Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Eigenaar on di 06-05-2014 at 18:20:43,02. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 6-5-2014 18:23:08 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Users\Eigenaar\AppData\Local\Adobe deleted successfully C:\Users\Eigenaar\AppData\Local\VirtualStore deleted successfully C:\Users\Eigenaar\AppData\Local\WeatherAlerts deleted successfully C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1378671167-2459616634-2061675842-1006\Software\Microsoft\Internet Explorer\SearchScopes\{28525018-5DF0-4FD3-AB8E-1B61B563C090} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritDesktop deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritDesktop deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\fk6ysvty.default ---- Lines conduit removed from prefs.js ---- user_pref("plugin.state.npconduitfirefoxplugin", 0); ---- Lines conduit removed from user.js ---- user_pref("plugin.state.npconduitfirefoxplugin", 0); ---- Lines suggestor modified from prefs.js ---- user_pref("extensions.enabledAddons", "suggestor%40suggestor.pirrit.com:2.2.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0"); user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program ---- Lines pirrit modified from prefs.js ---- user_pref("extensions.enabledAddons", "disabled%40disabled.pirrit.com:2.2.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0"); user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program ---- FireFox user.js and prefs.js backups ---- user_06-05-2014_1832_.backup prefs_06-05-2014_1832_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\SearchProtect deleted C:\Users\Eigenaar\AppData\Local\SearchProtect deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Users\Eigenaar\Documents\Optimizer Pro deleted C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\fk6ysvty.default\extensions\suggestor@suggestor.pirrit.com.xpi deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\msvcp100.dll" deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\msvcr100.dll" not deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\PirritDesktop.exe" deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\PirritService.exe" deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\QtCore4.dll" deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\QtNetwork4.dll" deleted "C:\Users\Eigenaar\AppData\Local\PirritSuggestor" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-30 12:12:45 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\Eigenaar\AppData\Local\Temp ==== 2014-04-25 06:42:39 D6CB2EAE8636C26589571C4D562A1797 6693552 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\setup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-02 06:48:55 5869FBC754578A59C8C8635B99DB79DE 17384448 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-05-02 06:48:55 2518D1922371892ADEF1F07147DBD72A 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 09:52:35 6A6F0E6BB17F083840F8047098907425 262144 ----a-w- C:\Windows\SysWOW64\esintdd.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-02 10:15:10 84ED099009EF0DF82A37D4FEAE012655 465408 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-05-02 10:15:10 5513F4766C9987D6B0D49D51BB2E5EE4 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-05-02 06:48:56 A98DA2EC1E56CF52C682D072F77D9874 23547904 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-05-02 06:48:55 DE5DE05946D6FC2DC494C55BC7BC4C6E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-28 09:52:35 E69D7BEBBE41D971EE15D1E00CB5F3C8 132560 ----a-w- C:\Windows\Sysnative\esdevapp.exe 2014-04-28 09:52:35 CD550F0416BE3AB942C0B3A5FDD1B69A 13824 ----a-w- C:\Windows\Sysnative\esxcdev.dll 2014-04-28 09:52:35 881EC4C9E39488E443398A43429DD1E2 281088 ----a-w- C:\Windows\Sysnative\esxuindd.dll 2014-04-28 09:52:35 65B864F5B913120D7A71C5F38D9C053D 94208 ----a-w- C:\Windows\Sysnative\esxw2_dd.dll 2014-04-28 09:52:35 6052D663B025C16941EF4CA301787DBD 65793 ----a-w- C:\Windows\Sysnative\esfwdd.bin ====== C:\Windows\Sysnative\drivers ===== 2014-04-25 09:22:52 31F8F84807FAFD0C9A1611ACC91C7CBC 61104 ----a-w- C:\Windows\Sysnative\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys 2014-04-16 07:59:33 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-04-10 06:38:54 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-04-09 05:55:13 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-09 05:55:13 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-09 05:55:13 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-09 05:55:10 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== 2014-04-08 15:32:21 A5C4E69F9055DD44F4B69DE2BAE8DA05 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-08 15:32:21 17753BA0DA334F73526CBC6BCE5C6816 3878 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-04 07:52:04 -------- d-----w- C:\Program Files\trend micro 2014-05-02 10:46:53 -------- d-----w- C:\Program Files\Microsoft Silverlight 2014-04-30 14:58:02 -------- d-----w- C:\Program Files\Windows Live ======= C:\PROGRA~2 ===== 2014-05-02 10:46:53 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight 2014-04-28 10:32:45 -------- d-----w- C:\PROGRA~2\Uitgeverij Schors 2014-04-28 09:53:33 -------- d-----w- C:\PROGRA~2\Epson Software 2014-04-28 09:52:25 -------- d-----w- C:\PROGRA~2\epson 2014-04-17 06:39:21 -------- d-----w- C:\PROGRA~2\WinRST ======= C: ===== ====== C:\Users\Eigenaar\AppData\Roaming ====== 2014-04-30 15:33:46 -------- d-----w- C:\Users\Eigenaar\AppData\Local\ElevatedDiagnostics 2014-04-28 10:32:47 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astroscoop voor Windows 7 2014-04-28 10:32:45 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Astroscoop voor Windows 7 2014-04-28 09:55:17 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Epson 2014-04-28 09:30:22 -------- d-----w- C:\Users\Default\AppData\Local\Trusteer 2014-04-28 09:30:22 -------- d-----w- C:\Users\Default User\AppData\Local\Trusteer 2014-04-27 17:00:56 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Trusteer 2014-04-25 09:04:22 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\AVG2014 2014-04-25 09:04:06 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014 2014-04-25 09:03:40 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014 2014-04-25 09:03:38 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\TuneUp Software 2014-04-25 09:02:57 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014 2014-04-25 09:01:49 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Avg2014 2014-04-25 06:42:31 -------- d-sh--w- C:\Users\Eigenaar\AppData\Locallow\EmieSiteList 2014-04-17 06:39:24 -------- d-----w- C:\Users\Eigenaar\AppData\Local\PirritSuggestor 2014-04-17 06:39:12 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Programs ====== C:\Users\Eigenaar ====== 2014-05-04 07:51:11 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Eigenaar\Downloads\RSITx64.exe 2014-05-02 10:47:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-30 12:11:18 31BF4892327DA51363D73953ACF8C0C0 13845688 ----a-w- C:\Users\Eigenaar\Downloads\mseinstall.exe 2014-04-29 14:39:28 -------- d-----w- C:\ProgramData\374311380 2014-04-28 09:53:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2014-04-27 17:00:11 -------- d-----w- C:\ProgramData\Trusteer 2014-04-25 09:03:15 -------- d-----w- C:\ProgramData\AVG2014 2014-04-25 09:01:49 -------- d--h--w- C:\ProgramData\Common Files 2014-04-25 06:47:56 -------- d---a-w- C:\ProgramData\TEMP 2014-04-17 06:24:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 ====== C: exe-files == 2014-05-04 07:52:04 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Eigenaar.exe 2014-05-04 07:51:11 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Eigenaar\Downloads\RSITx64.exe 2014-05-02 10:15:11 D39F522D9B0033E50C7F54138CFBC0D8 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-05-02 10:15:11 21EDB6E45163A5635D6D6307EB42BC77 104960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-04-30 12:11:18 31BF4892327DA51363D73953ACF8C0C0 13845688 ----a-w- C:\Users\Eigenaar\Downloads\mseinstall.exe === C: other files == 2014-05-06 16:13:11 4FB353542CDDD41FC43D61C068D3A6E4 134263 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\hosts.zip 2014-05-06 16:10:15 4FB353542CDDD41FC43D61C068D3A6E4 134263 ----a-w- C:\Users\Eigenaar\Downloads\hosts.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1378671167-2459616634-2061675842-1006\Software\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT EPLTarget\P0000000000000000 /M XP-205 207 Series" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT EPLTarget\P0000000000000000 /M XP-205 207 Series" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\searchprotect\\searchprotect\\bin\\spvc32loader.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "atchk"="C:\Program Files (x86)\Intel\AMT\atchk.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [29-04-2014 20:49] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-04-2014 13:13] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-04-2014 13:13] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\fk6ysvty.default 9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash ==== Chrome Look ====================== Google Docs - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.findwide.com/?guid={546E766D-B360-4138-812A-668B96A2FEAF}&serpv=22" "Default_Page_URL"="http://search.findwide.com/?guid={546E766D-B360-4138-812A-668B96A2FEAF}&serpv=22" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://search.findwide.com/?guid={546E766D-B360-4138-812A-668B96A2FEAF}&serpv=22" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{D13816BD-8C03-4777-B675-11E9C5CAF92A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D13816BD-8C03-4777-B675-11E9C5CAF92A} FindWide Url="http://search.findwide.com/serp?guid={546E766D-B360-4138-812A-668B96A2FEAF}&action=default_search&serpv=22&k={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Eigenaar\AppData\Local\Mozilla\Firefox\Profiles\fk6ysvty.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=171 folders=44 73744330 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eigenaar\AppData\Local\Temp will be emptied at reboot C:\Users\Gebruiker\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Eigenaar\AppData\Local\PirritSuggestor\msvcr100.dll" not found "C:\Users\Eigenaar\AppData\Local\PirritSuggestor" not found ==== EOF on di 06-05-2014 at 18:38:42,10 ======================