Zoek.exe v5.0.0.0 Updated 26-07-2014 Tool run by R.P.W. van Tienen on za 26-07-2014 at 23:21:15,70. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Users\R.P.W. van Tienen\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-07-25-175454.log 16902 bytes C:\zoek-results2014-07-25-211503.log 16020 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4004530003-3821970172-325084271-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8BC4B41F-2267-43D1-A75D-1DB35E4BFD67} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Menu Start deleted C:\Users\R.P.W. van Tienen\AppData\Local\TempPSTEMPFILEon0809012616_1.tmp deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\ClassFrozenSprite.exe" deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\msvcp100.dll" deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\msvcr100.dll" not deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\QtCore4.dll" deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\QtNetwork4.dll" deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\RepositoryScrollingSyntax.exe" deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\ClassFrozenSprite.exe" deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\msvcp100.dll" deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\msvcr100.dll" not deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\QtCore4.dll" deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\QtNetwork4.dll" deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\RepositoryScrollingSyntax.exe" deleted "C:\Windows\Syswow64\DashboardDesktopRaw\DashboardDesktopRaw.exe" deleted "C:\Windows\Syswow64\DashboardDesktopRaw\msvcp100.dll" deleted "C:\Windows\Syswow64\DashboardDesktopRaw\msvcr100.dll" not deleted "C:\Windows\Syswow64\DashboardDesktopRaw\QtCore4.dll" deleted "C:\Windows\Syswow64\DashboardDesktopRaw\QtNetwork4.dll" deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax" not deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax" not deleted "C:\Windows\Syswow64\DashboardDesktopRaw" not deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\desktop" not deleted "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\service" deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\desktop" not deleted "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\service" deleted ==== Folders Found ====================== ==== Files Found ====================== --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\6BYRX0JS\pirrit-virus-71027[1].htm --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 0 Created time: 2014-07-23 22:31:33 Modified time: 2014-07-23 22:31:33 MD5: D41D8CD98F00B204E9800998ECF8427E SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\BII41CHY\pirrit-suggestor-explorer-2[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 38518 Created time: 2014-07-23 20:21:09 Modified time: 2014-07-23 20:21:10 MD5: B63F121EEAED8F97CC7FA2E15503BE62 SHA1: 1CD7312A433F4042FC02821FBC7DC3AC100462C2 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\DI0X92P9\pirrit-suggestor-firefox-2[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 20035 Created time: 2014-07-23 20:21:10 Modified time: 2014-07-23 20:21:10 MD5: 916EC07647BE50EB950BB6AEE23EA945 SHA1: 21E151F308A80A470B3B6FD5B9F1E1133433C667 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\DI0X92P9\pirrit-virus-71537[1].htm --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 80445 Created time: 2014-07-26 21:17:34 Modified time: 2014-07-26 21:17:34 MD5: CF3302B37CB1AE7867CF94AF4D3EB3F9 SHA1: 53D7186C49EE4910B81708B9AF0D8B8AF0E05883 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KPMIH0N5\pirrit-suggestor-firefox-1[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 21639 Created time: 2014-07-23 20:21:10 Modified time: 2014-07-23 20:21:10 MD5: B07C06981CF761CEBCCA91BFFAB7E488 SHA1: 269CB18E0E6FBF93A1E95CAAE880C80B76012A04 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Q3JHXY7W\PirritSuggestor[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 4748 Created time: 2014-07-23 20:45:12 Modified time: 2014-07-23 20:45:12 MD5: 9B3970D727A4F93A8AF835E71284D563 SHA1: 4D8DF4D5A86115CE671F1BC1243A41E3D1C70E76 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor-chrome-1[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 32462 Created time: 2014-07-23 20:21:09 Modified time: 2014-07-23 20:21:09 MD5: 5BD6D242161E3809AEDC6FF415E97FDE SHA1: BC2D640A205561CB6EDE329666039365DC147B88 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor-chrome-2[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 19463 Created time: 2014-07-23 20:21:09 Modified time: 2014-07-23 20:21:09 MD5: 7E64F0D29540E05CDA152208186600B9 SHA1: B7EB14EA285A4BAE7ECBA170DA8F5CC9E473AEE7 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor-explorer-1[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 18835 Created time: 2014-07-23 20:21:08 Modified time: 2014-07-23 20:21:09 MD5: FE0DA1B32665089D6904E3482E1000EE SHA1: C1CBC40C08FF6336DEE1B9ECA3D5FE96D7FA8355 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor-popup[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 32678 Created time: 2014-07-23 20:21:08 Modified time: 2014-07-23 20:21:09 MD5: 9B55DEE9849FDAA1E41A2A0D7451AEA3 SHA1: 830B44E9938826EAE46DA86FBC6654DEA05DF2C1 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor-search-engine-ads[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 17811 Created time: 2014-07-23 20:21:08 Modified time: 2014-07-23 20:21:09 MD5: 181FF0FBE07D4FF9A32C62F30A94F483 SHA1: 599AAE2ACDCA716B20635B31A50DD631ADD4E10E --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor-uninstall[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 37020 Created time: 2014-07-23 20:21:08 Modified time: 2014-07-23 20:21:10 MD5: 4D221407E3A6A79E8D392DC3D94F184A SHA1: 7F56DC54B823AA286D15C62CCB5E3E1C74FEC309 --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\QBOO4TKC\pirrit-suggestor[1].jpg --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 25719 Created time: 2014-07-23 20:21:08 Modified time: 2014-07-23 20:21:09 MD5: 3F4DD72F32333703CE79980F8CC54908 SHA1: ACC3D5136F035C5F58B866143D9C07DC1B2F49EB --- C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\S6K1SARN\pirrit-suggestor-virus[1].png --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 589 Created time: 2014-07-23 20:21:10 Modified time: 2014-07-23 20:21:10 MD5: 1A6312AB42A0EECF75834FEC485F196E SHA1: D05C6B5FD5BA0B144D2DD89638B890986388524C ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [03-07-2014 17:13] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] Google Docs - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{65CA616E-E144-458D-9B69-2E8D20D5B8F9}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {65CA616E-E144-458D-9B69-2E8D20D5B8F9} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:24888" "ProxyOverride"=";*origin.com;*ea.com;*akamaihd.net" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\RPW~1.VAN\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\RPW~1.VAN\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=110 folders=29 18814142 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\R.P.W. van Tienen\AppData\Local\Temp will be emptied at reboot C:\Users\RPW~1.VAN\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\RPW~1.VAN\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\msvcr100.dll" not found "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax\msvcr100.dll" not found "C:\Windows\Syswow64\DashboardDesktopRaw\msvcr100.dll" not found "C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax" not found "C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax" not found "C:\Windows\Syswow64\DashboardDesktopRaw" not found ==== EOF on za 26-07-2014 at 23:29:44,64 ======================