Zoek.exe v5.0.0.0 Updated 13-08-2014 Tool run by Jan on do 14/08/2014 at 18:50:35,31. Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jan\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-08-14-164438.log 333 bytes ==== Empty Folders Check ====================== C:\Program Files\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\MyPC Backup deleted successfully C:\Program Files\Rainlendar2 deleted successfully C:\Program Files\Samsung deleted successfully C:\Program Files\Common Files\SWF Studio deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\WinZip deleted successfully C:\Users\Jan\AppData\Roaming\HpUpdate deleted successfully C:\Users\Jan\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Jan\AppData\Roaming\Samsung deleted successfully C:\Users\Jan\AppData\Roaming\systweak deleted successfully C:\Users\Jan\AppData\Roaming\TP deleted successfully C:\Users\Jan\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Jan\AppData\Roaming\zubc deleted successfully C:\Users\Jan\AppData\Local\eventPathOffice deleted successfully C:\Users\Jan\AppData\Local\Samsung deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2649578317-199658268-3665271369-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Szserver deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Szserver deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files\STOPzilla! deleted C:\ProgramData\STOPzilla! deleted C:\Program Files\Microsoft Touch Pack for Windows 7 deleted C:\Program Files\MyFree Codec deleted C:\Users\Jan\Music\Qtrax Media Library deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\Users\Jan\Searches deleted C:\Users\Jan\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Users\Jan\Desktop\JBierSubDownloader-v4.5.13.jar deleted C:\Users\Jan\avira_free_antivirus_en.exe deleted C:\Users\Jan\HitmanPro.exe deleted C:\Users\Jan\Pirate-1005.exe deleted C:\Users\Jan\trojankiller2095-setup.exe deleted "C:\ProgramData\isrfinynnyrwgta" deleted "C:\ProgramData\~6DSS92c31Apgjk" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Jan\AppData\Local\Temp ==== 2014-08-12 16:00:24 E856D8A2AFCD1677798C67CF9074D541 9526184 ----a-w- C:\Users\Jan\AppData\Local\Temp\BitA00.tmp.exe 2014-08-04 20:39:58 E856D8A2AFCD1677798C67CF9074D541 9526184 ----a-w- C:\Users\Jan\AppData\Local\Temp\BitFE6A.tmp.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2014-08-12 16:01:18 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-08-12 16:00:43 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-08-12 16:00:43 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-14 14:03:34 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Jan\AppData\Roaming ====== 2014-08-13 19:33:49 -------- d-----w- C:\Users\TEMP.Jan-PC.000\AppData\Locallow\Microsoft ====== C:\Users\Jan ====== 2014-08-14 14:07:54 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jan\Downloads\RSIT (1).exe 2014-08-14 14:01:50 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jan\Downloads\RSIT.exe 2014-08-13 19:33:16 -------- d--h--w- C:\Users\TEMP.Jan-PC.000\AppData ====== C: exe-files == 2014-08-14 14:07:54 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jan\Downloads\RSIT (1).exe 2014-08-14 14:03:37 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jan.exe 2014-08-14 14:01:50 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Jan\Downloads\RSIT.exe 2014-08-12 16:00:24 E856D8A2AFCD1677798C67CF9074D541 9526184 ----a-w- C:\Users\Jan\AppData\Local\Temp\BitA00.tmp.exe 2014-08-12 16:00:18 E856D8A2AFCD1677798C67CF9074D541 9526184 ----a-w- C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WB1S0MK\BitComet_1.35_x86_setup[1].exe 2014-08-12 14:35:02 96E69878EE3667FF139E8DD8DC96AE6C 4430856 ----a-w- C:\Program Files\Avira\AntiVir Desktop\avira_en____fm.exe === C: other files == 2014-08-14 16:47:53 235AE706FB69F3C21EADBB886C5255AE 132 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2014-08-12 16:01:18 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-08-12 16:00:43 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-08-12 16:00:43 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2649578317-199658268-3665271369-1000\Software\Microsoft\Windows\CurrentVersion\Run] "SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" "DRMHelpaudio"="rundll32.exe ,WdPadSupport sysUser3xx" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3" "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup" "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" "DRMHelpaudio"="rundll32.exe ,WdPadSupport sysUser3xx" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="Bluetooth" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/07/2014 00:46] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/10/2010 09:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/10/2010 09:19] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\system32\tasks\4462" [wscript.exe C:\Users\Jan\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{83BB6FCB-B300-4084-8F15-E9D2E45239D1}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [02/10/2011 13:14] ==== Chrome Look ====================== Google Docs - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" "Start Page Restore"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" "Start Page Restore"="http://google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{5D0B8558-A5FA-4731-95D3-DA96F75C1147}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {5D0B8558-A5FA-4731-95D3-DA96F75C1147} Google Url="http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7MDNA_enDE393" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2649578317-199658268-3665271369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E507511A-3E3E-9817-327D-9CD91801E240} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8FF90DB8-6DED-44A3-B182-244FEC09012F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BD09FF8DED63A441B2842F4CE9010F2 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Jan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP.Jan-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=513 folders=158 483998696 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jan\AppData\Local\Temp will be emptied at reboot C:\Users\TEMP.Jan-PC\AppData\Local\Temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Jan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7EGHHEG9\www.dailymotion.com" not found ==== EOF on do 14/08/2014 at 19:29:52,72 ======================