Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Emmy on zo 14-06-2015 at 16:46:05,16. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Emmy\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 14-6-2015 16:47:42 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\Trend Micro deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2201282206-2562182534-352421686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2201282206-2562182534-352421686-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\wrc@avast.com deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaIEn Monitor deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WaIEn Monitor deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SearchProtectionService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SearchProtectionService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LavasoftTcpService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Emmy\AppData\Roaming\Mozilla\Firefox\Profiles\rk2x3u5n.default-1350988910897 user.js not found ---- Lines isearch removed from prefs.js ---- user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?"); ---- FireFox user.js and prefs.js backups ---- prefs_14-06-2015_1717_.backup prefs_28-10-2013_1540_.backup ==== Batch Command(s) Run By Tool====================== De Winsock-catalogus is opnieuw ingesteld. De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Trend Micro not found C:\Program Files\WaIEn deleted C:\Users\Emmy\AppData\Roaming\Mozilla\Firefox\Profiles\rk2x3u5n.default-1350988910897\extensions\en-gb@flyingtophat.co.uk deleted C:\9f646faa5f1e9000f6bd96334c98d811 deleted C:\Users\Emmy\.android deleted C:\PROGRA~3\Lavasoft\Web Companion deleted C:\PROGRA~3\OberonGameConsole deleted C:\Users\Emmy\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted C:\Users\Emmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaIEn\Explore Social Shopping\Ebay.lnk deleted C:\Windows\wininit.ini deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini deleted C:\Users\Emmy\AppData\Roaming\Mozilla\Firefox\Profiles\rk2x3u5n.default-1350988910897\jetpack deleted "C:\Windows\Installer\17b6496.msi" deleted "C:\Windows\Installer\17b649a.msi" deleted "C:\Windows\SysWOW64\LavasoftTcpService.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\log4net.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\System.Data.SQLite.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\WebCompanion.exe" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\en-US" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\x86" deleted ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-05-14 20:09:58 -------- d-----w- C:\PROGRA~3\Lavasoft 2015-05-14 20:18:18 -------- d-----w- C:\PROGRA~3\Free YouTube Downloader ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [22-12-2014 00:17] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Emmy\AppData\Roaming\Mozilla\Firefox\Profiles\rk2x3u5n.default-1350988910897 - Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com - WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - pearltrees - %ProfilePath%\extensions\collector@broceliand.fr.xpi - Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - G Data BankGuard - %AppDir%\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} - G Data WebFilter - %AppDir%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Emmy\AppData\Roaming\Mozilla\Firefox\Profiles\rk2x3u5n.default-1350988910897 5B4DA1113F240C3F06FFF9D52761528B - C:\Users\Emmy\Picasa3\npPicasa3.dll - Picasa 9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[] dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[15-02-2014 03:42] hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[15-02-2014 03:43] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[15-02-2014 03:43] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[22-12-2014 00:05] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[15-02-2014 03:42] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.bing.com/?pc=COSP&ptag=D051415-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.bing.com/?pc=COSP&ptag=D051415-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?pc=COSP&ptag=D051415-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}" {30C03312-7964-4677-8F81-FC0845ADE690} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CA329CEAEB3CC7A4C8BE86228C88FCE2 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B42A61954A95BDF4793594C91B6F3526 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WaIEn deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AEC923AC-C3BE-4A7C-8CEB-6822C888CF2E} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AEC923AC-C3BE-4A7C-8CEB-6822C888CF2E}_WebCompanion deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5916A24B-59A4-4FDB-9753-499CB1F65362} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6C6F6F7-FD47-48C4-82A3-F1444CA24447} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\CA329CEAEB3CC7A4C8BE86228C88FCE2 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B42A61954A95BDF4793594C91B6F3526 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\7F6F6C6B74DF4C84283A1F44C42A4474 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Emmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Emmy\AppData\Local\Mozilla\Firefox\Profiles\rk2x3u5n.default-1350988910897\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Emmy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2394 folders=201 1465872625 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Emmy\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Emmy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 14-06-2015 at 17:38:04,77 ======================