Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Jotte on vr 26/06/2015 at 13:21:06,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70BXQWS0\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 26/06/2015 13:26:06 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\WinZipper deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\WinRAR deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\iolo deleted successfully C:\Users\Jotte\AppData\Roaming\TP deleted successfully C:\Users\Jotte\AppData\Local\Downloaded Installations deleted successfully C:\Users\Jotte\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Jotte\AppData\Local\EmieSiteList deleted successfully C:\Users\Jotte\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2727987715-1323835962-3617500602-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe C:\Program Files (x86)\Picexa\PicexaSvc.exe C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Tor\tor.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe C:\Program Files (x86)\ProductUI\Startup.exe C:\Users\Jotte\AppData\Roaming\Yontoo\YontooDesktop.exe C:\Users\Jotte\AppData\Local\Smartbar\Application\QuickShare.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Users\Jotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70BXQWS0\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Users\Jotte\AppData\Local\RGMService\pffpp\bdda.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Jotte\AppData\Local\Smartbar\Application\Lrcnta.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Yontoo Desktop Updater deleted successfully