Zoek.exe v5.0.0.1 Updated 14-December-2015 Tool run by morrine on ma 14/12/2015 at 16:51:52,63. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\morrine\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 14/12/2015 17:00:12 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\ClipNStore deleted successfully C:\PROGRA~2\VideoLAN deleted successfully C:\PROGRA~3\Thomson.ResearchSoft.Installers deleted successfully C:\Users\morrine\AppData\Roaming\EndNote deleted successfully C:\Users\morrine\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\morrine\AppData\Local\EmieSiteList deleted successfully C:\Users\morrine\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e1fdbccc deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\ClipNStore not found C:\PROGRA~2\VideoLAN not found C:\PROGRA~3\Thomson.ResearchSoft.Installers not found C:\Windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\morrine\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-12-13 18:22:47 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\Windows\Sysnative\drivers\PSKMAD.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-12-13 17:42:46 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\morrine\AppData\Roaming ====== ====== C:\Users\morrine ====== 2015-12-13 18:22:38 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp 2015-12-13 18:12:50 1D749FC1137C46737F14EDD47219FDA3 1740288 ----a-w- C:\Users\morrine\Desktop\adwcleaner_5.025.exe 2015-12-13 17:41:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\morrine\Desktop\RSITx64.exe ====== C: exe-files == 2015-12-13 18:12:50 1D749FC1137C46737F14EDD47219FDA3 1740288 ----a-w- C:\Users\morrine\Desktop\adwcleaner_5.025.exe 2015-12-13 17:42:47 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\morrine.exe 2015-12-13 17:41:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\morrine\Desktop\RSITx64.exe 2015-12-13 16:26:35 1D4123FEE14A8E2D0D2BAA5E46500B15 1000264 ----a-w- C:\Windows\Temp\CR_36CE1.tmp\setup.exe 2015-12-13 16:26:34 5236ECC094EBEEEB8CB3A4B0BB456057 2996304 ----a-w- C:\Program Files (x86)\Google\Update\Install\{9DDE45B0-7117-42BE-91FA-38C14074C50B}\47.0.2526.80_47.0.2526.73_chrome_updater_3stage.exe 2015-12-13 16:26:34 5236ECC094EBEEEB8CB3A4B0BB456057 2996304 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\47.0.2526.80\47.0.2526.80_47.0.2526.73_chrome_updater_3stage.exe 2015-12-13 16:05:52 6B371516CE59EBDA8EC3A504BBC0DB90 449584 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\psevents_suite[8].exe === C: other files == 2015-12-13 18:22:47 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys 2015-12-13 16:28:52 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source3216_25057\Chrome-bin\47.0.2526.80\default_apps\youtube.crx 2015-12-13 16:28:52 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source3216_25057\Chrome-bin\47.0.2526.80\default_apps\search.crx 2015-12-13 16:28:52 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source3216_25057\Chrome-bin\47.0.2526.80\default_apps\drive.crx 2015-12-13 16:28:52 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source3216_25057\Chrome-bin\47.0.2526.80\default_apps\gmail.crx 2015-12-13 16:28:52 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source3216_25057\Chrome-bin\47.0.2526.80\default_apps\docs.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3728282020-3136556865-2326149067-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "BingSvc"="C:\Users\morrine\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TSVU"="c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray" "FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"" "FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "BingSvc"="C:\Users\morrine\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t" "TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe" "TSSSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/11/2015 14:16] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A99F6240-3234-4C51-887E-5C7EE6CD2C01}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\TOSHIBA\CommonNotifier" [C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe] "C:\Windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[12/10/2015 09:31] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] AdBlock - morrine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Skype Click to Call - morrine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Fix ====================== C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cpvroundabout.com_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cpvroundabout.com_0.localstorage-journal deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1q89cilvik135.cloudfront.net_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1q89cilvik135.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d1q89cilvik135.cloudfront.net_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d1q89cilvik135.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dj33int897kot.cloudfront.net_0.localstorage deleted successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dj33int897kot.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=nl-be" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\SearchScopes\{D5FF9569-D0D7-46B7-9B13-FC3BAA0833A3} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes\{D5FF9569-D0D7-46B7-9B13-FC3BAA0833A3} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB HKCU\SearchScopes "DefaultScope"="{D5FF9569-D0D7-46B7-9B13-FC3BAA0833A3}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{D5FF9569-D0D7-46B7-9B13-FC3BAA0833A3} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Reset Google Chrome ====================== C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\morrine\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\morrine\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\morrine\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\morrine\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\morrine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=55 folders=38 122741624 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\morrine\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\morrine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 14/12/2015 at 17:19:35,90 ======================