Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Daems Jonas on do 26/05/2016 at 11:15:01,71. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: d:\Users\Daems Jonas\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 26/05/2016 11:16:00 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Daems Jonas\AppData\Local\ActiveSync deleted successfully C:\Users\Daems Jonas\AppData\Local\NetworkTiles deleted successfully C:\Users\Daems Jonas\AppData\Local\VirtualStore deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ASUS Smart Gesture ASUS Splendid Video Enhancement Technology AVG AVG 2016 AVG Protection AVG Web TuneUp D3DX10 FMW 1 Google Chrome Google Update Helper Intel(R) Processor Graphics IrfanView 64 (remove only) Junk Mail filter update Microsoft Application Error Reporting Microsoft Office 365 ProPlus - nl-nl Microsoft SQL Server 2005 Compact Edition [ENU] Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 NVIDIA-configuratiescherm 359.46 NVIDIA Grafisch stuurprogramma 359.46 NVIDIA Install Application NVIDIA Optimus Update 10.4.0 NVIDIA Update 10.4.0 NVIDIA Update Core Office 16 Click-to-Run Extensibility Component Office 16 Click-to-Run Licensing Component Office 16 Click-to-Run Localization Component Photo Common Photo Gallery Realtek High Definition Audio Driver Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Windows-stuurprogrammapakket - ASUS (ATP) Mouse (06/17/2015 6.0.0.66) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Running Processes ====================== C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe C:\Windows\SysWow64\IntelCpHeciSvc.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Program Files (x86)\AVG Web TuneUp\vprot.exe C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE d:\Users\Daems Jonas\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater40.3.1 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] ==== Deleting Files \ Folders ====================== C:\ProgramData\AVG Secure Search deleted C:\ProgramData\AVG Web TuneUp deleted C:\Program Files\AVG Web TuneUp deleted C:\windows\SysNative\Tasks\0216piUpdateInfo deleted C:\Users\Daems Jonas\AppData\Local\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0216pi deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\40.3.1\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.3.1\avgdttbx.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search" deleted "C:\PROGRA~2\AVG Web TuneUp" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\40.3.1" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\40.3.1" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8076 MB CPU Info: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz CPU Speed: 2401,0 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Qualcomm Atheros AR9485 Wireless Network Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (F: | ) F: MATSHITADVD-RAM UJ8E2 S Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 373,2GB | D: 537,8GB Hard Disks - Free: C: 345,5GB | D: 535,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | _ASUS_ - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. X550LD Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Internet Explorer Version: 11.306.10586.0 Google Chrome version: 50.0.2661.102 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-05-11 20:36:42 2617877C5761B8A696FD0368861EE6E4 4515256 ----a-w- C:\Windows\explorer.exe ====== C:\Users\DAEMSJ~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-05-18 07:48:11 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2016-05-11 20:36:39 48D8729FACC784900B831212AE56F824 1996640 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2016-05-11 20:36:32 01C01ED15ED56B98088CE1D5A0965E6A 577368 ----a-w- C:\Windows\Sysnative\drivers\dxgmms2.sys 2016-05-11 20:36:29 E7463CE8579A0418A98BE9BE42C647D7 534872 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS 2016-05-11 20:36:26 CFFE69B6C276A3418687109EA8AC9E7D 330072 ----a-w- C:\Windows\Sysnative\drivers\pci.sys 2016-05-11 20:36:26 B880BE37452AB1D4AA93845F58EF7960 95072 ----a-w- C:\Windows\Sysnative\drivers\sdport.sys 2016-05-11 20:36:26 357910142E9285B978689B1DB4EFA00A 393568 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2016-05-11 20:36:21 C330883C06E2D4CE4F6982F048265D37 335712 ----a-w- C:\Windows\Sysnative\drivers\fastfat.sys 2016-05-11 20:36:20 C0752D58193603B6ED762B4027C65E1B 155136 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys 2016-05-11 20:36:20 50DFE05C698E9B0A63D95E3D669A105C 638816 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys 2016-05-11 20:36:19 8F2523C9D8F1448FF2156452AF60FA00 87552 ----a-w- C:\Windows\Sysnative\drivers\filecrypt.sys 2016-05-11 20:36:19 82D3B1F4D80057826AA649D78147DE36 63488 ----a-w- C:\Windows\Sysnative\drivers\UcmCx.sys 2016-05-11 20:36:19 67B9684B8272D5EBD1CCBB1DBD425EC8 99680 ----a-w- C:\Windows\Sysnative\drivers\pdc.sys 2016-05-11 20:36:19 2A87EA182EA333D79AA0B03833EA67F2 131424 ----a-w- C:\Windows\Sysnative\drivers\ufxsynopsys.sys 2016-05-11 20:36:18 4AAD6547953D373A1EB5B2DF583D868B 67072 ----a-w- C:\Windows\Sysnative\drivers\usbser.sys ====== C:\Windows\Tasks ====== 2016-05-19 08:22:01 BFBFF2F73EC0E0D13031984799809B41 3060 ----a-w- C:\Windows\Sysnative\Tasks\ASUS Splendid ACMON ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-05-26 08:16:06 -------- d-----w- C:\Program Files\trend micro 2016-05-17 17:42:36 -------- d-----w- C:\Program Files\IrfanView 2016-05-04 09:26:33 -------- d-----w- C:\Program Files\Common Files\AVG Secure Search ======= C:\PROGRA~2 ===== 2016-05-18 08:06:57 -------- d---a-w- C:\PROGRA~2\COMMON~1\DESIGNER ======= C: ===== ====== C:\Users\Daems Jonas\AppData\Roaming ====== 2016-05-19 08:22:05 -------- d-----w- C:\Users\Daems Jonas\AppData\Local\ElevatedDiagnostics 2016-05-17 17:42:36 -------- d-----w- C:\Users\Daems Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView ====== C:\Users\Daems Jonas ====== 2016-05-19 08:21:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS ====== C: exe-files == 2016-05-26 08:46:13 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Daems Jonas\AppData\Local\Temp\C72B1118-0EA3-4641-9C96-54E59D4F764D\DismHost.exe 2016-05-26 08:16:06 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Daems Jonas.exe 2016-05-26 08:11:58 CEBBD45985EB8D30A37B6E8D22DCAB11 257192 ----a-w- C:\Windows\Temp\DPTF\esif_assist_64.exe 2016-05-24 10:23:05 89CAC0480C8105BB1F585C3B5E125434 9040072 ----a-w- C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe 2016-05-24 10:23:05 89CAC0480C8105BB1F585C3B5E125434 9040072 ----a-w- C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\OneDriveSetup.exe 2016-05-24 10:22:55 9D8F8170A6432030DAA3CF1864E16DC4 178888 ----a-w- C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe 2016-05-24 10:22:54 EBEC2BE509FBB6D922D2F04E4CE40946 493256 ----a-w- C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\OneDriveStandaloneUpdater.exe 2016-05-24 10:22:54 B18567F84F296ADB03E3C3F023C7422D 176840 ----a-w- C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe 2016-05-23 10:44:20 3D4BE9C83609DCC39A51C3C4EAB70C86 348432 ----a-w- C:\Program Files (x86)\AVG\Av\avgndisa.exe 2016-05-23 10:29:27 AEE84FC992F97B1D640BA5EAF9CF307C 78608 ----a-w- C:\ProgramData\Avg\Setup\av\avguirux.exe 2016-05-23 10:29:27 07DF9EE199DCB9988E5BA2457D192BA9 6059744 ----a-w- C:\ProgramData\Avg\Setup\av\avgmfapx.exe === C: other files == 2016-05-24 10:22:54 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-3437685781-3899522879-2098296170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" "Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" "Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ASUS Smart Gesture Launcher" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\Windows\SysNative\tasks\ASUS Splendid ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\RtHDVBg" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\Windows\SysNative\tasks\RtHDVBg_ListenToDevice" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\Windows\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{64D1401C-CE7F-4A2B-B016-495B34252B73}" [C:\Windows\system32\msfeedssync.exe] ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions chfdnecihphmhljaaejmgoiahnihplgn - No path found[] Google Slides - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo AVG Web TuneUp - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn Google Sheets - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully C:\Users\Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage deleted successfully C:\Users\Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com/?cid={A4209DDF-52FA-4CB9-BA13-5F1D6F22E4D2}&mid=4e55fbee3c1347cc85d5a96de9e920c1-b3475901ca4d96837f24912f062d4fb139f6f03c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516av&pr=fr&d=2016-05-04 11:26:33&v=4.2.9.726&pid=wtu&sg=&sap=hp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daems Jonas\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgfwsa.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @oem9.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Daems Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Daems Jonas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=479 folders=146 215562460 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DAEMSJ~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 26/05/2016 at 11:28:56,75 ======================