Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Hans007 on di 07/07/2015 at 15:38:33,35. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hans007\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 7/07/2015 15:41:16 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\OLBPre deleted successfully C:\Program Files\CCleaner deleted successfully C:\Program Files\log deleted successfully C:\Program Files\McAfee deleted successfully C:\Users\Hans007\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Hans007\AppData\Local\EmieSiteList deleted successfully C:\Users\Hans007\AppData\Local\EmieUserList deleted successfully C:\Users\Hans007\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3026035482-1663455741-4292464263-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\OLBPre not found C:\Program Files (x86)\AnyProtectEx not found C:\Users\Hans007\AppData\Local\ConvertAd not found C:\Program Files (x86)\OLBPre not found C:\Users\Hans007\AppData\Roaming\istartsurf deleted C:\ProgramData\IHProtectUpDate deleted C:\Program Files (x86)\MiuiTab deleted C:\ProgramData\WindowsMangerProtect deleted C:\Program Files (x86)\Probit Software deleted C:\PROGRA~2\SearchProtect deleted C:\PROGRA~2\ver3BlockAndSurf deleted C:\Users\Hans007\AppData\Roaming\AnyProtectEx deleted C:\Users\Hans007\AppData\Local\nso5F5E.tmp deleted C:\Users\Hans007\AppData\Local\SearchProtect deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb deleted C:\windows\tasks\APSnotifierPP1.job deleted C:\windows\tasks\APSnotifierPP2.job deleted C:\windows\tasks\APSnotifierPP3.job deleted C:\windows\SysNative\tasks\APSnotifierPP1 deleted C:\windows\SysNative\tasks\APSnotifierPP2 deleted C:\windows\SysNative\tasks\APSnotifierPP3 deleted C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\Users\Hans007\Documents\Probit Software deleted "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dll" deleted "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dll" deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2015-06-26 06:06:42 21472EEFD4FD4969BE10F8CF776BF0DD 591200423 ----a-w- C:\windows\MEMORY.DMP 2015-06-22 07:07:52 2169B4B1EFAA3453A4DA732F1F94C1E1 43112 ----a-w- C:\windows\avastSS.scr ====== C:\Users\Hans007\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2015-07-05 16:02:34 3B26DCAB842C280FA7271FF2B58D3293 28352 ----a-w- C:\windows\SysWOW64\aspnet_counters.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2015-07-05 16:02:35 9BC00C5608BF75BEAE893814A3AEC2AD 29888 ----a-w- C:\windows\Sysnative\aspnet_counters.dll 2015-07-05 14:57:12 9CA2FDD44F7C1F8AC1652F6C2638CFED 364472 ----a-w- C:\windows\Sysnative\aswBoot.exe ====== C:\windows\Sysnative\drivers ===== 2015-06-22 07:07:31 81A2A421E6D7B43AA9E87A5FCB5730C3 449896 ----a-w- C:\windows\Sysnative\drivers\aswNdisFlt.sys 2015-06-10 05:41:51 44603DA5A87FB491EF59C889EBBB4DDB 325464 -c--a-w- C:\windows\Sysnative\drivers\USBXHCI.SYS ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-07-06 12:46:50 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-06-11 09:18:45 -------- d-----w- C:\PROGRA~2\TomTom HOME 2 2015-06-11 09:16:05 -------- d-----w- C:\PROGRA~2\TomTom International B.V 2015-06-11 09:15:58 -------- d-----w- C:\PROGRA~2\MyDrive Connect ======= C: ===== ====== C:\Users\Hans007\AppData\Roaming ====== 2015-06-11 09:19:05 -------- d-----w- C:\Users\Hans007\AppData\Roaming\TomTom 2015-06-11 09:19:05 -------- d-----w- C:\Users\Hans007\AppData\Roaming\Mozilla 2015-06-11 09:17:13 -------- d-----w- C:\Users\Hans007\AppData\Local\Downloaded Installations 2015-06-11 09:16:07 -------- d-----w- C:\Users\Hans007\AppData\Local\TomTom ====== C:\Users\Hans007 ====== 2015-07-06 12:46:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Hans007\Downloads\RSITx64.exe 2015-06-11 09:16:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom ====== C: exe-files == 2015-07-06 12:47:28 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Hans007.exe 2015-07-06 12:46:40 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Hans007\AppData\Local\Microsoft\Windows\INetCache\IE\WA7UFE5T\RSITx64.exe 2015-07-06 12:46:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Hans007\Downloads\RSITx64.exe 2015-07-06 10:59:43 211F97923246AD32402DF71EBFBEAE5D 1233920 ----a-w- C:\Users\Hans007\AppData\Local\Packages\D305113D.MedionMediathek_ka6x32c4zxtnt\AC\Microsoft\CLR_v4.0_32\NativeImages\Mediathek\1ca5f4265d5affcfaa24f143d77eefa0\Mediathek.ni.exe 2015-07-06 10:59:38 696CBCAAF8C22D1E6FD630AEAF50CFD2 786944 ----a-w- C:\Users\Hans007\AppData\Local\Packages\34791E63.CanonInkjetPrintUtility_6e5tt8cgb93ep\AC\Microsoft\CLR_v4.0_32\NativeImages\IJPU\ca04d333ca857d06ad43a12b77297c4b\IJPU.ni.exe 2015-07-05 14:57:12 9CA2FDD44F7C1F8AC1652F6C2638CFED 364472 ----a-w- C:\Windows\System32\aswBoot.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3026035482-1663455741-4292464263-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "PowerDVD12Agent"="C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "ConvertAd"="C:\Users\Hans007\AppData\Local\ConvertAd\ConvertAd.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Task Scheduler Jobs ====================== C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/11/2014 11:30] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/11/2014 11:30] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\PDVDServ12 Task" [C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{9FFB11D5-CE90-48EA-ABE5-1E3893F3D823}" [C:\windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [05/07/2015 16:57] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Hans007\AppData\Roaming\TomTom\HOME\Profiles\kpw12nt0.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[24/03/2015 00:28] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/03/2015 00:28] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.nieuwsblad.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.nieuwsblad.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {D97A4DF2-16D7-4010-B994-F19B7D5981E6} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans007\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Hans007\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Hans007\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Hans007\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=177 folders=76 9735039 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Hans007\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Hans007\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dllsearch" not found "C:\windows\AppPatch\AppPatch64\SPVCLdr64.dllsearch" not found "C:\Users\Hans007\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GJ28MEJS\fbstatic-a.akamaihd.net" not found ==== EOF on di 07/07/2015 at 15:59:41,85 ======================