Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by John-Erika on zo 25/01/2015 at 22:19:36,38. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\John\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 25/01/2015 22:21:55 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\Program Files\log deleted successfully C:\Users\John\AppData\Roaming\iLauncher deleted successfully C:\Users\John\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\John\AppData\Roaming\Samsung Multimedia Viewer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SoftonicAssistant"= [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Users\John\AppData\Local\SoftonicAssistant deleted C:\Users\John\AppData\Roaming\iLinker deleted C:\Users\John\AppData\Roaming\pdfforge deleted C:\PROGRA~3\Package Cache deleted C:\Users\John\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Gesture Controller deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\John\Downloads\wzmp_8.exe deleted "C:\Windows\Installer\23aa2.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\John\AppData\Local\Temp ==== ====== Java Cache ===== 2014-12-30 12:53:54 EB6D6B28D5F27E91F39DA887126BB9F0 5358 ----a-w- C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\23ac4802-54a0a5d4 2014-12-30 12:53:54 70498E28C31CFB908A7BA1B265429CFD 1033 ----a-w- C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\53d34cb7-5ede5bff ====== C:\Windows\SysWOW64 ===== 2015-01-25 13:48:37 3B26DCAB842C280FA7271FF2B58D3293 28352 ----a-w- C:\Windows\SysWOW64\aspnet_counters.dll 2015-01-25 13:42:21 DCE9FD22B136C127C85F285E083B928B 65536 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-25 13:41:56 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-25 13:41:56 BFFD9961B29DAB8084278DB2314D6027 33280 ----a-w- C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-25 13:41:56 B5867FF96CD0F7712CB4985EAC9F9147 370424 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2015-01-25 13:41:56 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\Windows\SysWOW64\wermgr.exe 2015-01-25 13:41:56 7B2643AE85322EA168B0E760B73258FF 424544 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2015-01-25 13:41:56 4B07B24705A9225EB565650569BDA26B 344536 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-25 13:41:56 1F9C1925A85C6CC592C2FF612A610412 372408 ----a-w- C:\Windows\SysWOW64\Faultrep.dll 2015-01-25 13:41:56 1EB1C1E43C1901865C5AE34A9771C069 448792 ----a-w- C:\Windows\SysWOW64\wer.dll 2015-01-25 13:41:56 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\Windows\SysWOW64\WerFault.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-25 13:48:40 9BC00C5608BF75BEAE893814A3AEC2AD 29888 ----a-w- C:\Windows\Sysnative\aspnet_counters.dll 2015-01-25 13:42:45 19424364D8C03B990C4281BE53963FD0 225280 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-25 13:42:37 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-01-25 13:42:21 FE11972797DED38CA55E88BD3579F6A2 360448 ----a-w- C:\Windows\Sysnative\ncsi.dll 2015-01-25 13:42:21 E94EB2A95D7D016E119C4D6868788831 391680 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2015-01-25 13:42:21 6319232C1CE39AC35316CF51910EEEB5 86016 ----a-w- C:\Windows\Sysnative\nlaapi.dll 2015-01-25 13:41:56 E24D3259769A0218FE19BB306821C2E5 394120 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2015-01-25 13:41:56 D1E3B8D9130C70F6A3D4FDB52373FF34 37888 ----a-w- C:\Windows\Sysnative\werdiagcontroller.dll 2015-01-25 13:41:56 A41B72F81B389786805CC4D5767B5FBC 531616 ----a-w- C:\Windows\Sysnative\ci.dll 2015-01-25 13:41:56 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\Windows\Sysnative\WerFaultSecure.exe 2015-01-25 13:41:56 8EBC741DDE9409038262E2F317ED7CCE 535640 ----a-w- C:\Windows\Sysnative\wer.dll 2015-01-25 13:41:56 8779FDAE68BC948B0FE152E758CC8DA7 229888 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll 2015-01-25 13:41:56 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\Windows\Sysnative\audiodg.exe 2015-01-25 13:41:56 6F237EE5DDA34EAF3D9C79D4A283E250 482872 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2015-01-25 13:41:56 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\Windows\Sysnative\WerFault.exe 2015-01-25 13:41:56 61EA45A645854FE81D8A924E2D93DFFE 911360 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2015-01-25 13:41:56 428F083690D7AAA012338FD5A0663EE3 500016 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2015-01-25 13:41:56 41C501FD9D42F3F04A8532C73E09F356 108944 ----a-w- C:\Windows\Sysnative\EncDump.dll 2015-01-25 13:41:56 2C354FA91EF605007FD11BB89EED2266 413248 ----a-w- C:\Windows\Sysnative\Faultrep.dll 2015-01-25 13:41:56 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\Windows\Sysnative\wermgr.exe 2015-01-24 01:20:52 DE57FFEC9DFAD3927368C608C800FBB7 13462 ----a-w- C:\Windows\Sysnative\.crusader ====== C:\Windows\Sysnative\drivers ===== 2015-01-25 13:42:37 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\Windows\Sysnative\drivers\ahcache.sys 2015-01-25 13:42:22 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-25 12:12:59 -------- d-----w- C:\Program Files\trend micro 2015-01-24 00:49:06 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\John\AppData\Roaming ====== 2015-01-23 20:07:12 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\John\AppData\Local\resmon.resmoncfg 2015-01-11 23:17:19 -------- d-----w- C:\Users\John\AppData\Locallow\Oracle ====== C:\Users\John ====== 2015-01-25 19:07:10 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp 2015-01-25 13:48:29 2145AEDEE1B63994623CD3282A9FC8A8 960688 ----a-w- C:\Users\John\Downloads\uninstall_flash_player.exe 2015-01-25 12:12:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\John\Desktop\RSITx64.exe 2015-01-24 00:49:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-01-24 00:47:47 -------- d-----w- C:\ProgramData\HitmanPro 2015-01-24 00:47:40 DC56182AF1F306F6F2A641EAA0055015 11225840 ----a-w- C:\Users\John\Downloads\HitmanPro_x64.exe ====== C: exe-files == 2015-01-25 13:48:29 2145AEDEE1B63994623CD3282A9FC8A8 960688 ----a-w- C:\Users\John\Downloads\uninstall_flash_player.exe 2015-01-25 12:13:00 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\John-Erika.exe 2015-01-25 12:12:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\John\Desktop\RSITx64.exe 2015-01-24 00:49:06 DC56182AF1F306F6F2A641EAA0055015 11225840 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2015-01-24 00:47:40 DC56182AF1F306F6F2A641EAA0055015 11225840 ----a-w- C:\Users\John\Downloads\HitmanPro_x64.exe 2015-01-23 15:02:33 45EC108C8F3467DEB9E1348B1ACC181D 359471688 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\66da8fbe-9114-4422-bd8a-c8f30448548d\347.25-notebook-win8-win7-64bit-international-whql-g.exe 2015-01-23 15:02:09 8EBBAB4AE945947E6D4D37743F875025 432456 ----a-w- C:\Users\Larissa\AppData\Local\NVIDIA\NvBackend\Packages\00006b79\CoProc update.19241512.exe 2015-01-23 15:02:09 59060D97C10590698ADB544D79D44A7D 4852104 ----a-w- C:\Users\Larissa\AppData\Local\NVIDIA\NvBackend\Packages\00006d27\DAO.19257756.exe 2015-01-23 00:08:42 D94C1113F8E87F877B398185AAE53559 34975816 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\0ce1481e-bec3-4dce-b4c6-a7937673d6d6\GeForce_Experience_Update_v2.2.2.0.exe 2015-01-23 00:08:23 59060D97C10590698ADB544D79D44A7D 4852104 ----a-w- C:\Users\John\AppData\Local\NVIDIA\NvBackend\Packages\00006d27\DAO.19257756.exe 2015-01-19 22:47:34 8EBBAB4AE945947E6D4D37743F875025 432456 ----a-w- C:\Users\John\AppData\Local\NVIDIA\NvBackend\Packages\00006b79\CoProc update.19241512.exe === C: other files == 2015-01-25 13:42:37 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\Windows\System32\drivers\ahcache.sys 2015-01-25 13:42:22 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-937223703-4056474706-2104640321-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "CycloAgent"="C:\Program Files (x86)\CycloAgent\CycloAgent.exe" "SoftonicAssistant"="C:\Users\John\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TSVU"="c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" "mcpltui_exe"="C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe /platui /runkey" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "CycloAgent"="C:\Program Files (x86)\CycloAgent\CycloAgent.exe" "SoftonicAssistant"="C:\Users\John\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe" "HP Deskjet 3050A J611 series (NET)"="C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe -scfn HP Deskjet 3050A J611 series (NET) -AutoStart 1" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t" "TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe" "TSSSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2014-05-30 22:24:06 1337 ----a-w- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2014-09-22 20:08:05 2070 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnk ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\Maxthon Update" ["C:\Program Files (x86)\Maxthon\Bin\mxup.exe"] "C:\Windows\SysNative\tasks\Resolution+ Setting Task" [C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe] "C:\Windows\SysNative\tasks\UMonitor Task" [C:\Windows\SysWOW64\UMonit64.exe] "C:\Windows\SysNative\tasks\{59FDE22B-48D6-4841-A657-7C76C3844CC5}" ["c:\program files (x86)\maxthon\bin\maxthon.exe"] "C:\Windows\SysNative\tasks\TOSHIBA\CommonNotifier" [C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe] "C:\Windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\John\AppData\Roaming\TomTom\HOME\Profiles\lo5lhdkd.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{D0BE210D-9A5F-49C6-A4C6-58AE4DFE49C5}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {D0BE210D-9A5F-49C6-A4C6-58AE4DFE49C5} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-937223703-4056474706-2104640321-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D0BE210D-9A5F-49C6-A4C6-58AE4DFE49C5} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF07604E-C860-40E9-A230-E37FA41F103A} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftonicAssistant deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Larissa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Larissa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\Larissa\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Larissa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=36 folders=39 88056559 bytes) ==== Empty Temp Folders ====================== C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\John\AppData\Local\Temp will be emptied at reboot C:\Users\Larissa\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\John\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 25/01/2015 at 23:02:18,91 ======================