Zoek.exe v5.0.0.0 Updated 22-05-2014 Tool run by Danny on vr 30/05/2014 at 9:38:48,93. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOHSCAUQ\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 30/05/2014 9:40:05 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Validity deleted successfully C:\Users\ContiAdmin\AppData\Roaming\hpqlog deleted successfully C:\Users\Conti\AppData\Local\MigWiz deleted successfully C:\Users\Conti\AppData\Local\Secunia PSI deleted successfully C:\Users\ContiAdmin\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-134366172-1028273739-2709548200-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\Lavasoft\AdAware SecureSearch Toolbar deleted C:\Users\Conti\AppData\Local\adawarebp deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Conti\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-28 07:55:06 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll 2014-05-28 07:44:35 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-05-28 07:44:32 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe 2014-05-28 07:44:32 3B10B54F50CD362537B9F2186267EDF8 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-28 07:44:32 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-05-13 22:28:02 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2014-05-13 22:28:02 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2014-04-30 18:05:40 7E7CF106A5CEDD9FD696A1B99E455A7D 1054 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-30 18:05:40 5168DB1915C8B199685D87BC8E027858 4050 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2014-04-30 18:05:38 B8A75F6865E2CA4841C146AD22050410 3798 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2014-04-30 18:05:38 70D65FD74506B2DB1EAB33D931F5874B 1050 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-28 08:14:15 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-05-26 16:26:21 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-05-14 01:03:40 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER ======= C: ===== ====== C:\Users\Conti\AppData\Roaming ====== 2014-05-11 06:40:44 -------- d-----w- C:\Users\Conti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-apparaten 2014-04-30 18:10:33 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google ====== C:\Users\Conti ====== 2014-05-28 07:44:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-28 07:33:43 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Conti\Desktop\WIGI.exe 2014-05-09 23:43:13 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches 2014-04-30 18:06:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome ====== C: exe-files == 2014-05-28 08:14:16 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Danny.exe 2014-05-28 07:54:21 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XPL71BX\adwcleaner_3.211.exe 2014-05-28 07:44:35 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-05-28 07:44:32 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe 2014-05-28 07:44:32 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-05-28 07:43:10 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Conti\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe 2014-05-28 07:33:43 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Conti\Desktop\WIGI.exe 2014-05-23 14:23:19 29198D93029027C9BB4DA8E9C70AF13E 26832976 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.114\35.0.1916.114_34.0.1847.137_chrome_updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-134366172-1028273739-2709548200-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Conti\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "AMD AVT"="Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "McAfeeUpdaterUI"="C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe /StartedFromRunKey" "ShStatEXE"="C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTimounterMonitor"="C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" "Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Conti\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPPowerAssistant"="C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2012-11-13 13:29:44 1934 ----a-w- C:\Users\Conti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet Pro 8600.lnk 2012-11-07 15:34:13 836 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 15:02] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-134366172-1028273739-2709548200-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-134366172-1028273739-2709548200-1000UA.job --a------ C:\Users\Conti\AppData\Local\Facebook\Update\FacebookUpdate.exe [17/12/2012 16:00] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/04/2014 20:05] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/04/2014 20:05] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-134366172-1028273739-2709548200-1000Core" [C:\Users\Conti\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-134366172-1028273739-2709548200-1000UA" [C:\Users\Conti\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{85CF7862-5E45-4952-B629-F716486D307C}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46] Google Drive - Conti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Skype Click to Call - Conti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Conti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.deredactie.be/" "Search Bar"="http://www.bing.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.deredactie.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{C323A92E-94B2-4FDA-B19A-6B858201AC0F}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {9743BB36-46D5-48FF-ACC5-DA4FA3BD0E36} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {C323A92E-94B2-4FDA-B19A-6B858201AC0F} Google Url="https://www.google.com/search?q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\ContiAdmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VQVX039 will be deleted at reboot C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XPL71BX will be deleted at reboot C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9KTE6VS will be deleted at reboot C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOHSCAUQ will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Conti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4825 folders=60 235819508 bytes) ==== Empty Temp Folders ====================== C:\Users\Conti\AppData\Local\Temp will be emptied at reboot C:\Users\ContiAdmin\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Conti\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VQVX039" not found "C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XPL71BX" not found "C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9KTE6VS" not found "C:\Users\Conti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOHSCAUQ" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on vr 30/05/2014 at 9:50:40,40 ======================