Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by Gebruiker on za 03-01-2015 at 14:12:01,67. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3-1-2015 14:13:00 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-662476189-4228451443-1068372433-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3974F541-6B28-455A-8AB7-C258D52700F8} deleted successfully HKEY_USERS\S-1-5-21-662476189-4228451443-1068372433-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9895CADB-3F2E-4235-918E-92030B49F456} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign not found C:\PROGRA~3\Package Cache deleted C:\Users\Gebruiker\AppData\Local\avgchrome deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Gebruiker\Downloads\sysrc_trial_25044.exe deleted C:\Users\Gebruiker\Downloads\avg_free_stb_all_2014_4259_cnet.exe deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-03 10:31:31 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\Windows\Sysnative\WPRO_41_2001woem.tmp ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-12-29 15:29:39 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-03 10:51:52 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== ====== C:\Users\Gebruiker ====== 2015-01-03 10:51:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe 2015-01-03 10:27:40 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner_4.106.exe ====== C: exe-files == 2015-01-03 10:51:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe 2015-01-03 10:51:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe 2015-01-03 10:27:40 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner_4.106.exe 2015-01-03 09:27:10 0DE1C4B1585853A8017A2422B745C3E8 836168 ----a-w- C:\Windows\Temp\0123641420277230mcinst.exe 2014-12-29 15:29:28 516C021FEBEDE2962C9252DF85606C76 382168 ----a-w- C:\ProgramData\Adobe\ARM\S\16109\AdobeARMHelper.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-662476189-4228451443-1068372433-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "CreativeTaskScheduler"="C:\Program Files (x86)\Creative\Shared Files\CTSched.exe /logon" "AVG-Secure-Search-Update_1213b"="C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=806851d3a6b047d2a27c057438ce38bb-709ff3effa87bcf004aab549d1ca39ae7f1b0b98 /CMPID=1213b" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-662476189-4228451443-1068372433-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "jswtrayutil"="C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "CreativeTaskScheduler"="C:\Program Files (x86)\Creative\Shared Files\CTSched.exe /logon" "AVG-Secure-Search-Update_1213b"="C:\Users\Gebruiker\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=806851d3a6b047d2a27c057438ce38bb-709ff3effa87bcf004aab549d1ca39ae7f1b0b98 /CMPID=1213b" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Gebruiker\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" ==== Startup Folders ====================== 2013-08-12 09:26:55 1726 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk 2012-11-29 17:33:23 2069 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ziggo Wireless Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-12-2014 21:33] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-11-2012 18:38] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{BB4F7BD4-3C69-482E-8B0C-B16125845709}" [C:\Program Files (x86)\Steam\Steam.exe] "C:\Windows\SysNative\tasks\{FCC50EDB-337F-406D-891B-C1B7E6FE0ACC}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [07-12-2014 11:50] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 11:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\mkg74ad5.default - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} ExtDir: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - HDvid Codec - %ExtDir%\hdvc@hdvc.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\mkg74ad5.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWoW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWoW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleted Firefox Extensions ====================== C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\hdvc@hdvc.com.xpi deleted ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZJ2PP8G will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Gebruiker\AppData\Local\Mozilla\Firefox\Profiles\mkg74ad5.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=29 folders=21 16493237 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZJ2PP8G" not found ==== EOF on za 03-01-2015 at 14:27:03,24 ======================