AVKWCtlx64.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: G DATA Backup Service (GDBackupSvc) - G DATA Software AG - C:\Program Files (x86)\G DATA\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G DATA\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G DATA Scanner (GDScan) - G DATA Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G DATA Tuner-service (GDTunerSvc) - G DATA Software AG - C:\Program Files (x86)\G DATA\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: G DATA Datasafeservice (TSNxGService) - G DATA Software - C:\Program Files (x86)\G DATA\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\van la Parra\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\van la Parra\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\van la Parra\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\van la Parra\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\van la Parra\AppData\Local\Mozilla\Firefox\Profiles\8skzgxbe.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1 folders=0 141 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\VANLAP~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 14-07-2016 at 9:58:33,43 ======================