Zoek.exe v5.0.0.0 Updated 15-March-2015 Tool run by vivianne on di 17/03/2015 at 10:13:14,38. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jonas\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 17/03/2015 10:14:34 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Origin Games deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 64 Bit HP CIO Components Installer Avast Free Antivirus Google Chrome Google Update Helper HD Tune Pro 5.50 Microsoft Office 365 ProPlus - nl-nl Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Origin Speccy WinRAR 5.01 (32-bit) ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\avastUi.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Jonas\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Origin Games not found C:\found.000 deleted C:\found.001 deleted C:\PROGRA~3\APN deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Jonas\AppData\LocalLow\AVG Web TuneUp deleted C:\Users\Jonas\AppData\LocalLow\DataMngr deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 32766 MB CPU Info: Intel(R) Xeon(R) CPU E5630 @ 2.53GHz CPU Speed: 2591,4 MHz Sound Card: Hoofdtelefoon (High Definition | Display Adapters: NVIDIA Quadro FX 1800 | NVIDIA Quadro FX 1800 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Broadcom NetXtreme Gigabit Ethernet CD / DVD Drives: 1x (E: | ) E: TSSTcorpDVD+-RW TS-H653G Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 931,2GB | D: 350,0MB Hard Disks - Free: C: 842,9GB | D: 78,3MB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 03/03/10 | DELL - 15 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 06FW8P Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 40.0.2214.115 Internet Explorer Version: 11.0.9600.17631 Google Chrome version: 40.0.2214.115 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-03-01 18:44:00 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\Users\Jonas\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2015-03-01 18:44:08 DE13ACC4B3EA66B4FBED7CF322807C90 87912 ----a-w- C:\WINDOWS\Sysnative\drivers\aswmonflt.sys 2015-03-01 18:44:08 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\WINDOWS\Sysnative\drivers\aswSP.sys 2015-03-01 18:44:08 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\WINDOWS\Sysnative\drivers\aswHwid.sys 2015-03-01 18:44:08 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\WINDOWS\Sysnative\drivers\aswStm.sys 2015-03-01 18:44:08 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRdr2.sys 2015-03-01 18:44:08 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\WINDOWS\Sysnative\drivers\aswmonflt.sys.1425235477562 2015-03-01 18:44:08 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\WINDOWS\Sysnative\drivers\aswVmm.sys 2015-03-01 18:44:08 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRvrt.sys 2015-03-01 18:44:07 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys 2015-03-01 18:44:07 655D6F1B8722091427FB18663A546E2C 1050432 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys.1425235476453 ====== C:\WINDOWS\Tasks ====== 2015-03-01 18:44:30 25BFE11C209F9CF1569F2569F6306803 4182 ----a-w- C:\WINDOWS\Sysnative\Tasks\avast! Emergency Update ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-03-16 16:31:32 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2015-03-16 16:29:27 -------- d-----w- C:\PROGRA~2\trend micro 2015-03-16 15:14:33 -------- d-----w- C:\PROGRA~2\HD Tune Pro ======= C: ===== ====== C:\Users\Jonas\AppData\Roaming ====== 2015-03-16 16:31:39 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2015-03-16 15:14:38 -------- d-----w- C:\Users\Jonas\AppData\Roaming\HD Tune Pro 2015-03-01 18:55:26 -------- d-----w- C:\Users\Jonas\AppData\Roaming\Dropbox 2015-02-25 21:36:07 -------- d-----w- C:\Users\Jonas\AppData\Local\Diagnostics ====== C:\Users\Jonas ====== 2015-03-16 16:29:14 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jonas\Downloads\RSIT.exe 2015-03-16 15:14:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro ====== C: exe-files == 2015-03-16 16:31:06 678AB0E8665345E72D11149A36F965BE 5127432 ----a-w- C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\IE\6V8XSBEK\spsetup128.exe 2015-03-16 16:29:27 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\vivianne.exe 2015-03-16 16:29:14 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jonas\Downloads\RSIT.exe 2015-03-16 15:14:33 63ABC2E67A080888AEA74E47C07FA345 714526 ----a-w- C:\Program Files (x86)\HD Tune Pro\unins000.exe 2015-03-16 15:14:33 454563ED971883ACF2D58C3B0EA4F299 970752 ----a-w- C:\Program Files (x86)\HD Tune Pro\HDTuneProDriveStatus.exe 2015-03-16 15:14:33 0BE0A505718AC6797954D31BE27A19FC 1314816 ----a-w- C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe 2015-03-16 15:14:24 2616C2FB0EAB3DE29B2E2CB02F9715F3 2195900 ----a-w- C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\IE\6V8XSBEK\hdtunepro_550_trial.exe 2015-03-15 11:27:37 9F1435173BC038992E286DCCFCD227F2 99168 ----a-w- C:\Program Files (x86)\Origin\UpdateTool.exe 2015-03-11 11:20:26 FD59F4408C01BB66040664D6A91556FA 132336 ----a-w- C:\Program Files\Speccy\uninst.exe 2015-03-11 11:18:12 E6C88560A1C00BD746C9D7D1D2113881 7088408 ----a-w- C:\Program Files\Speccy\Speccy64.exe 2015-03-11 11:18:08 769EAD14263EF7CC96B7A22B0AF32469 5519128 ----a-w- C:\Program Files\Speccy\Speccy.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/01/2015 12:24] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/01/2015 12:24] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01/03/2015 19:44] ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.89) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[01/03/2015 19:43] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[01/03/2015 19:43] Google Slides - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast SafePrice - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Google Sheets - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=24 folders=11 5547761 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jonas\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Jonas\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 17/03/2015 at 10:39:33,07 ======================