Zoek.exe v5.0.0.0 Updated 19-February-2014 Tool run by Ronald on do 20-02-2014 at 18:56:28,03. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8Z4JUA2\zoek (1).exe [Scan all users] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\EscSvc.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet "c:\windows\system32\\svchost.exe" C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8Z4JUA2\zoek (1).exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 20-2-2014 18:57:58 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 12 ActiveX Adobe Reader XI (11.0.06) - Nederlands AVG PC TuneUp 2014 AVG PC TuneUp 2014 (nl-NL) EPSON Scan EPSON XP-102 103 Series Printer Uninstall Intel(R) Management Engine Components Intel(R) Processor Graphics Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Rapport Realtek Ethernet Controller Driver Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver Samsung Kies3 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Software Updater Trusteer Eindpuntbeveiliging ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 1955 MB CPU Info: Intel(R) Pentium(R) CPU G620 @ 2.60GHz CPU Speed: 2667,5 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1360 X 768 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-222AB Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 465,7GB | E: 100,0MB Hard Disks - Free: C: 449,2GB | E: 65,7MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer INC. P8H61-M LX Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Internet Explorer Version: 11.0.9600.16518 Adobe Reader version: 11.0.06.70 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Ronald\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-02-19 17:26:15 9CC9217EE688AEA264F387D58EA7523F 268352 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2014-02-12 18:24:35 85AC8EB265EDCAD86D651D45C5E3AB83 440832 ----a-w- C:\Windows\System32\ieui.dll 2014-02-12 18:24:35 1D724A2EC124094B83FCB07533FC9BB5 208896 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-02-12 18:24:34 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-12 18:24:34 6F2E12C6229558B5829FDD07603763C2 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-12 18:24:33 B8F28AAC003060E3B125D2447CFC19E2 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-02-12 18:24:33 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-12 18:24:33 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-02-12 18:24:33 408805B8083896DC95E6340F4016BEBD 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-12 18:24:33 260D6B421E5551E8BA75D16B5CA90D9A 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-12 18:24:33 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-02-12 18:24:32 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-02-12 18:24:32 29B66A7E3E1AA79C690D5D862AC76F64 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-12 18:24:32 0F739443669F3A48F1B2325995117BFE 553472 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-12 18:24:31 C9D1131E2163CE932DF3EAAF0EEA3673 524288 ----a-w- C:\Windows\System32\msfeeds.dll 2014-02-12 18:24:30 9C89246184979A070B0C6CCF61C68136 1820160 ----a-w- C:\Windows\System32\wininet.dll 2014-02-12 18:24:30 5D9DC6332A4FC66388B09BBE7CF53750 1156096 ----a-w- C:\Windows\System32\urlmon.dll 2014-02-12 18:24:30 34CBED7698D557DDB43F8732FBC2ACB9 2168320 ----a-w- C:\Windows\System32\iertutil.dll 2014-02-12 18:24:29 40E68599FE3A10F816217D3789FCE74E 1964032 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-12 18:24:28 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 ----a-w- C:\Windows\System32\mshtml.dll 2014-02-12 18:24:28 79FA7D8B488F90EDE325963379A6F738 11266048 ----a-w- C:\Windows\System32\ieframe.dll 2014-02-12 18:24:27 99280392987A1A96C756A9F38C4CE396 4244480 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-12 18:21:35 3D485254E43EF4E4F707346B5731EA9A 454656 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-12 18:17:42 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\System32\locale.nls 2014-02-12 18:17:40 E4561704CBFA193761743E5AF746C669 1237504 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-12 18:17:39 17B06F23237FCD731FA2E10ECD6EDFE1 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-02-12 18:17:17 D96106CF60505734B14F6AE80AAA4B07 1987584 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-02-12 18:17:17 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\System32\d2d1.dll 2014-02-12 18:17:11 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\System32\RMActivate_isv.exe 2014-02-12 18:17:11 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\System32\RMActivate.exe 2014-02-12 18:17:11 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe 2014-02-12 18:17:11 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\System32\RMActivate_ssp.exe 2014-02-12 18:17:10 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\System32\secproc_isv.dll 2014-02-12 18:17:10 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\System32\msdrm.dll 2014-02-12 18:17:10 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\System32\secproc.dll 2014-02-12 18:17:09 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll 2014-02-12 18:17:09 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\System32\secproc_ssp.dll ====== C:\Windows\system32\drivers ===== 2014-01-21 20:46:26 65375DF758CA1872AB7EBBBA457FD5E6 14848 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2014-01-21 20:46:23 9CE253214ACAA5A7D323327D2055EFAA 49664 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2014-01-21 20:46:23 57C527AF84748B5C2F5178C499C0B81F 27136 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-20 10:18:40 -------- d-----w- C:\Program Files\trend micro 2014-01-28 19:33:27 -------- d-----w- C:\Program Files\Trusteer ======= C: ===== ====== C:\Users\Ronald\AppData\Roaming ====== 2014-02-19 15:30:14 F06186C72699A3F8FD523ACE160C95BA 58016 ----a-w- C:\Users\Ronald\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-18 17:37:51 -------- d-----w- C:\Users\Ronald\AppData\Locallow\Adblock Plus for IE ====== C:\Users\Ronald ====== 2014-01-28 19:33:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging ====== C: exe-files == 2014-02-20 10:18:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ronald.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s " "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05-02-2014 18:20] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== HijackThis Entries ====================== O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe ==== Empty IE Cache ====================== C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0GZ5WBY will be deleted at reboot C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8Z4JUA2 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1 folders=5 327 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Ronald\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ronald\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0GZ5WBY" deleted "C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8Z4JUA2" not found ==== EOF on do 20-02-2014 at 19:41:02,51 ======================