Zoek.exe v5.0.0.0 Updated 07-October-2014 Tool run by noot1 on vr 10/10/2014 at 14:45:49,67. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\noot1\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 10/10/2014 14:47:55 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\Program Files\log deleted successfully C:\Users\noot1\AppData\Local\VirtualStore deleted successfully C:\Users\sacha_000\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\SetStretch.VBS deleted C:\PROGRA~3\Avg_Update_0214d deleted C:\PROGRA~3\Avg_Update_0814avt deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\noot1\Downloads\avg_free_stb_all_2014_4577_cnet.exe deleted C:\Users\noot1\Downloads\avg_free_stb_all_2014_4765_cnet.exe deleted C:\Windows\tasks\0214dUpdateInfo.job deleted C:\windows\SysNative\tasks\0214dUpdateInfo deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-09-14 07:28:23 ACDBE1ED38167C8B01B8F63161BB2CEA 2374784 ----a-w- C:\Windows\explorer.exe ====== C:\Users\noot1\AppData\Local\Temp ==== 2014-09-30 20:45:48 A75988E32C623DD43071861E5677CFE2 117248 ------w- C:\Users\noot1\AppData\Local\Temp\Temp1_windsurfing-de-max-4lbhc2obheer.zip\windsurfing-de-542b1679\Prezi.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-09-14 07:27:46 FEBAA7D782E30882FFF1CBCBBE8AD467 2515264 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-09-14 07:27:41 6416E79A58A8FCC33A447A4DDDD3BF04 412160 ----a-w- C:\Windows\Sysnative\drivers\srv.sys 2014-09-14 07:27:39 038C77D577900EE39410662478BB0D50 2009920 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2014-09-14 07:27:38 5BED3AB69797C8786EF70AEA8C33748B 674816 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2014-09-14 07:27:37 97B9076611291AE4C4C107BC915BD026 1200640 -c--a-w- C:\Windows\Sysnative\drivers\bthport.sys 2014-09-14 07:27:37 77E1D08EF3BFB923F2EDC3FC8089E08E 475968 ----a-w- C:\Windows\Sysnative\drivers\netio.sys 2014-09-14 07:27:34 240C5C3793206725AA05665851E8C214 412992 -c--a-w- C:\Windows\Sysnative\drivers\spaceport.sys 2014-09-14 07:27:33 FF78D053A05E5A394F4E3C1816CC65A8 143680 -c--a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2014-09-14 07:27:32 64CA2B4A49A8EAF495E435623ECCE7DB 310080 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys 2014-09-14 07:27:30 65392F3F3F65E4C6CC82A0F4F8A0B051 468288 -c--a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS 2014-09-14 07:27:27 D047CD668E6277FD80F0C613946F034C 246272 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2014-09-14 07:27:27 26ACA481FAFEC59FE311D719E3027BBA 446976 ----a-w- C:\Windows\Sysnative\drivers\nwifi.sys 2014-09-14 07:27:26 FEF0BC107812B36849741C3211BA6B60 419648 -c--a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-09-14 07:27:23 9C096BF5E10CA8BFA56F32522A89FAF1 79872 ----a-w- C:\Windows\Sysnative\drivers\IPMIDrv.sys 2014-09-14 07:27:22 E4B4BE2D7750849C07589DA0B0AABA01 1118040 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys 2014-09-14 07:27:22 B1AA3B19A2E596A59224F893E01A5A75 126464 ----a-w- C:\Windows\Sysnative\drivers\NdisImPlatform.sys 2014-09-14 07:27:21 E0927EFA25D473367C3341B9F5969779 115712 ----a-w- C:\Windows\Sysnative\drivers\bridge.sys 2014-09-14 07:27:21 D4B7ED39C7900384D9E5C1283F1E7926 76800 -c--a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys 2014-09-14 07:27:21 C910E5D18958914A66F0E45689D0B40A 206848 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2014-09-14 07:27:18 91ED124E261EA8FAA1C0FFDF2A71B0C4 280384 -c--a-w- C:\Windows\Sysnative\drivers\pci.sys 2014-09-14 07:27:16 1DD05F4857C2188744B9E864658949DD 295424 ----a-w- C:\Windows\Sysnative\drivers\ks.sys 2014-09-14 07:27:07 25BB93167DEF270188072603F92A1EF5 118272 -c--a-w- C:\Windows\Sysnative\drivers\bthpan.sys 2014-09-14 07:20:55 8DF1254093B5C354CE725EB6B9B0DE19 146752 ----a-w- C:\Windows\Sysnative\drivers\msgpioclx.sys ====== C:\Windows\Tasks ====== 2014-09-24 05:36:37 067D2023848820210A68F3CC3D4524DB 3718 ----a-w- C:\Windows\Sysnative\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-09 13:00:25 -------- d-----w- C:\Program Files\trend micro 2014-10-08 11:30:57 -------- d-----w- C:\Program Files\Microsoft Silverlight ======= C:\PROGRA~2 ===== 2014-10-08 11:30:57 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight ======= C: ===== 2014-10-10 13:34:15 !HASH: COULD NOT OPEN FILE !!!!! 0 --sha-w- C:\DkHyperbootSync ====== C:\Users\noot1\AppData\Roaming ====== ====== C:\Users\noot1 ====== 2014-10-09 13:00:18 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\noot1\Downloads\RSITx64.exe 2014-10-08 11:30:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-08 11:30:36 2EDE6612B7042D8582819CAB084E6883 13087456 ----a-w- C:\Users\noot1\Downloads\Silverlight_x64.exe ====== C: exe-files == 2014-10-10 13:40:59 0C6023D07A02E41C0C9296FA9ED594D7 420672 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00006575\CoProc update.18962103.exe 2014-10-10 13:40:55 A4E33DFE4EA5A3FFAF3A645B00B974C0 4141792 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00006572\DAO.18959739.exe 2014-10-09 13:00:25 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\noot1.exe 2014-10-09 13:00:18 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\noot1\Downloads\RSITx64.exe 2014-10-08 11:30:36 2EDE6612B7042D8582819CAB084E6883 13087456 ----a-w- C:\Users\noot1\Downloads\Silverlight_x64.exe 2014-10-08 09:08:54 A86AF0D4BD6C4C89CFCA6350570AE79C 418920 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00006505\CoProc update.18950239.exe 2014-10-08 09:08:43 F9AC67F09676BE0D70C52012F6D8AC2F 4131072 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000064fe\DAO.18949842.exe 2014-10-07 09:07:24 E5584A668D456367FAE1A386CB6C55B2 4082680 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000064f6\DAO.18947111.exe 2014-10-07 09:07:01 C845DDBD1370674C09A351E2BD0AB2B0 418624 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000064ef\CoProc update.18946249.exe 2014-10-05 08:01:43 BE149FBFA4B72F94B08BCEC8824EA373 417416 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000064ec\CoProc update.18944339.exe 2014-10-03 21:00:17 C0C5D82A1094440391E28015B6CEAFD9 4082712 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000064e9\DAO.18941849.exe === C: other files == 2014-10-10 12:02:33 BB41A478857EF95CA48FD9BCEBE338F8 22938151 ----a-w- C:\Users\noot1\Downloads\wetransfer-9dae17.zip ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "WebStorage"="C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DptfPolicyLpmServiceHelper"="C:\Windows\system32\DptfPolicyLpmServiceHelper.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2014 19:16] C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf688f5eb93961.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/05/2014 20:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf688f5ed2b8d5.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/05/2014 20:20] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files\ASUS\P4G\InsOnCfg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update1" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS Live Update2" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Patch for Touch Panel" [C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe] "C:\Windows\SysNative\tasks\ASUS Smart Gesture Launcher" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\Windows\SysNative\tasks\ASUS Splendid ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\ASUS Splendid ColorU" [C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe] "C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\Windows\SysNative\tasks\ASUS Vivokey" [C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe] "C:\Windows\SysNative\tasks\AsusVibeSchedule" ["C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1cf688f5eb93961" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf688f5ed2b8d5" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\Windows\SysNative\tasks\P4GIntlCtrl" [C:\Program Files\ASUS\P4G\IntlDPST.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A6A8486C-D1DF-4A31-AEF8-5222BF889825}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 12:36] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\noot1\AppData\Roaming\Mozilla\Firefox\Profiles\dh4zg8ql.default-1412762129469 DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] Google Docs - noot1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - noot1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - noot1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - noot1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - noot1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - noot1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - sacha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - sacha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - sacha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - sacha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - sacha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - sacha_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\noot1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bsplayer.nl.softonic.com_0.localstorage deleted successfully C:\Users\noot1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bsplayer.nl.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\noot1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\sacha_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\noot1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\sacha_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\noot1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\noot1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\sacha_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\noot1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\sacha_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=32 folders=23 46661249 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\noot1\AppData\Local\Temp will be emptied at reboot C:\Users\sacha_000\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\noot1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 10/10/2014 at 15:49:43,60 ======================