Zoek.exe v5.0.0.0 Updated 08-February-2015 Tool run by Wim on ma 09-02-2015 at 17:01:59,45. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wim\Downloads\zoek (5).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-30-185541.log 136620 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Update service deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\d659f3af-74e8-452d-9aec-3c9738c5efca not found "C:\Users\Wim\AppData\Roaming\HXKJFFZA.exe" not found C:\Program Files\Popcorn Time deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Wim\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-02-09 15:46:16 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\Windows\System32\aswBoot.exe ====== C:\Windows\system32\drivers ===== 2015-01-24 13:39:28 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-01-24 13:39:10 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-01-24 13:39:10 6D2DB74A8CF2DDFE372FFF9C73E8F0EF 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-01-14 21:49:02 B0584CA7DEF55929FDB5169BD28B2484 115200 ----a-w- C:\Windows\System32\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-28 18:05:18 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Wim\AppData\Roaming ====== 2015-01-30 18:00:40 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-30 18:00:40 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-30 18:00:40 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2015-01-30 18:00:39 -------- d-----w- C:\Users\Wim\AppData\Local\Temp 2015-01-30 18:00:39 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-30 18:00:39 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-11 17:35:24 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG ====== C:\Users\Wim ====== 2015-01-28 18:07:10 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Wim\Downloads\RSIT (2).exe 2015-01-28 18:06:06 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Wim\Downloads\RSIT (1).exe 2015-01-28 18:04:32 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Wim\Downloads\RSIT.exe ====== C: exe-files == 2015-02-09 15:46:16 197B2EE973E3BC2B0E32BED69549E41E 291352 ----a-w- C:\WINDOWS\System32\aswBoot.exe 2015-02-09 15:42:41 1AC91AB0DC51CD0B8258945CDED565DB 5006864 ----a-w- C:\Users\Wim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICKB1YP7\avast_free_antivirus_setup_online.exe 2015-02-06 21:14:02 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files\Google\Update\Install\{1A91845E-3F4A-4EC7-839A-DE30E99650E9}\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-06 21:14:02 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-06 07:07:15 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe 2015-02-06 07:07:15 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe 2015-02-06 07:07:15 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe 2015-02-06 07:07:12 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe 2015-02-06 07:06:53 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe 2015-02-06 07:06:52 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe 2015-02-06 07:06:52 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe 2015-02-06 07:06:45 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe 2015-02-06 07:06:41 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Install\{4C8E7AA0-D359-4728-8C87-78F25F04FF97}\GoogleUpdateSetup.exe 2015-02-06 07:06:41 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2196911203-743071290-3581171268-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -automount" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" "LaunchList"="C:\Program Files\Pinnacle\Studio 10\LaunchList.exe" "Skytel"="Skytel.exe" "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "CanonQuickMenu"="C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -automount" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WebCake Desktop Updater] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" ==== Startup Folders ====================== 2013-01-26 14:12:26 1181 ----a-w- C:\Users\Wim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk 2012-01-21 18:03:02 1963 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk 2012-04-14 09:50:15 1799 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05-02-2015 21:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19-10-2014 16:53] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19-10-2014 16:53] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\avastBCLRestartS-1-5-21-2196911203-743071290-3581171268-1000" [C:\Program Files\Google\Chrome\Application\chrome.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\WINDOWS\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{01671E69-F54A-44FD-B4DF-5450F76E221A}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09-02-2015 16:49] ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.94) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09-01-2015 18:51] Google Slides - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki mpajngnpcmjjeoflljdjpnehcfaldcia - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpajngnpcmjjeoflljdjpnehcfaldcia Google Wallet - Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Page"="http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_nlNL467" ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2275 folders=436 1173907120 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Users\Wim\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wim\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Wim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on ma 09-02-2015 at 17:35:03,36 ======================