Zoek.exe v5.0.0.0 Updated 26-09-2015 Tool run by aby mehdy on Sat 09/26/2015 at 15:01:25.32. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\aby mehdy\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Program Files\VSTplugins deleted successfully C:\Users\aby mehdy\AppData\Roaming\Publish Providers deleted successfully C:\Users\aby mehdy\AppData\Roaming\uTorrent deleted successfully C:\Users\aby mehdy\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\aby mehdy\AppData\Local\EmieSiteList deleted successfully C:\Users\aby mehdy\AppData\Local\EmieUserList deleted successfully C:\Users\aby mehdy\AppData\Local\VirtualStore deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npggsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npggsvc deleted successfully ==== Deleting Files \ Folders ====================== C:\f6473257dae0be847f02ac9e9714bc deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ABYMEH~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2015-09-23 08:32:38 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\4A204B89.sys 2015-09-20 07:49:11 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\6F413FE2.sys 2015-09-14 07:45:52 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\391D688B.sys 2015-09-09 14:07:40 C532028F7EFF8831BE6B5E3C417E07FA 50176 ----a-w- C:\Windows\System32\drivers\appid.sys 2015-09-09 14:06:56 C41140DBF0BEA35E480A9CF9823B2B08 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-09-09 14:06:55 88246FD556E98BF416AC00C418B83D1D 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-09-09 14:06:53 BAF4E2BE25E8EDFDAA98AA17D92E3C35 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-09-09 14:06:52 70EF9F86474BA28A6898228E1C9ABDCB 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-09-09 14:06:52 300E85A19AFD4DF992AB6297C6E64CA1 225792 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-09-09 06:38:50 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\45CB2E93.sys ====== C:\Windows\Tasks ====== 2015-08-29 11:48:11 1FC5A0BA068B4F5696A378C805455CA5 4150 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA1d0e250940cd630 2015-08-29 11:48:10 8E5A4E25011928DDB6D374B24F36D3C9 1044 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e250940cd630.job 2015-08-29 11:48:00 84716CF974AB26C01030C014905D6595 3898 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d0e2508d5090de 2015-08-29 11:47:58 BA347D03FC1A75CB6DF15D1A949C8F91 1040 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2508d5090de.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-09-25 11:57:27 -------- d-----w- C:\Program Files\trend micro ======= C: ===== 2015-09-25 06:46:03 419EAF3E2C662D1699FB3240E78E562F 3528 ------w- C:\bootsqm.dat ====== C:\Users\aby mehdy\AppData\Roaming ====== 2015-09-05 09:07:41 -------- d-----w- C:\Users\aby mehdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword ====== C:\Users\aby mehdy ====== 2015-09-25 11:56:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\aby mehdy\Downloads\RSIT.exe 2015-09-10 21:32:35 -------- d-----r- C:\Users\aby mehdy\Creative Cloud Files 2015-09-10 21:23:29 -------- d-----w- C:\ProgramData\boost_interprocess 2015-09-05 09:07:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword ====== C: exe-files == 2015-09-25 11:57:27 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\aby mehdy.exe 2015-09-25 11:56:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\aby mehdy\Downloads\RSIT.exe 2015-09-21 19:00:18 F051A6D1D7D27C094928DB1157291E5A 2934864 ----a-w- C:\Program Files\Google\Update\Install\{F73C0234-91D2-4748-8EB8-95E00BBBD315}\45.0.2454.99_45.0.2454.93_chrome_updater.exe 2015-09-21 19:00:18 F051A6D1D7D27C094928DB1157291E5A 2934864 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.99\45.0.2454.99_45.0.2454.93_chrome_updater.exe === C: other files == 2015-09-23 08:32:38 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\4A204B89.sys 2015-09-20 07:49:11 739164A8B8FB2F1B50A498F20AF7B21E 98520 ----a-w- C:\Windows\System32\drivers\6F413FE2.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3354156011-1975946161-849280533-1000\Software\Microsoft\Windows\CurrentVersion\Run] "NexonPlug"="C:\Nexon\NexonPlug\NexonPlug.exe" "DriverTurbo"="C:\Program Files\DriverTurbo\DriverTurbo.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "BingSvc"="C:\Users\aby mehdy\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NexonPlug"="C:\Nexon\NexonPlug\NexonPlug.exe" "DriverTurbo"="C:\Program Files\DriverTurbo\DriverTurbo.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "BingSvc"="C:\Users\aby mehdy\AppData\Local\Microsoft\BingSvc\BingSvc.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/12/2015 03:18 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e2508d5090de.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/29/2015 01:43 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0e250940cd630.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/29/2015 01:43 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1d0e2508d5090de" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA1d0e250940cd630" [C:\Program Files\Google\Update\GoogleUpdate.exe] ==== Folders in C:\PROGRA~2 0-6 Months Old ====================== 2015-05-19 01:59:08 -------- d-----w- C:\PROGRA~2\Apple Computer 2015-05-19 14:02:24 -------- d-----w- C:\PROGRA~2\Sony 2015-07-30 01:38:54 -------- d-----w- C:\PROGRA~2\NortonInstaller 2015-09-10 21:23:29 -------- d-----w- C:\PROGRA~2\boost_interprocess ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/24/2015 02:24 PM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "MFVersion"="MF38.0.5 (x86 nl)" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\aby mehdy\AppData\Roaming\Mozilla\Firefox\Profiles\79gc7y3r.default-1432000874082 59492511D7A8BC90A2F6023218E80F9C - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6 17D7FEB824594E6446059EB3987D1AA9 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6 0900BBAB5745ECEC21C5E8254F05B7B0 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6 B239D122D14692FC5EFBA7121C770F61 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6 847C1A6B649D406FDB721E1BCE4E1E38 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6 A9E98D1FCB614713E87149FCBE8459F2 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 0FFC7C7A12BD7B0465D97E7745287370 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat C2D756C95D5AE3D030E7D394B9C771B9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 381C8C05D178E7C871BE088AF5B7D62C - C:\ProgramData\Nexon\NGM\npNxGame.dll - Nexon Game Controller 0A7CFC4EE9CC3206B1DC522FCB8C3DB1 - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll - Silverlight Plug-In 9A77557E21CB7F86ECA830AF457DA9F5 - C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll - Shockwave for Director / Shockwave for Director EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash EF3CA2A515FEC970E22D2C424A42401E - C:\Users\aby mehdy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 0B8378EA70622A6F3EC50CC4AF62764C - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.99 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/24/2015 02:23 PM] cosstminn - aby mehdy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\keojphajajgcapnhfikfgfianjdhjloa Google Drive - aby mehdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Docs Offline - aby mehdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - aby mehdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Into The Mist - aby mehdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh Google Wallet - aby mehdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda cosstminn - aby mehdy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keojphajajgcapnhfikfgfianjdhjloa cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\keojphajajgcapnhfikfgfianjdhjloa cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keojphajajgcapnhfikfgfianjdhjloa cosstminn - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keojphajajgcapnhfikfgfianjdhjloa ==== Chromium Startpages ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.com/" ], ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3354156011-1975946161-849280533-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_USERS\S-1-5-21-3354156011-1975946161-849280533-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=102 folders=26 8688436 bytes) ==== EOF on Sat 09/26/2015 at 15:10:31.32 ======================