Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by HP_Eigenaar on di 08/04/2014 at 15:49:25,82. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\HP_Eigenaar\Bureaublad\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-04-08-134052.log 443 bytes ==== Empty Folders Check ====================== C:\Program Files\Advanced Clipboard Manager deleted successfully C:\Program Files\Center Key Software deleted successfully C:\Program Files\Codebox deleted successfully C:\Program Files\Grisoft deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\NOS deleted successfully C:\Program Files\PC Drivers HeadQuarters deleted successfully C:\Program Files\Soluto deleted successfully C:\Program Files\SUPERAntiSpyware deleted successfully C:\Program Files\VS Revo Group deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\ISP Monitor deleted successfully C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Disk Cleaner deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVAST Software deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes' Anti-Malware (portable) deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip deleted successfully C:\Documents and Settings\Default User\Application Data\Apple Computer deleted successfully C:\Documents and Settings\Default User\Application Data\SampleView deleted successfully C:\Documents and Settings\Default User\Application Data\Symantec deleted successfully C:\Documents and Settings\HP_Eigenaar\Application Data\Ad-Aware Antivirus deleted successfully C:\Documents and Settings\HP_Eigenaar\Application Data\AdobeUM deleted successfully C:\Documents and Settings\HP_Eigenaar\Application Data\Lite deleted successfully C:\Documents and Settings\HP_Eigenaar\Application Data\SampleView deleted successfully C:\Documents and Settings\HP_Eigenaar\Application Data\SUPERAntiSpyware.com deleted successfully C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer deleted successfully C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Internet Explorer\SearchScopes\{D4006971-5202-431B-B745-4F70CFF55CA0} deleted successfully HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Internet Explorer\SearchScopes\{E603FB68-8240-4A16-B492-1BF5BDF3563F} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\vToolbarUpdater17.3.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\vToolbarUpdater18.0.5 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] ==== Deleting Files \ Folders ====================== C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes' Anti-Malware (portable) not found C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\Yahoo! deleted C:\found.000 deleted C:\found.001 deleted C:\Documents and Settings\HP_Eigenaar\Application Data\Uniblue deleted C:\Documents and Settings\HP_Eigenaar\Application Data\CheckPoint\ZoneAlarm LTD Toolbar deleted C:\Documents and Settings\HP_Eigenaar\Application Data\AVG Secure Search deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Secure Search deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallMate deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\Premium deleted C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\AVG Secure Search deleted C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\Microsoft_Research deleted C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\adawarebp deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm deleted C:\WINDOWS\WININIT.INI deleted C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job deleted C:\user.js deleted C:\WINDOWS\System32\SET48.tmp deleted C:\WINDOWS\System32\SET49.tmp deleted C:\WINDOWS\System32\SET4A.tmp deleted C:\WINDOWS\System32\SET4E.tmp deleted C:\WINDOWS\System32\SET4F.tmp deleted C:\WINDOWS\System32\SET50.tmp deleted C:\WINDOWS\System32\SET52.tmp deleted C:\WINDOWS\System32\SET54.tmp deleted C:\WINDOWS\System32\SET56.tmp deleted "C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll" deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== 2014-03-11 08:30:20 73C8000F77F8AD1E57F5DF21955F3C6E 234 ----a-w- C:\WINDOWS\Tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\HP_Eigenaar\Application Data ====== ====== C:\Documents and Settings\HP_Eigenaar ====== 2014-04-06 15:52:30 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\HP_Eigenaar\Bureaublad\RSIT.exe 2014-03-14 17:39:15 -------- d-sh--w- C:\Documents and Settings\Default User\IETldCache ====== C: exe-files == 2014-04-06 15:54:16 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\HP_Eigenaar.exe 2014-04-06 15:52:30 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\HP_Eigenaar\Bureaublad\RSIT.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-3779450817-1233545770-1920239261-1008\Software\Microsoft\Windows\CurrentVersion\Run] "xNeat Clipboard Manager"="C:\Program Files\xNeat Clipboard Manager\xNeatClipMngr.exe" "KeyboardLeds.exe"="C:\Program Files\Keyboard Leds\KeyboardLeds.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "ISPMonitor"="C:\Program Files\ISP Monitor\isp1.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "Mindful"="C:\Program Files\Felitec\Mindful\Mindful.exe" "KBD"="C:\HP\KBD\KBD.EXE" "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "nwiz"="nwiz.exe /install" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "xNeat Clipboard Manager"="C:\Program Files\xNeat Clipboard Manager\xNeatClipMngr.exe" "KeyboardLeds.exe"="C:\Program Files\Keyboard Leds\KeyboardLeds.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "ISPMonitor"="C:\Program Files\ISP Monitor\isp1.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "AlcxMonitor"="ALCXMNTR.EXE" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job --a------ [Undetermined Task] C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13/03/2014 17:11] C:\WINDOWS\tasks\Google Software Updater.job --a------ [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/02/2009 11:22] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/02/2009 11:22] C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job --a------ C:\WINDOWS\system32\xp_eos.exe [27/02/2014 01:28] C:\WINDOWS\tasks\OGADaily.job --a------ C:\WINDOWS\system32\OGAVerify.exe [31/12/2008 18:04] C:\WINDOWS\tasks\OGALogon.job --a------ C:\WINDOWS\system32\OGAVerify.exe [31/12/2008 18:04] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.5.292" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\HP_EIG~1\Application Data\TomTom\HOME\Profiles\s8tgedif.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ProfilePath: C:\Documents and Settings\HP_EIG~1\Application Data\Mozilla\Firefox\Profiles\7aoa0vdk.default - Undetermined - %ProfilePath%\extensions\jid1-yZwVFzbsyfMrqQ@jetpack AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\HP_Eigenaar\Application Data\Mozilla\Firefox\Profiles\44yy07f0.default-1375126954093 E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update 95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash 01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In 3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ndibdjnfmopecpmkdieinmbadjfpblof - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hetlaatstenieuws.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hetlaatstenieuws.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {7D7936C8-5D3D-4174-8A0D-F8DA5DC00B57} Search By ZoneAlarm Url="http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN37323827488872-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=67cf02850000000000000013d32b98bf&q={searchTerms}&r=0" {B173711D-8BFB-47C4-9392-27E44CB523EC} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_nl" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\HP_Eigenaar\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\HP_Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\Mozilla\Firefox\Profiles\44yy07f0.default-1375126954093\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1856 folders=809 219146796 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\HP_Eigenaar\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\HP_Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\Common Files\AVG Secure Search" deleted ==== EOF on di 08/04/2014 at 16:41:51,17 ======================