Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Olivier on vr 01/01/2016 at 14:46:37,44. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Olivier\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-01-01-130549.log 17624 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] ==== Deleting Files \ Folders ====================== C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\zzyoyi8t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Olivier\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-12-09 18:48:46 FC974B03C8B87455F44F734C8F31A3C8 37376 -c--a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2015-12-09 18:48:46 D25F0093A71FFB355160358DD70B0373 443224 -c--a-w- C:\Windows\Sysnative\drivers\usbport.sys 2015-12-09 18:48:46 CD81683F4553677B9BF5163A922153EB 462168 -c--a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2015-12-09 18:48:46 BBFD17B6B954FC9FA02E62D604052069 92504 -c--a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2015-12-09 18:48:46 A0F0484C97D6441ED6A75D7426ECCC9E 30208 -c--a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2015-12-09 18:48:46 9A2B3A98D7982372CA36A823F673EFB8 27992 -c--a-w- C:\Windows\Sysnative\drivers\usbd.sys 2015-12-09 18:48:46 5C90D5379B53590FBB24BBAD4FA682EE 468824 -c--a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS 2015-12-09 15:22:54 A7D51169CA28B0AA9B5DE2B7EFB5C3C9 145408 ----a-w- C:\Windows\Sysnative\drivers\rmcast.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-12-12 17:47:17 -------- d-----w- C:\Program Files\Common Files\CANON 2015-12-12 17:45:03 -------- d--h--w- C:\Program Files\CanonBJ ======= C:\PROGRA~2 ===== 2015-12-12 17:43:43 -------- d-----w- C:\PROGRA~2\Canon ======= C: ===== ====== C:\Users\Olivier\AppData\Roaming ====== 2016-01-01 13:05:49 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2016-01-01 13:05:48 -------- d-----w- C:\Users\Olivier\AppData\Local\Temp 2016-01-01 13:05:48 -------- d-----w- C:\Users\Gast\AppData\Local\Temp 2016-01-01 13:05:48 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2016-01-01 13:05:48 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-12-12 17:55:55 -------- d-----w- C:\Users\Olivier\AppData\Roaming\Canon 2015-12-11 14:31:52 -------- d-----w- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-11 13:38:34 -------- d-----w- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli.be Fotoboeken 2015-12-11 13:38:33 -------- d-----w- C:\Users\Olivier\AppData\Local\Albelli.be Fotoboeken ====== C:\Users\Olivier ====== 2015-12-31 18:21:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Olivier\Downloads\RSITx64.exe 2015-12-12 17:58:59 -------- d--h--w- C:\ProgramData\CanonIJScan 2015-12-12 17:57:52 -------- d--h--w- C:\ProgramData\CanonIJEGV 2015-12-12 17:56:39 -------- d-----w- C:\ProgramData\CanonIJ 2015-12-12 17:55:17 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX 2015-12-12 17:47:35 -------- d-----w- C:\ProgramData\CanonIJPLM 2015-12-12 17:47:03 -------- d-----w- C:\ProgramData\CanonIJWSpt 2015-12-12 17:46:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-12-12 17:45:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 110 Manual 2015-12-12 17:45:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110 ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3416387803-1765937096-2094940511-1002\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Dropbox Update"="C:\Users\Olivier\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Messenger (Yahoo\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe -quiet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TSVU"="c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avgui.exe /TRAYONLY" "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /fmw.trayonly" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "ITSecMng"="%ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Dropbox Update"="C:\Users\Olivier\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Messenger (Yahoo\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe -quiet" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t" "TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe" "TSSSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2015-05-09 21:40:09 1164 ----a-w- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [28/12/2015 22:41] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3416387803-1765937096-2094940511-1002Core.job --a-------- C:\Users\Olivier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [22/06/2015 06:49] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3416387803-1765937096-2094940511-1002UA.job --a-------- C:\Users\Olivier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [22/06/2015 06:49] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3416387803-1765937096-2094940511-1002Core" [C:\Users\Olivier\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3416387803-1765937096-2094940511-1002UA" [C:\Users\Olivier\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\Resolution+ Setting Task" [C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe] "C:\Windows\SysNative\tasks\UMonitor Task" [C:\Windows\SysWOW64\UMonit64.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DB084CC7-EC32-4317-BB93-7EF58E7EBEDE}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\TOSHIBA\CommonNotifier" [C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe] "C:\Windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\zzyoyi8t.default user_pref("browser.startup.homepage", "http://microminimus.com/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\zzyoyi8t.default 70858ED7836E5C849D33576A84DC8CCF - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=73 folders=24 15221353 bytes) ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Users\Olivier\AppData\Local\Microsoft\Windows\INetCache\IE\88E4SGFS" deleted "C:\Users\Olivier\AppData\Local\Microsoft\Windows\INetCache\IE\8NHZRULK" deleted "C:\Users\Olivier\AppData\Local\Microsoft\Windows\INetCache\IE\BMXZNJ9T" not found "C:\Users\Olivier\AppData\Local\Microsoft\Windows\INetCache\IE\S0ODO8MD" not found "C:\Users\Olivier\AppData\Local\Microsoft\Windows\INetCache\IE\TE2SJ93S" deleted "C:\Users\Olivier\AppData\Local\Microsoft\Windows\INetCache\IE\YNVCY2BI" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on vr 01/01/2016 at 14:59:55,26 ======================