Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by xx on do 14/01/2016 at 15:39:30,33. Microsoft Windows 8 6.2.9200 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\xx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R14IU57Z\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-10-03-101403.log 9178 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 2007 Microsoft Office Suite Service Pack 2 (SP2) Adobe Flash Player 20 NPAPI Adobe Reader XI (11.0.13) - Nederlands Adobe Refresh Manager AutoData SSiLL Software version 3.38 Cars CDP+ 2014.3 Classic Shell ElsaWin ETKA 7.4 Germany 2013 Genesis Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hardlock Device Drivers Intel(R) Processor Graphics Malwarebytes Anti-Malware versie 2.1.8.1057 Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 42.0 (x86 nl) Mozilla Maintenance Service Smart Menu TeamViewer 9 VCDS DRV 15.7 VCDS Release 12.12.3 VCDS Release 15.7.3 Windows-stuurprogrammapakket - Ross-Tech USB Driver Package (05/12/2014 2.10.00) WinRAR 5.21 (32-bit) ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\igfxCUIService.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\dashost.exe C:\ElsaWin\bin\LcSvrAdm.exe C:\ElsaWin\bin\LcSvrDba.exe C:\ElsaWin\bin\LcSvrHis.exe C:\ElsaWin\bin\LcSvrPas.exe C:\ElsaWin\bin\LcSvrSaz.exe C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\ElsaWin\bin\LcSvrAuf.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\csrss.exe C:\Windows\System32\WinLogon.exe C:\Windows\System32\dwm.exe C:\Windows\system32\taskhostex.exe C:\Program Files\TeamViewer\Version9\TeamViewer.exe C:\Windows\Explorer.EXE C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\system32\igfxEM.exe C:\Windows\system32\igfxHK.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\igfxTray.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\TeamViewer\Version9\tv_w32.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Users\xx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R14IU57Z\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 1932 MB CPU Info: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz CPU Speed: 1522,6 MHz Sound Card: Luidsprekers (2- High Definitio | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR9485 Wireless Network Adapter | Qualcomm Atheros AR8162 PCI-E Fast Ethernet Controller (NDIS 6.30) CD / DVD Drives: No optical drives found. Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 200,1GB | D: 97,7GB Hard Disks - Free: C: 101,7GB | D: 97,5GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/27/13 | _ASUS_ - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. X202EV Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Windows® Internet Explorer 10.00.9200.16384 (win8_rtm.120725-1247) Internet Explorer Version: 10.0.9200.17568 Mozilla Firefox version: 42.0 (x86 nl) Google Chrome version: 47.0.2526.106 Adobe Reader version: 11.0.13.17 Flash Player version: 20.0.0.267 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\xx\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\xx\AppData\Roaming ====== ====== C:\Users\xx ====== ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"="C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"="C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" ==== Startup Folders ====================== 2014-03-29 07:31:08 799 ----a-w- C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater-RKS.lnk 2015-09-14 17:24:51 806 ----a-w- C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS Updater-DRV20.lnk 2015-12-19 13:49:21 774 ----a-w- C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/12/2015 15:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2015 13:41] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2015 13:41] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\fz65t1mg.default user_pref("browser.startup.homepage", "https://www.google.be/"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\fz65t1mg.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\fz65t1mg.default 2EB30FA328771AEF1DB534D29B5645C1 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat AC7A02A828C74F55AF678033495280AA - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 3D1497F3F1A344FFB733CE616BB9096D - C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll - Google Update 70858ED7836E5C849D33576A84DC8CCF - C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash ==== Chromium Look ====================== Google Slides - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.2345.com/?hz" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\trpntye deleted successfully ==== HijackThis Entries ====================== O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed (User 'Default user') O4 - Startup: Ross-Tech VCDS DRV Updater-RKS.lnk = C:\Kaufmann\VCDS-RKS\VCDS.exe O4 - Startup: Ross-Tech VCDS Updater-DRV20.lnk = C:\Ross-Tech\VCDS-DRV\VCDS.exe O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe ==== Empty IE Cache ====================== C:\Users\xx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\xx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R14IU57Z will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\xx\AppData\Local\Mozilla\Firefox\Profiles\fz65t1mg.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=9 folders=3 5827699 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\xx\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\xx\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\xx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R14IU57Z" not found ==== EOF on do 14/01/2016 at 18:25:56,11 ======================