Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by marcel on zo 12/06/2016 at 10:38:16,39. Microsoft Windows 10 Home 10.0.10586 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\marcel\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 12/06/2016 10:39:16 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\eSupport.com deleted successfully C:\Program Files\RelayBoost deleted successfully C:\Program Files\WonderFox Soft deleted successfully C:\PROGRA~2\Comms deleted successfully C:\PROGRA~2\SoftwareDistribution deleted successfully C:\Users\marcel\AppData\Local\ActiveSync deleted successfully C:\Users\marcel\AppData\Local\CrashDumps deleted successfully C:\Users\marcel\AppData\Local\eSupport.com deleted successfully C:\Users\marcel\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Acrobat Reader DC - Nederlands Adobe Refresh Manager AMD Catalyst Install Manager Auslogics DiskDefrag Avast Free Antivirus AVG PC TuneUp 2015 (nl-NL) Bluetooth Stack for Windows by Toshiba Catalyst Control Center Localization All CCleaner CodeStuff Starter D3DX10 Driver Booster 3.4 Gadwin PrintScreen (32-Bit) HiSuite Image Resizer for Windows Java 8 Update 91 Java Auto Updater Junk Mail filter update Kyodai Mahjongg 2006 v1.42 Malwarebytes Anti-Malware versie 2.2.1.1043 Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker MSVCRT MSVCRT110 OEM Application Profile Online Games Manager v1.40 OpenOffice 4.1.1 Photo Common Photo Gallery Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Revo Uninstaller 1.95 SafeZone Stable 1.48.2066.101 Synaptics Pointing Device Driver Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== Running Processes ====================== C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\atiesrxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\system32\dashost.exe C:\Program Files\Online Games Manager\ogmservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\WinLogon.exe C:\WINDOWS\System32\dwm.exe C:\WINDOWS\system32\atieclxx.exe C:\WINDOWS\system32\sihost.exe C:\WINDOWS\system32\taskhostw.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\Explorer.EXE C:\Windows\System32\RuntimeBroker.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\WINDOWS\System32\fontdrvhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\ApplicationFrameHost.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe C:\WINDOWS\system32\browser_broker.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe C:\WINDOWS\system32\ctfmon.exe C:\Windows\System32\SystemSettingsBroker.exe C:\WINDOWS\System32\NetworkUXBroker.exe C:\WINDOWS\system32\DllHost.exe C:\Users\marcel\Downloads\zoek.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k appmodel C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\eSupport.com not found C:\Users\marcel\AppData\Local\eSupport.com not found C:\Program Files\RelayBoost not found C:\Program Files\WonderFox Soft not found C:\Users\marcel\AppData\Roaming\DVDVideoSoft deleted C:\Users\marcel\Documents\OneSafe PC Cleaner deleted C:\Users\marcel\.android deleted C:\PROGRA~2\ProductData deleted C:\PROGRA~2\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} deleted C:\PROGRA~2\{D76294E6-03B8-4971-AF2E-3F846161A690} deleted C:\PROGRA~2\Package Cache deleted C:\PROGRA~2\Trymedia deleted C:\WINDOWS\system32\config\systemprofile\AppData\Local\CM24BE4.tmp deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\system32\drivers\DrvAgent32.sys deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3037 MB CPU Info: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz CPU Speed: 2087,7 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: ATI Mobility Radeon HD 4650 | ATI Mobility Radeon HD 4650 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Hosted Network Virtual Adapter | Intel(R) WiFi Link 5100 AGN | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT20N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 185,9GB | D: 184,8GB Hard Disks - Free: C: 165,2GB | D: 167,3GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 05/06/10 | TOSCPL - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: TOSHIBA KSWAA Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Internet Explorer Version: 11.306.10586.0 Adobe Reader version: 15.16.20045.188096 Sun Java version: 1.8.0_91 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\marcel\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2016-05-30 11:15:03 94867CBFA10DEBED8433E29063499BA9 74703 ----a-w- C:\WINDOWS\System32\mfc45.dat ====== C:\WINDOWS\system32\drivers ===== 2016-05-23 12:47:35 115B65AC729FCFC65A36A0AD7161913E 35432 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys 2016-05-23 08:40:28 4AF95CC7DBF50152773B453917C51DA8 50280 ----a-w- C:\WINDOWS\System32\drivers\SynRMIHID_Aux.sys 2016-05-23 08:40:26 B14DA16FCB15F56D168D3DCBE7D5B80D 35432 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel_Aux.sys 2016-05-23 08:40:26 3D665B0478CBB9EDF4BCC57B0C90A6B3 34408 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_AMDASF_Aux.sys 2016-05-23 08:34:00 40E05619C85D3CD643B1A99C43DADE13 5681859 ----a-w- C:\WINDOWS\System32\drivers\RTAIODAT.DAT 2016-05-23 08:28:04 4004657E385E6C714825EB9031ED2062 23840 ----a-w- C:\WINDOWS\System32\drivers\HWiNFO32.SYS ====== C:\WINDOWS\Tasks ====== 2016-05-23 08:28:05 DA594F630AB01018345AED86D326FE51 2598 ----a-w- C:\WINDOWS\system32\Tasks\Driver Booster Scheduler 2016-05-23 08:28:05 B5F8FC089B0B4FB327BFD84D4224B081 2310 ----a-w- C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (marcel) ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-06-11 07:53:42 -------- d-----w- C:\Program Files\trend micro 2016-05-23 08:10:36 -------- d-----w- C:\Program Files\IObit 2016-05-17 08:23:31 -------- d-----w- C:\Program Files\AMD ======= C: ===== ====== C:\Users\marcel\AppData\Roaming ====== ====== C:\Users\marcel ====== 2016-05-23 08:28:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3 2016-05-23 08:10:43 -------- d-----w- C:\ProgramData\IObit ====== C: exe-files == 2016-06-12 08:34:48 D2964AF86264430D6D41E3E7C44E5A62 106 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$IIQSC25.exe 2016-06-12 08:34:48 C1DABC0D1DAD01E9D6638AAC22A3DACB 106 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$IJ8MOAS.exe 2016-06-12 08:34:48 8C5F02B55D2A25A9B3470110850E8D6E 106 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$I7ITK7N.exe 2016-06-12 08:34:48 71E9F722B24FD2C6B7CE757FB1A50120 98 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$I301PL0.exe 2016-06-12 08:29:58 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$RJ8MOAS.exe 2016-06-12 08:29:51 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$R7ITK7N.exe 2016-06-12 08:29:00 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$RIQSC25.exe 2016-06-11 07:53:42 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\marcel.exe 2016-06-11 07:53:31 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$R301PL0.exe === C: other files == 2016-06-12 08:34:48 6533E778FB2FAC47F19D8959A085D8E8 128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$IDX82RJ.zip 2016-06-11 13:53:31 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\$Recycle.Bin\S-1-5-21-2099778165-2317569-2060248624-1001\$RDX82RJ.zip 2016-06-11 08:01:12 36AC0B75AC98058BA79D9082C87B97A3 2666 ----a-w- C:\Users\marcel\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\HQNEN8GE\manifest[3].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2099778165-2317569-2060248624-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Target"="\??\C:\Users\marcel\AppData\Local\Temp\~nsu.tmp\Au_.exe" "Target"="\??\C:\Users\marcel\AppData\Local\Temp\~nsu.tmp" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Other Scheduled Tasks ====================== "C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\system32\tasks\Driver Booster Scheduler" [C:\Program Files\IObit\Driver Booster\Scheduler.exe] "C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (marcel)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1460799085" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{F5C9E771-5BA7-4B6E-9065-04A5112367A7}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [10/05/2016 09:14] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[16/04/2016 11:27] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://seniorennet.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://seniorennet.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: HiSuiteOuc.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe ==== Empty IE Cache ====================== C:\Users\marcel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\marcel\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\marcel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\marcel\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=81 folders=14 8629651 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\marcel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 12/06/2016 at 10:57:09,95 ======================