Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by computer on wo 24-08-2016 at 17:07:43,36. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\computer\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 24-8-2016 17:09:40 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\computer\AppData\Local\ActiveSync deleted successfully C:\Users\computer\AppData\Local\NetworkTiles deleted successfully C:\Users\computer\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\SysWOW64\spdsvc.exe C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\computer\AppData\Local\Viber\Viber.exe C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Users\computer\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe R2 - [ApHidMonitorService] - Alps HID Monitor Service - c:\program files\apoint2k\hidmonitorsvc.exe R2 - [Unchecky] - Unchecky - c:\program files (x86)\unchecky\bin\unchecky_svc.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [Garmin Device Interaction Service] - Garmin Device Interaction Service - c:\program files (x86)\garmin\device interaction service\garminservice.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] @=- ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3913 MB CPU Info: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz CPU Speed: 2298,6 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8E1 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 443,5GB Hard Disks - Free: C: 379,5GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer VA70_HC Country: Nederland Language: NLD ==== System Specs (Software) ====================== Internet Explorer Version: 11.545.10586.0 Google Chrome version: 52.0.2743.116 Adobe Reader version: 15.17.20050.192152 Flash Player version: 22.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-07-29 06:03:12 0C1AF67FA744891C8388228909B37E42 53208 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\Users\computer\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-08-10 11:57:40 FA7EE4E3DCF4C1159D4E78147D8F1A7B 84992 ----a-w- C:\WINDOWS\Sysnative\drivers\BTHUSB.SYS 2016-08-10 11:57:39 2442F8CED09E5E4A8F1AA04C5DB22771 954368 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-08-10 11:57:36 570BA8E8E1E3064A7D92F862B7F59B60 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-08-10 11:57:33 C2138FE291C8235C3A26CD04EE629163 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-08-10 11:57:33 72CC1F3397B4438C8B8830F004075038 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\bthenum.sys 2016-08-10 11:57:31 5DCB6746E9880DED87EC2A239ED64EB4 181248 ----a-w- C:\WINDOWS\Sysnative\drivers\rfcomm.sys 2016-08-10 11:57:31 0A23A12396CE5AE78E13F8E2ADF9AE35 128512 ----a-w- C:\WINDOWS\Sysnative\drivers\bthpan.sys 2016-08-10 11:57:22 E5EF652F8C880EC48A4E827698416338 1988448 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-08-10 11:57:21 E61E8025B3FC30906B9BFF0E1602B1E8 576864 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-08-10 11:57:18 97269D0CF0C275A7DF5BFCA6692CC8B8 393056 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-08-10 11:57:17 34DDBE73E42A4EDED7BEFF66F270C1A4 99680 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2016-08-10 11:57:13 3F89E96BDA0A24A3D2DBB7CE1E625589 331616 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-08-10 11:57:12 FAEBE339AB36831B77DC8F3B81DEDF75 465248 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2016-08-10 11:56:41 1BB74617AE07539EC7C31C93F98644C7 422744 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\computer\AppData\Roaming ====== 2016-08-21 17:23:24 -------- d-----w- C:\Users\computer\AppData\Local\Viber ====== C:\Users\computer ====== 2016-08-24 07:16:34 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\computer\Downloads\RSITx64.exe 2016-08-02 05:30:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin ====== C: exe-files == 2016-08-24 07:16:34 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\computer\Downloads\RSITx64.exe 2016-08-21 17:23:33 115D46A0386ACBA87D4634917176ED3C 72586832 ----a-w- C:\Users\computer\AppData\Local\Viber\Viber.exe 2016-08-21 17:23:32 C0B10237E0BB63FEFC392726A3FA1387 19024 ----a-w- C:\Users\computer\AppData\Local\Viber\QtWebEngineProcess.exe 2016-08-21 17:23:25 6CBCEB42C7D3141B2D0260F07B568061 544336 ----a-w- C:\Users\computer\AppData\Local\Viber\updater.exe 2016-08-21 09:32:56 F56F4BE771DCE9ECBBC0954D39DF660E 544336 ----a-w- C:\Users\computer\AppData\Roaming\ViberPC\6.2.0.1306\6.2.0.1306\updater.exe 2016-08-19 16:39:57 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\computer\AppData\Local\Temp\7E6414F5-9DF1-460C-9B45-A2000D0DF06D\DismHost.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Google Update"="C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Viber"="C:\Users\computer\AppData\Local\Viber\Viber.exe StartMinimized" "ToolwizTimeFreeze"="C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe -autorun" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Google Update"="C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Viber"="C:\Users\computer\AppData\Local\Viber\Viber.exe StartMinimized" "ToolwizTimeFreeze"="C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe -autorun" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-07-2016 13:48] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001Core.job --a-------- C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [20-03-2016 15:17] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001UA.job --a-------- C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [20-03-2016 15:17] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001Core" [C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2871391618-1465616402-3070090435-1001UA" [C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1462020770" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{64FA7FC7-198A-438F-BD7F-E3A1CD13457E}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-03-20 12:15:02 -------- d-----w- C:\PROGRA~3\regid.1991-06.com.microsoft 2016-03-20 12:15:02 -------- d-----w- C:\PROGRA~3\USOPrivate 2016-03-20 12:15:02 -------- d-s---w- C:\PROGRA~3\Microsoft 2016-03-20 12:45:19 -------- d-----w- C:\PROGRA~3\USOShared 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Application Data 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Bureaublad 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Documenten 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Menu Start 2016-03-20 12:55:06 -------- d-sh--we C:\PROGRA~3\Sjablonen 2016-03-20 13:00:43 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2016-03-20 13:10:18 -------- d-----w- C:\PROGRA~3\Trusteer 2016-03-20 13:12:59 -------- d-----w- C:\PROGRA~3\Samsung 2016-03-20 13:14:55 -------- d-----w- C:\PROGRA~3\Malwarebytes 2016-03-20 14:08:38 -------- d-----w- C:\PROGRA~3\AVAST Software 2016-03-20 18:13:17 -------- d-----w- C:\PROGRA~3\Adobe 2016-03-24 13:08:15 -------- d-----w- C:\PROGRA~3\boost_interprocess 2016-03-30 12:14:34 -------- d-----w- C:\PROGRA~3\NortonInstaller 2016-03-30 13:18:18 -------- d-----w- C:\PROGRA~3\Norton 2016-04-08 13:27:01 -------- d-----w- C:\PROGRA~3\Unchecky 2016-05-26 12:19:01 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe 2016-05-31 13:06:12 -------- d-----w- C:\PROGRA~3\Garmin ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [29-07-2016 08:03] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [26-05-2016 14:16] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions daanglpcpkjjlkhcbladppjphglbigam - No path found[] efaidnbmnnnibpcajpcglclefindmkaj - No path found[] eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[] Google Slides - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Avast Online Security - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam Norton Home Page for Chrome - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe Avast SafePrice - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Google Sheets - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Norton Safe Search as default for Chrome - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl Chrome Web Store Payments - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Google Docs - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Web Store Payments - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully C:\Users\hfm32\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage deleted successfully C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={sear ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\computer\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\computer\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Viber] "C:\Users\computer\AppData\Local\Viber\Viber.exe" StartMinimized O4 - HKCU\..\Run: [ToolwizTimeFreeze] "C:\Program Files\Toolwiz Time Freeze 2016\ToolwizTimeFreeze.exe" -autorun O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\computer\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: @oem2.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\Apoint2K\HidMonitorSvc.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\WINDOWS\system32\\spdsvc.exe O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\hfm32\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\computer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\hfm32\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\hfm32\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=326 folders=131 73328993 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\computer\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 24-08-2016 at 17:35:18,47 ======================