Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by LUC on zo 07-08-2016 at 21:28:37,23. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\LUC\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 7-8-2016 21:35:09 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\PokerStove deleted successfully C:\PROGRA~2\PSQLINSTALL deleted successfully C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully C:\Users\LUC\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\LUC\AppData\Local\EmieSiteList deleted successfully C:\Users\LUC\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe C:\windows\system\Cm106eye.exe C:\Users\LUC\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe C:\Users\LUC\Desktop\zoek.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\amd\ati.ace\fuel\fuel.service.exe R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\bluetooth suite\adminservice.exe R2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe R2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe R2 - [HerculesDJControlMP3] - Hercules DJ Control MP3 - c:\program files\hercules\audio\dj console series\drivers\amd64\herculesdjcontrolmp3.exe R2 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe R2 - [postgresql-x64-9.0] - postgresql-x64-9.0 - PostgreSQL Server 9.0 - c:/program files/postgresql/9.0/bin/pg_ctl.exe R2 - [SamsungDeviceConfigurationWinService] - SamsungDeviceConfiguration - c:\program files (x86)\samsung\easy settings\samsungdeviceconfiguration.exe R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [GameConsoleService] - GameConsoleService - c:\program files (x86)\wildgames\game console - wildgames\gameconsoleservice.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\PokerStove not found C:\PROGRA~2\PSQLINSTALL not found C:\PROGRA~2\GUT1DAE.tmp deleted C:\PROGRA~2\GUTA7B4.tmp deleted C:\PROGRA~2\GUTA927.tmp deleted C:\PROGRA~2\GUM1DAD.tmp deleted C:\Users\LUC\AppData\Roaming\appdataFr3.bin deleted C:\PROGRA~3\Package Cache deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysWow64\AI_RecycleBin deleted "C:\Users\LUC\AppData\Local\{F2EF7F4B-C2B3-4FB1-A114-A9CB3BF745D8}" deleted "C:\ProgramData\mntemp" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3549 MB CPU Info: AMD A6-4455M APU with Radeon(tm) HD Graphics CPU Speed: 2100,4 MHz Sound Card: Luidsprekers (Muse Pocket LT3) | Speakers (Realtek High Definiti | Display Adapters: AMD Radeon HD 7500G | AMD Radeon HD 7500G | AMD Radeon HD 7500G | AMD Radeon HD 7500G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth Device (Personal Area Network) | Qualcomm Atheros AR946x Wireless Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: MagicISOVirtual DVD-ROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 443,4GB Hard Disks - Free: C: 219,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/14/12 | SECCSD - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: SAMSUNG ELECTRONICS CO., LTD. SAMSUNG_NP1234567890 Country: Nederland Language: NLD ==== System Specs (Software) ====================== SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Internet Explorer Version: 11.0.9600.17843 Adobe Reader version: 11.0.17.9 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\LUC\AppData\Local\Temp ==== 2016-08-07 19:27:04 0CFC0308F76EC217C457F54DDFCB3077 43008 ----a-w- C:\Users\LUC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmw_rde.dll ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== ====== C:\windows\Sysnative\drivers ===== ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\LUC\AppData\Roaming ====== 2016-08-07 19:26:59 -------- d-----r- C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-07-13 15:42:40 -------- d-----w- C:\Users\LUC\AppData\Locallow\Blizzard Entertainment ====== C:\Users\LUC ====== 2016-08-07 17:22:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\LUC\Downloads\RSITx64.exe ====== C: exe-files == 2016-08-07 17:22:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\LUC\Downloads\RSITx64.exe === C: other files == ==== Orphaned Tasks deleted from Registry ====================== GoogleUpdateTaskUserS-1-5-21-3520410495-254977392-370578606-1000Core deleted GoogleUpdateTaskUserS-1-5-21-3520410495-254977392-370578606-1000UA deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3520410495-254977392-370578606-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\LUC\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "uTorrent"="C:\Users\LUC\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "AppEx Accelerator UI"="C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h" [HKEY_USERS\S-1-5-21-3520410495-254977392-370578606-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-3520410495-254977392-370578606-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\LUC\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "uTorrent"="C:\Users\LUC\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "AppEx Accelerator UI"="C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" "Cm106Sound"="C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd" "Hercules DJ Series TrayAgent"="C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot" "NUSB3MON"="C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Folders ====================== 2015-05-26 10:55:04 1127 ----a-w- C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-07-14 15:29:20 989 ----a-w- C:\Users\LUC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\SysNative\tasks\advSRS5" ["C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"] "C:\windows\SysNative\tasks\BatteryLifeExtender" [C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe] "C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\SysNative\tasks\Easy Software Manager Agent" ["%ProgramFiles(x86)%\Samsung\Easy Software Manager\SWMAgent.exe"] "C:\windows\SysNative\tasks\EasyBatteryManager" ["%ProgramFiles(x86)%\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe"] "C:\windows\SysNative\tasks\EasyDisplayMgr" ["C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe"] "C:\windows\SysNative\tasks\EasySpeedUpManager" ["%programfiles(x86)%\Samsung\Easy Settings\EasySpeedUpManager.exe"] "C:\windows\SysNative\tasks\EasySupportCenter" ["%ProgramFiles%\Samsung\Easy Support Center\SamoyedAgent.exe"] "C:\windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\windows\SysNative\tasks\MovieColorEnhancer" ["%programfiles(x86)%\Samsung\Easy Settings\MovieColorEnhancer.exe"] "C:\windows\SysNative\tasks\SCCSpeedBoot" ["%programfiles(x86)%\Samsung\Easy Settings\SCCSpeedBoot.exe"] "C:\windows\SysNative\tasks\SmartSetting" ["%programfiles(x86)%\Samsung\Easy Settings\SmartSetting.exe"] "C:\windows\SysNative\tasks\WLANStartup" ["%programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe"] "C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-03-14 22:54:49 -------- d-----w- C:\PROGRA~3\.mono 2016-06-10 19:00:46 -------- d-----w- C:\PROGRA~3\SafeNet Sentinel 2016-06-10 19:04:19 -------- d-----w- C:\PROGRA~3\IBM 2016-07-08 19:30:34 -------- d-----w- C:\PROGRA~3\GeoComply ==== Chromium Look ====================== YouTube - LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Whitelisted domains - LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Web Store Payments - LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - LUC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage deleted successfully C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage deleted successfully C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\LUC\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\LUC\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3520410495-254977392-370578606-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-3520410495-254977392-370578606-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres') O4 - Startup: Download Modern Family S06E17 HDTV x264-LOL [eztv] Torrent - KickassTorrents Proxy.lnk = C:\ProgramData\{58083da7-317b-9bf0-5808-83da7317f69c}\Download Modern Family S06E17 HDTV x264-LOL [eztv] Torrent - KickassTorrents Proxy.exe O4 - Startup: Dropbox.lnk = LUC\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {26E1BEAF-C1A1-482B-8714-08844F1BCF7F} (GTileContainerCtl Class) - http://213.126.97.82:8080/webviewer.cab O16 - DPF: {3AA1C0E3-DA98-4BB4-91AE-D3BC61178240} (GVersionManager Class) - http://213.126.97.82:8080/GVersionMan.cab O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Hercules® - C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: postgresql-x64-9.0 - PostgreSQL Server 9.0 (postgresql-x64-9.0) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SamsungDeviceConfiguration (SamsungDeviceConfigurationWinService) - Unknown owner - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\LUC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\LUC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\LUC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=55 folders=33 37447507 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\LUC\AppData\Local\Temp will be emptied at reboot C:\Users\postgres\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\LUC\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 07-08-2016 at 22:40:56,72 ======================