
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by e on ma 29/09/2014 at 22:56:23,68.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\e\Downloads\zoek (2).exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-06-18-114934.log	56703 bytes
C:\zoek-results2014-09-29-205431.log	15433 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\buenosearch LTD not found
C:\Program Files (x86)\SearchProtect not found
C:\Program Files (x86)\globalUpdate not found
C:\Program Files (x86)\Plus-HD-9.6 not found

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\e\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-24 10:53:55	C263F3E7E0523556964D661BC7CB9565	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-24 10:53:55	A8A87343CAE432677D82C0BCC753D905	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-09-24 11:59:52	--------	d-----w-	C:\PROGRA~2\PCRx
2014-09-23 14:05:11	--------	d-----w-	C:\PROGRA~2\Yahoo!
======= C: =====
====== C:\Users\e\AppData\Roaming ======
2014-09-24 11:59:55	--------	d-----w-	C:\Users\e\AppData\Roaming\PCRx
2014-09-23 14:08:57	--------	d-----w-	C:\Users\e\AppData\Roaming\Yahoo!
2014-09-23 14:08:56	--------	d-----w-	C:\Users\e\AppData\Locallow\Yahoo! Companion
2014-09-23 14:08:56	--------	d-----w-	C:\Users\e\AppData\Locallow\Yahoo!
2014-09-23 04:44:28	--------	d-----w-	C:\Users\e\AppData\Roaming\VASCO
2014-09-23 04:44:27	--------	d-----w-	C:\Users\e\AppData\Local\Package Cache
2014-08-31 17:49:36	--------	d-----w-	C:\Users\e\AppData\Roaming\HpUpdate
====== C:\Users\e ======
2014-09-29 18:56:22	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\e\Downloads\RSITx64 (1).exe
2014-09-24 11:59:55	--------	d-----w-	C:\ProgramData\PCRx
2014-09-24 11:59:54	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCRx
2014-09-24 11:59:06	DD5233803DE08A55BCDD453FB5FD4F24	4013368	----a-w-	C:\Users\e\Downloads\PCRxSetup.exe
2014-09-24 11:41:33	1B151CCE618BE06C22B55FD4B502B75E	1373475	----a-w-	C:\Users\e\Downloads\adwcleaner_3.310.exe
2014-09-23 14:09:07	--------	d-----w-	C:\ProgramData\Yahoo! Companion
2014-09-23 14:08:46	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-23 14:08:43	--------	d-----w-	C:\ProgramData\Yahoo!
2014-09-23 14:06:43	14146C17D988AABD7553E1C48D7FD976	691576	----a-w-	C:\Users\e\Downloads\msgr11us (1).exe
2014-09-23 14:04:54	14146C17D988AABD7553E1C48D7FD976	691576	----a-w-	C:\Users\e\Downloads\msgr11us.exe
2014-09-23 12:54:55	5DE7F38DDF7BA23895D8849C244F8D2D	2293608	----a-w-	C:\Users\e\Downloads\VASCOSmartCardReaderPlugin (2).exe
2014-09-23 04:44:55	5DE7F38DDF7BA23895D8849C244F8D2D	2293608	----a-w-	C:\Users\e\Downloads\VASCOSmartCardReaderPlugin (1).exe
2014-09-23 04:44:02	5DE7F38DDF7BA23895D8849C244F8D2D	2293608	----a-w-	C:\Users\e\Downloads\VASCOSmartCardReaderPlugin.exe
2014-09-17 13:23:00	--------	d-----w-	C:\ProgramData\HPSSUPPLY

====== C: exe-files ==
2014-09-29 18:56:22	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\e\Downloads\RSITx64 (1).exe
2014-09-25 04:57:44	7CA4092A339EA30DE8FF06D3FF79D6ED	749648	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.124\37.0.2062.124_37.0.2062.120_chrome_updater.exe
2014-09-24 11:59:53	D00C55CF399F28BDBEBC8A6EA294FEDA	11738960	----a-w-	C:\Program Files (x86)\PCRx\PCRx.exe
2014-09-24 11:59:53	3F05CA429CBC0AD4DF71886CC240B631	1333584	----a-w-	C:\Program Files (x86)\PCRx\PCRxTray.exe
2014-09-24 11:59:52	0CE853A77C5AB31A1186F27B67D4AC95	1223016	----a-w-	C:\Program Files (x86)\PCRx\unins000.exe
2014-09-24 11:59:06	DD5233803DE08A55BCDD453FB5FD4F24	4013368	----a-w-	C:\Users\e\Downloads\PCRxSetup.exe
2014-09-24 11:41:33	1B151CCE618BE06C22B55FD4B502B75E	1373475	----a-w-	C:\Users\e\Downloads\adwcleaner_3.310.exe
2014-09-24 10:53:55	916CEC665A9879DEB15BBDD943B7350B	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
2014-09-23 14:12:55	66C44E44A6D90F9F11E20CDE0CFD2614	611672	----a-w-	C:\Users\e\Desktop\BQCKUP My Data\All Users\Yahoo!\YUpdater\yudptemp.exe
2014-09-23 14:12:55	66C44E44A6D90F9F11E20CDE0CFD2614	611672	----a-w-	C:\ProgramData\Yahoo!\YUpdater\yudptemp.exe
2014-09-23 14:09:07	1356762E8B571738F2F19DB5B7881787	99770	----a-w-	C:\Program Files (x86)\Yahoo!\SoftwareUpdate\Uninst_AutoUpdater.exe
2014-09-23 14:08:58	E15FDCD7462654786241CC82A0950EFC	118576	----a-w-	C:\Program Files (x86)\Yahoo!\Common\unyt.exe
2014-09-23 14:08:45	973567B98CDFC147DF4E60471D9DF072	153088	----a-w-	C:\Program Files (x86)\Yahoo!\Messenger\UNWISE.EXE
2014-09-23 14:08:45	0D79D70E52EC15F47EC8CB3E64F138F2	9216	----a-w-	C:\Program Files (x86)\Yahoo!\Messenger\StartWrapper.exe
2014-09-23 14:08:44	027D0500A592CAED765B9E450129D89E	79192	----a-w-	C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
2014-09-23 14:08:43	66C44E44A6D90F9F11E20CDE0CFD2614	611672	----a-w-	C:\Users\e\Desktop\BQCKUP My Data\All Users\Yahoo!\YUpdater\yupdater.exe
2014-09-23 14:08:43	66C44E44A6D90F9F11E20CDE0CFD2614	611672	----a-w-	C:\ProgramData\Yahoo!\YUpdater\yupdater.exe
2014-09-23 14:08:40	127CD00925C1A2B759765C5B9600DE30	6595928	----a-w-	C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
2014-09-23 14:06:43	14146C17D988AABD7553E1C48D7FD976	691576	----a-w-	C:\Users\e\Downloads\msgr11us (1).exe
2014-09-23 14:04:54	14146C17D988AABD7553E1C48D7FD976	691576	----a-w-	C:\Users\e\Downloads\msgr11us.exe
2014-09-23 12:54:55	5DE7F38DDF7BA23895D8849C244F8D2D	2293608	----a-w-	C:\Users\e\Downloads\VASCOSmartCardReaderPlugin (2).exe
2014-09-23 04:44:55	5DE7F38DDF7BA23895D8849C244F8D2D	2293608	----a-w-	C:\Users\e\Downloads\VASCOSmartCardReaderPlugin (1).exe
2014-09-23 04:44:27	156F3B49286D575EBD9DE21302C1DF61	494600	------w-	C:\Users\e\AppData\Local\Package Cache\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}\VASCOSmartCardReaderPlugin.exe
2014-09-23 04:44:02	5DE7F38DDF7BA23895D8849C244F8D2D	2293608	----a-w-	C:\Users\e\Downloads\VASCOSmartCardReaderPlugin.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-728976382-3213218996-1014119386-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Google+ Auto Backup"="C:\Users\e\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"
"Start WingMan Profiler"="C:\Program Files (x86)\Logitech\Profiler\lwemon.exe /noui"
"WLSync"="C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe /background"
"Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"
"BigDog305"="C:\Windows\VM305_STI.EXE USB PC Camera VC305"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"PCRx"="C:\Program Files (x86)\PCRx\PCRxTray.exe /startup"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun"
"Google+ Auto Backup"="C:\Users\e\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"
"Start WingMan Profiler"="C:\Program Files (x86)\Logitech\Profiler\lwemon.exe /noui"
"WLSync"="C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe /background"
"Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey"

==== Startup Folders ======================

2014-04-04 10:03:22	2103	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2014-06-16 17:07:00	1189	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23/09/2014 20:47]
C:\Windows\tasks\DriverToolkit Autorun.job --a------ C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/02/2014 12:50]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/02/2014 12:50]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\DriverToolkit Autorun" [C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{1E13BE5A-49A9-4112-9864-8675D25138F9}" ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"]
"C:\Windows\SysNative\tasks\{C112CF25-387B-45B5-89BD-A9B57712A791}" ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/04/2014 12:04]

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== C:\zoek_backup content ======================

C:\zoek_backup (files=160 folders=70 34486786 bytes)

==== EOF on ma 29/09/2014 at 22:58:39,82 ======================