Zoek.exe Version 4.0.0.4 Updated 31-08-2013 Tool run by Vandewiele on zo 01-09-2013 at 15:41:30,17. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Vandewiele\Local Settings\Bureablad\zoek\zoek.exe [Script inserted] ==== System Restore Info ====================== 1-9-2013 15:41:58 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-220523388-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-220523388-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully HKEY_USERS\S-1-5-21-220523388-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-220523388-1580818891-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_USERS\S-1-5-21-220523388-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-220523388-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\Documents and Settings\Vandewiele\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk" deleted "C:\Documents and Settings\Vandewiele\Menu Start\Programma's\iLivid.lnk" deleted "C:\Documents and Settings\All Users\Bureaublad\Get The Best Facebook Chat Messenger.lnk" deleted "C:\Documents and Settings\Vandewiele\Local Settings\Bureablad\iLivid.lnk" deleted "C:\Documents and Settings\Vandewiele\Application Data\OpenCandy" deleted "C:\Documents and Settings\All Users\Application Data\Package Cache" deleted "C:\Documents and Settings\Vandewiele\Local Settings\Application Data\iLivid" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== D:\TEMP ==== ====== C:\WINDOWS\system32 ===== 2013-08-31 19:57:40 A3EA2D7B29BDC29F54845F73AB8FB62B 2939072 ----a-w- C:\WINDOWS\System32\pwNative.exe 2013-08-31 19:57:40 846FE8CBB31ECB1E8333FF395BAF5D5F 15576 ------w- C:\WINDOWS\System32\pwdrvio.sys 2013-08-31 19:57:39 3EB52E853F2F74178AC0034CA0719FB1 10200 ------w- C:\WINDOWS\System32\pwdspio.sys 2013-08-22 21:46:36 08CDA6F3258F42FA53C88283E46CA471 58 ----a-w- C:\WINDOWS\System32\-1 ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-09-01 13:02:33 -------- d-----w- C:\Program Files\trend micro 2013-08-22 21:46:35 -------- d-----w- C:\Program Files\WinPcap 2013-08-22 21:46:18 -------- d-----w- C:\Program Files\TruVision Device Finder 2013-08-22 09:09:48 -------- d-----w- C:\Program Files\Mozilla Maintenance Service 2013-08-21 05:01:14 -------- d-----w- C:\Program Files\iPod ======= C: ===== ====== C:\Documents and Settings\Vandewiele\Application Data ====== 2013-08-31 20:03:27 E60AFF36C66DCEDAFB617D14A3024807 166688 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2013-08-22 22:02:48 -------- dc----w- C:\Documents and Settings\All Users\Application Data\Macrovision 2013-08-22 21:46:37 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\WinPcap 2013-08-22 21:46:20 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\TruVision Device Finder 2013-08-22 09:09:48 -------- dc----w- C:\Documents and Settings\All Users\Application Data\Mozilla 2013-08-21 05:02:39 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\iTunes 2013-08-21 05:00:48 -------- dc----w- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 ====== C:\Documents and Settings\Vandewiele ====== 2013-09-01 13:35:12 -------- d--h--r- C:\Documents and Settings\Vandewiele\Onlangs geopend ====== C: exe-files == 2013-09-01 13:02:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Vandewiele.exe 2013-08-31 19:57:40 A3EA2D7B29BDC29F54845F73AB8FB62B 2939072 ----a-w- C:\WINDOWS\system32\pwNative.exe === C: other files == 2013-08-31 21:00:29 475793F40D94ABEDD52CDBEC631126C7 180 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2013-08-31 19:57:40 846FE8CBB31ECB1E8333FF395BAF5D5F 15576 ------w- C:\WINDOWS\system32\pwdrvio.sys 2013-08-31 19:57:39 3EB52E853F2F74178AC0034CA0719FB1 10200 ------w- C:\WINDOWS\system32\pwdspio.sys ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Vandewiele\Application Data\Mozilla\Firefox\Profiles\d76154w3.default - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Vandewiele\Application Data\Mozilla\Firefox\Profiles\d76154w3.default 0C8597DBC74AAF5179471BA013E3C6B4 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update 7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In D40B9183C149CE2CBBE93AC1A275BDA9 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 84CBD6F6AA7EE399FBDC265B8EA64474 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0A7B01235B1CBFA387B04A91E2F2B7D0 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== AVG Security Toolbar - Vandewiele - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ==== Chrome Fix ====================== C:\Documents and Settings\Vandewiele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Documents and Settings\Vandewiele\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {AFA687F4-0369-41C0-B8C7-7F7574713A47} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_nlBE495" ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Vandewiele\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Documents and Settings\Vandewiele\Local Settings\Application Data\Mozilla\Firefox\Profiles\d76154w3.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Vandewiele\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Vandewiele\Local Settings\Application Data\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== EOF on zo 01-09-2013 at 15:48:29,56 ======================