Zoek.exe Version 4.0.0.5 Updated 09-October-2013 Tool run by M van der Burg on do 10-10-2013 at 7:39:21,06. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\MVANDE~1\AppData\Local\Temp\Rar$EX02.700\zoek.exe [Script inserted] ==== System Restore Info ====================== 10-10-2013 7:48:32 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\Program Files\GUTE32E.tmp" deleted "C:\windows\silentOnce.tmp" deleted "C:\Users\M van der Burg\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll" deleted "C:\Program Files\GUME31D.tmp" deleted "C:\ProgramData\Trymedia" deleted "C:\Users\M van der Burg\AppData\Local\Rich Media Player\BrowserExtensions" not deleted "C:\Users\M van der Burg\AppData\Local\Rich Media Player\BrowserExtensions\IE" not deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1530105572-4269027503-2591286875-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\windows\system32\igfxtray.exe" "HotKeysCmds"="C:\windows\system32\hkcmd.exe" "Persistence"="C:\windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files\Motorola\Bluetooth\btmshell.dll,TrayApp" "MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "PSUAMain"="C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe /LaunchSysTray" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28-09-2013 17:37] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions doagiokpgboiomffjfhaiimafndmmpni - C:\Users\M van der Burg\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx[] fkcdbkhjcaljlfolhllfneigeepmjfim - C:\Users\M van der Burg\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{53D419F2-1B30-4AFE-9B5B-217A0FE49730}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {53D419F2-1B30-4AFE-9B5B-217A0FE49730} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1530105572-4269027503-2591286875-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} deleted successfully HKEY_USERS\S-1-5-21-1530105572-4269027503-2591286875-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} deleted successfully HKEY_USERS\S-1-5-21-1530105572-4269027503-2591286875-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FEB703F7-E7B2-4AB0-9566-87658AC70095} deleted successfully HKEY_USERS\S-1-5-21-1530105572-4269027503-2591286875-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FEB703F7-E7B2-4AB0-9566-87658AC70095} deleted successfully HKEY_USERS\S-1-5-21-1530105572-4269027503-2591286875-1000\Software\Microsoft\Internet Explorer\SearchScopes\{53D419F2-1B30-4AFE-9B5B-217A0FE49730} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FEB703F7-E7B2-4AB0-9566-87658AC70095} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEB703F7-E7B2-4AB0-9566-87658AC70095} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\M van der Burg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\M van der Burg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\MVANDE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\M van der Burg\AppData\Local\Rich Media Player\BrowserExtensions" not found ==== EOF on do 10-10-2013 at 17:27:53,87 ======================