Zoek.exe v5.0.0.1 Updated 06-October-2015 Tool run by Eigenaar on wo 07/10/2015 at 11:57:07,94. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eigenaar\Desktop\zoek (1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-09-15-215201.log 30157 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\ClearfiCopyHook {ED32C084-BABB-11E1-B491-D4D66088709B} C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\Eigenaar\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\WINDOWS\zoek-delete.exe" not found C:\zoek_backup deleted "C:\WINDOWS\Syswow64\Windows.Media.MediaControl.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Streaming.ps.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Networking.Connectivity.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Immersive.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Input.Inking.dll" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-10-05 09:23:23 7E70A712CEB1C8946A1B5A74BFE71CA8 904818587 ----a-w- C:\WINDOWS\MEMORY.DMP ====== C:\Users\Eigenaar\AppData\Local\Temp ==== 2015-10-07 09:44:46 0AE9C56506E2F69B4DEB9D90C8297938 71168 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe0fkgj.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2015-09-09 03:30:15 FEA8FC81431AD93F44D5FBFBBF096AA7 118272 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthpan.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-09-14 11:26:22 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-09-21 13:37:37 -------- d-----w- C:\PROGRA~2\Lame For Audacity 2015-09-18 15:58:14 -------- d-----w- C:\PROGRA~2\Audacity 2015-09-14 11:51:17 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Eigenaar\AppData\Roaming ====== 2015-10-06 16:20:30 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\CrashDumps 2015-10-04 14:31:14 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-09-18 15:58:31 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Audacity 2015-09-15 21:49:39 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2015-09-15 21:49:39 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2015-09-15 21:49:39 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Temp 2015-09-15 21:49:39 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-09-15 21:49:39 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-09-14 11:51:08 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Sun 2015-09-14 11:50:18 -------- d-----w- C:\Users\Eigenaar\AppData\Locallow\Oracle ====== C:\Users\Eigenaar ====== 2015-10-06 16:20:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Eigenaar\Downloads\RSITx64 (1).exe 2015-10-02 00:16:10 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2015-09-14 11:51:04 -------- d-----w- C:\Users\Eigenaar\.oracle_jre_usage ====== C: exe-files == 2015-10-06 16:57:07 3BD1ACA79949B366BAFB5218FA35A6AD 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3839557676-4073800451-2590231035-1002\$I0GBA6W.exe 2015-10-06 16:20:59 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3839557676-4073800451-2590231035-1002\$R0GBA6W.exe 2015-10-06 16:20:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Eigenaar\Downloads\RSITx64 (1).exe 2015-10-06 16:20:04 CF234652856D37CB7775B549A0036C75 6600552 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00007f8d\DAO.20029893.exe 2015-10-06 12:11:21 74CB3821F0E8636A15C4141BDDA7CA00 587000 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00007f86\CoProc update.20029353.exe 2015-10-06 10:28:20 98D593A5AE41F761225AB95FFAA767C1 630200 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-10-06 10:28:18 75E6C4F744C72550AADECED8F52A3E3F 172984 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-10-05 15:19:45 13E9D2485E27BE2416009B37DCFB768A 529160 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00007f7b\CoProc update.20025888.exe 2015-10-04 14:30:16 29A95EA006B420C82BBE2415F0B1AE0C 50771064 ----a-w- C:\Users\Eigenaar\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.10.7\DropboxClient_3.10.7.exe 2015-10-02 20:51:22 C73B06E7D0063713CDEE6C160B692603 6376136 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00007f71\DAO.20019059.exe 2015-10-01 09:38:57 2C32056CB8E5C4F7A2CE7FF4588098B6 528632 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00007f6a\CoProc update.20014793.exe 2015-10-01 09:38:48 B786A5777AD4963003839256CA7CA395 6369152 ----a-w- C:\Users\Eigenaar\AppData\Local\NVIDIA\NvBackend\Packages\00007f51\DAO.20007618.exe 2015-10-01 08:36:29 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe === C: other files == 2015-10-06 14:37:13 F001C268600D36E41952C364913F6813 184101 ----a-w- C:\Users\Eigenaar\Downloads\2de plenaire vergadering starters - ontmoeting RvB 20102015.zip 2015-10-06 12:25:24 DCD1D690B0DE4B3BB728A331468026A0 8695845 ----a-w- C:\Users\Eigenaar\Downloads\ygohack137-master (22).zip 2015-10-02 12:15:14 8A4901C1EFBBACA8DEB210580DAB2A28 8620252 ----a-w- C:\Users\Eigenaar\Downloads\ygohack137-master (21).zip 2015-10-02 10:14:20 39D86EEB48DCDAD37DEC8E7CAA255FCD 560485 ----a-w- C:\Users\Eigenaar\Downloads\Welkom in COLOMAplus (1).zip 2015-10-02 08:38:25 8976D9214B31A65E89DE08BC90AC6FA9 560485 ----a-w- C:\Users\Eigenaar\Downloads\Welkom in COLOMAplus.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3839557676-4073800451-2590231035-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Dropbox Update"="C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "RadioController"="C:\Program Files (x86)\RadioController\RfBtnHelper.exe Start_Run" "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Dropbox Update"="C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll, C:\\WINDOWS\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2015-05-16 09:31:07 1197 ----a-w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3839557676-4073800451-2590231035-1002Core.job --a-------- C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [13/06/2015 11:19] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3839557676-4073800451-2590231035-1002UA.job --a-------- C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe [13/06/2015 11:19] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 02:24] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 02:24] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3839557676-4073800451-2590231035-1002Core" [C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3839557676-4073800451-2590231035-1002UA" [C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{51E6C95C-2D4F-4BE1-AC30-6783C85A2D02}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-06-13 09:19:57 -------- d-----w- C:\PROGRA~3\Dropbox 2015-06-16 15:37:36 -------- d-----w- C:\PROGRA~3\Skype ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\i8bhi03m.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.search.selectedEngine", "Google"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\kompozer.net\KompoZer\Profiles\od0bbdui.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 Google Drive - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Docs Offline - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Eigenaar\AppData\Local\Mozilla\Firefox\Profiles\i8bhi03m.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7 folders=0 307650 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eigenaar\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\Syswow64\Windows.Media.MediaControl.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Streaming.ps.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Networking.Connectivity.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Immersive.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Input.Inking.dll" not deleted ==== EOF on wo 07/10/2015 at 12:21:10,15 ======================