Zoek.exe v5.0.0.0 Updated 25-January-2014 Tool run by Admin on ma 27/01/2014 at 17:53:34,92. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 27/01/2014 17:55:30 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\ProgramData\DassaultSystemes deleted successfully C:\Users\Admin\AppData\Roaming\DassaultSystemes deleted successfully C:\Users\Admin\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Admin\AppData\Local\Adobe deleted successfully C:\Users\Admin\AppData\Local\DassaultSystemes deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3030078495-478983745-2440819254-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} deleted successfully HKEY_USERS\S-1-5-21-3030078495-478983745-2440819254-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} deleted successfully HKEY_USERS\S-1-5-21-3030078495-478983745-2440819254-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AB8FD3D2-DDC8-41D7-A468-AF7AAC70934C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update RightSurf deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update RightSurf deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util RightSurf deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util RightSurf deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}] ==== Deleting Files \ Folders ====================== C:\Users\Admin\AppData\Roaming\0F1F1C2Y1H1P1C0I0T deleted C:\ProgramData\SoundResearch deleted C:\ProgramData\YTD Video Downloader deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" deleted "C:\PROGRA~2\RightSurf\updateRightSurf.exe" deleted "C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe" deleted "C:\PROGRA~2\RightSurf\bin\utilRightSurf.exe" deleted "C:\Program Files (x86)\RightSurf" not deleted "C:\PROGRA~2\RightSurf" not deleted "C:\Program Files (x86)\RightSurf\bin" not deleted "C:\PROGRA~2\RightSurf\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2013-12-29 21:04:22 9BE7EF0B244F2DABA24291C708A9E9DA 816895461 ----a-w- C:\windows\MEMORY.DMP ====== C:\Users\Admin\AppData\Local\Temp ==== ====== C:\windows\SysWOW64 ===== 2014-01-19 16:08:31 62601FF7577D8CC2132D26BDF6B4997F 452608 ----a-w- C:\windows\SysWOW64\SHCore.dll 2014-01-19 16:08:30 6A10586D2456BBE6E1F7DBAABB2C5F28 550400 ----a-w- C:\windows\SysWOW64\FirewallAPI.dll 2014-01-19 16:08:30 07577AD2DA7D82B8A077DA4C1981DB9B 199168 ----a-w- C:\windows\SysWOW64\WebClnt.dll 2014-01-19 16:08:29 AC52DA0DC81956307CB8E13B5A0A390E 86016 ----a-w- C:\windows\SysWOW64\davclnt.dll 2014-01-19 16:08:21 18DB0EA3DAD0932C62F2DED17837D92E 562688 ----a-w- C:\windows\SysWOW64\WSShared.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2014-01-19 16:08:31 A28DE7725EC0426BC76C064B3A9D64EF 588288 ----a-w- C:\windows\Sysnative\SHCore.dll 2014-01-19 16:08:31 9DE3341BD4E14BC5FADFCAD3019F2D0D 915968 ----a-w- C:\windows\Sysnative\MPSSVC.dll 2014-01-19 16:08:31 09DC813EA00294A6F5B2B6C75E2740ED 758784 ----a-w- C:\windows\Sysnative\FirewallAPI.dll 2014-01-19 16:08:30 9B1384CE8E681D2D77BB3524B8E86311 227840 ----a-w- C:\windows\Sysnative\WebClnt.dll 2014-01-19 16:08:29 353F85DB0B6EB92A77DA1DC2B9DD4FEF 104448 ----a-w- C:\windows\Sysnative\davclnt.dll 2014-01-19 16:08:21 FA3B2DEF1EA2D6D2018E4289A235B83B 688640 ----a-w- C:\windows\Sysnative\WSShared.dll ====== C:\windows\Sysnative\drivers ===== 2014-01-19 16:08:30 AE3786294CC246A5403783E1B86A0168 100696 ----a-w- C:\windows\Sysnative\drivers\disk.sys 2014-01-19 16:08:29 4CCBBD4944777CA100B9A6C2F149A46F 74752 ----a-w- C:\windows\Sysnative\drivers\mpsdrv.sys ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2014-01-26 15:25:02 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-01-25 22:58:25 -------- d-----w- C:\PROGRA~2\InfraRecorder 2014-01-25 22:56:14 -------- d-----w- C:\PROGRA~2\RightSurf ======= C: ===== ====== C:\Users\Admin\AppData\Roaming ====== 2014-01-26 13:36:20 -------- d-----w- C:\Users\TEMP.HP-THUISPC.000\AppData\Locallow\Microsoft 2014-01-25 22:58:25 -------- d-----w- C:\Users\Admin\AppData\Roaming\InfraRecorder 2014-01-11 23:01:37 -------- d-----w- C:\Users\Admin\AppData\Locallow\COMODO ====== C:\Users\Admin ====== 2014-01-26 15:22:17 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Admin\Desktop\RSITx64.exe 2014-01-26 13:36:17 -------- d--h--w- C:\Users\TEMP.HP-THUISPC.000\AppData 2014-01-25 22:56:02 02ACC12D1361BF86071C3A09D58E217E 3432724 ----a-w- C:\Users\Admin\Downloads\infrarecorder [1].exe 2013-12-29 13:41:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ====== C: exe-files == 2014-01-26 15:25:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Admin.exe 2014-01-26 15:22:17 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Admin\Desktop\RSITx64.exe 2014-01-25 22:58:25 5C2A8217A5212AF87582725049047D28 96904 ----a-w- C:\Program Files (x86)\InfraRecorder\Uninstall.exe 2014-01-25 22:56:12 A6FA428F4D30A89A02143D680E612A3C 889288 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNZ5G6B1\Setup[1].exe 2014-01-25 22:56:02 02ACC12D1361BF86071C3A09D58E217E 3432724 ----a-w- C:\Users\Admin\Downloads\infrarecorder [1].exe 2014-01-25 22:54:23 5C2F21F1270391C2F58941D505849C36 675736 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X60AE8PV\infrarecorder.exe === C: other files == 2014-01-27 13:00:17 17B42832460BFEEBEF48D56323169274 15092 ----a-w- C:\Users\Admin\AppData\Local\SolidWorks\CXPA\20140127140015_21.3.0.0060.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3030078495-478983745-2440819254-1001\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R340"="C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAJE.EXE /FU C:\windows\TEMP\E_S907A.tmp /EF HKCU" "EPSON Stylus Photo R340 Series"="C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAJE.EXE /FU C:\windows\TEMP\E_S5DEC.tmp /EF HKCU" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "AVG-Secure-Search-Update_1213b"="C:\Users\Admin\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=def538f218f547d39dc95918bd84d5bb-bda25d6aad64f3c6c58d6ce776eec753e009693a /CMPID=1213b" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R340"="C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAJE.EXE /FU C:\windows\TEMP\E_S907A.tmp /EF HKCU" "EPSON Stylus Photo R340 Series"="C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAJE.EXE /FU C:\windows\TEMP\E_S5DEC.tmp /EF HKCU" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "AVG-Secure-Search-Update_1213b"="C:\Users\Admin\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=def538f218f547d39dc95918bd84d5bb-bda25d6aad64f3c6c58d6ce776eec753e009693a /CMPID=1213b" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2013-10-30 22:48:50 2753 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [19/01/2014 17:06] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/09/2013 09:24] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/09/2013 09:24] C:\windows\tasks\HPCeeScheduleForAdmin.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 22:15] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\windows\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\HPCeeScheduleForAdmin" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Chrome Look ====================== Google Docs - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Comodo DragDrop Service - Admin\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo Comodo Web Inspector - Admin\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn PrivDog - Admin\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja Comodo Share Page Service - Admin\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf Google Wallet - Admin\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hln.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hln.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4" ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Admin\AppData\Local\COMODO\Dragon\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=45 folders=13 7595209 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Admin\AppData\Local\Temp will be emptied at reboot C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\RightSurf" not found "C:\PROGRA~2\RightSurf" not found ==== EOF on ma 27/01/2014 at 18:04:17,69 ======================