Zoek.exe v5.0.0.0 Updated 06-August-2014 Tool run by Daan on do 14/08/2014 at 12:07:16,89. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Daan\Desktop\zoek.exe Script used: C:\Users\Daan\Desktop\zoekscript.txt ==== Older Logs ====================== C:\zoek-results2014-08-13-101251.log 42281 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2547576824-2822473822-575604738-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Sweetpacks Communicator"=- "SweetIM"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\SweetIM not found C:\Program Files\IB Updater not found C:\PROGRA~2\Linkey not found C:\Program Files (x86)\BabylonToolbar not found C:\Program Files (x86)\Incredibar.com not found C:\Program Files (x86)\Vuze_Remote not found C:\Program Files (x86)\Yontoo not found C:\ProgramData\systemk not found C:\Program Files (x86)\Settings Manager\systemk not found "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg" not found C:\Users\Daan\AppData\Roaming\Azureus deleted ==== Folders Found In C:\Windows\system32\tprb ====================== 2014-06-23 12:26:13 d-----w- C:\Windows\system32\tprb\5108 2014-06-26 22:54:22 d-----w- C:\Windows\system32\tprb\5113 2014-07-21 10:12:31 d-----w- C:\Windows\system32\tprb\5119 ==== Files Found In C:\Windows\system32\tprb ====================== 2014-06-18 07:56:08 608080 ----a-w- D029339C0F59CF662094EDDF8C42B2B5 C:\Windows\system32\tprb\5108\msvcp100.dll 2014-06-18 07:56:08 829264 ----a-w- 366FD6F3A451351B5DF2D7C4ECF4C73A C:\Windows\system32\tprb\5108\msvcr100.dll 2014-06-18 12:57:30 33792 ----a-w- 7DFB8D0A5A0918C22E0F6E7FAE4CDC59 C:\Windows\system32\tprb\5108\ImHttpComm.dll 2014-06-18 13:00:36 1969456 ----a-w- 19060000D16C184DB27359872605ABC7 C:\Windows\system32\tprb\5108\nsib.dll 2014-06-24 13:09:40 608080 ----a-w- D029339C0F59CF662094EDDF8C42B2B5 C:\Windows\system32\tprb\5113\msvcp100.dll 2014-06-24 13:09:40 829264 ----a-w- 366FD6F3A451351B5DF2D7C4ECF4C73A C:\Windows\system32\tprb\5113\msvcr100.dll 2014-06-24 14:11:26 33792 ----a-w- 7F0202AACA56A5CBD027B2DA4B53B71C C:\Windows\system32\tprb\5113\ImHttpComm.dll 2014-06-24 14:15:08 1969456 ----a-w- AF1D40EACD3F88B580737EEB1EEA3C93 C:\Windows\system32\tprb\5113\nsib.dll 2014-07-16 10:10:58 608080 ----a-w- D029339C0F59CF662094EDDF8C42B2B5 C:\Windows\system32\tprb\5119\msvcp100.dll 2014-07-16 10:10:58 608080 ----a-w- D029339C0F59CF662094EDDF8C42B2B5 C:\Windows\system32\tprb\msvcp100.dll 2014-07-16 10:10:58 829264 ----a-w- 366FD6F3A451351B5DF2D7C4ECF4C73A C:\Windows\system32\tprb\5119\msvcr100.dll 2014-07-16 10:10:58 829264 ----a-w- 366FD6F3A451351B5DF2D7C4ECF4C73A C:\Windows\system32\tprb\msvcr100.dll 2014-07-17 11:40:26 33792 ----a-w- 4DF601076E6B9D29B63CEAFF74CC8E12 C:\Windows\system32\tprb\5119\ImHttpComm.dll 2014-07-17 11:40:26 33792 ----a-w- 4DF601076E6B9D29B63CEAFF74CC8E12 C:\Windows\system32\tprb\ImHttpComm.dll 2014-07-17 11:43:26 729392 ----a-w- 73F975A767801DD15B628F7028DE399F C:\Windows\system32\tprb\dnkt.exe 2014-07-17 11:43:28 1961776 ----a-w- D82BB88F3EB6A79CFEF1F93D6628F8F4 C:\Windows\system32\tprb\5119\nsib.dll ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Daan\AppData\Local\Temp ==== 2014-08-14 10:06:18 5634C601025C31032A0AF1590B4C0CA6 43008 ----a-w- C:\Users\Daan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplfhdun.dll 2014-08-13 10:23:52 5634C601025C31032A0AF1590B4C0CA6 43008 ----a-w- C:\Users\Daan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpefztsr.dll 2014-08-06 15:48:25 42EC539D183CB43BCFF89E72585902D5 384485 ----a-w- C:\Users\Daan\AppData\Local\Temp\Quarantine.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Daan\AppData\Roaming ====== 2014-08-13 09:55:58 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp 2014-08-13 09:55:58 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-08-13 09:55:58 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-08-13 09:55:58 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2014-08-13 09:55:58 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-08-13 09:55:58 -------- d-----w- C:\Users\Daan\AppData\Local\Temp ====== C:\Users\Daan ====== 2014-08-11 08:33:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Daan\Desktop\RSITx64.exe ====== C: exe-files == 2014-08-11 08:33:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Daan\Desktop\RSITx64.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2547576824-2822473822-575604738-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2547576824-2822473822-575604738-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Daan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe " "Spotify"="C:\Users\Daan\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart " "Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup" "Google Update"="C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Facebook Update"="C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2547576824-2822473822-575604738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "SonicMasterTray"="C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" "Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Daan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe " "Spotify"="C:\Users\Daan\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart " "Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup" "Google Update"="C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Facebook Update"="C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 " "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2013-12-26 11:26:24 1055 ----a-w- C:\Users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-12-26 11:26:24 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk 2013-12-26 11:26:24 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk 2013-12-26 11:26:24 2669 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/07/2014 14:53] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001Core.job --a------ C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/10/2013 17:55] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001UA.job --a------ C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/10/2013 17:55] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/12/2012 13:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/12/2012 13:08] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001Core.job --a------ C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe [03/07/2012 15:43] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001UA.job --a------ C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe [03/07/2012 15:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Laptop_Daan-Daan" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001Core" [C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001UA" [C:\Users\Daan\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001Core" [C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2547576824-2822473822-575604738-1001UA" [C:\Users\Daan\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe] "C:\Windows\SysNative\tasks\{1E51CDA4-BB6A-42E8-B8F7-577844F8101E}" [C:\Users\Daan\Desktop\Photoshop.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Daan\AppData\Roaming\TomTom\HOME\Profiles\fzijek1q.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chrome Look ====================== ==== Chromium Startpages ====================== C:\Users\Daan\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1183 folders=142 182706684 bytes) ==== EOF on do 14/08/2014 at 12:12:03,66 ======================