Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by Joren on za 03-01-2015 at 17:33:13,61. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joren\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3-1-2015 17:37:54 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2156265142-1407450138-2509539147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-2156265142-1407450138-2509539147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2156265142-1407450138-2509539147-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPPD deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPPD deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\SaveSense deleted C:\Program Files\PassShow-soft deleted C:\Program Files\SearchProtect deleted C:\user.js deleted C:\Users\Joren\AppData\Local\SearchProtect deleted C:\Users\Joren\AppData\Local\cache deleted C:\Windows\system32\config\systemprofile\AppData\Local\SearchProtect deleted C:\Users\Joren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-01-02 17:07:55 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Joren\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-01-02 17:08:12 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\Windows\System32\aswBoot.exe ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-03 14:39:27 -------- d-----w- C:\Program Files\trend micro 2015-01-02 00:32:00 -------- d-----w- C:\Program Files\Microsoft Silverlight ======= C: ===== ====== C:\Users\Joren\AppData\Roaming ====== ====== C:\Users\Joren ====== 2015-01-03 14:37:18 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Joren\Downloads\RSIT.exe 2015-01-02 00:32:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-02 00:29:15 729CDAB7188F18358F6610BEC517EF04 6958304 ----a-w- C:\Users\Joren\Downloads\Silverlight.exe ====== C: exe-files == 2015-01-03 14:39:28 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Joren.exe 2015-01-03 14:37:18 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Joren\Downloads\RSIT.exe 2015-01-02 17:08:12 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\Windows\System32\aswBoot.exe 2015-01-02 00:29:15 729CDAB7188F18358F6610BEC517EF04 6958304 ----a-w- C:\Users\Joren\Downloads\Silverlight.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2156265142-1407450138-2509539147-1000\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Users\Joren\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Users\Joren\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" ==== Startup Folders ====================== 2014-09-15 18:40:31 1942 ----a-w- C:\Users\Joren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk 2014-07-21 13:11:42 1118 ----a-w- C:\Users\Joren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02-01-2015 18:25] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-07-2014 19:13] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-07-2014 19:13] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Nero\Nero Info" [C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Joren\AppData\Roaming\Mozilla\Firefox\Profiles\g7nwi24w.default user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006"); user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.defaultenginename", "Google (avast)"); user_pref("browser.search.selectedEngine", "Google (avast)"); user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [02-01-2015 18:08] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{BD4ACD0E-3854-3C2A-20FC-BC9B823C8DED}"="C:\Program Files\PassShow-soft\171.xpi" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Joren\AppData\Roaming\Mozilla\Firefox\Profiles\g7nwi24w.default 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[02-01-2015 18:06] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Docs - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast Online Security - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Joren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2156265142-1407450138-2509539147-1000\Software\Mozilla\Firefox\Extensions\{BD4ACD0E-3854-3C2A-20FC-BC9B823C8DED} deleted successfully ==== Empty IE Cache ====================== C:\Users\Joren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Joren\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Joren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D32MKLW1 will be deleted at reboot C:\Users\Joren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Joren\AppData\Local\Mozilla\Firefox\Profiles\g7nwi24w.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Joren\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=135 folders=49 5288254 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Joren\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joren\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Joren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Joren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D32MKLW1" not found ==== EOF on za 03-01-2015 at 17:58:39,15 ======================