Zoek.exe v5.0.0.0 Updated 19-10-2014 Tool run by home on di 21/10/2014 at 17:55:02,93. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\home\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 21/10/2014 18:01:45 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Peggle deleted successfully C:\Program Files\PortalMore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2831626779-2003784964-1593610675-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2831626779-2003784964-1593610675-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2831626779-2003784964-1593610675-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ppqkw0us.default-1401549750208 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20142110_1852_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blindman.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDFiles.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDMain.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDWinSec.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSScheduler.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" ==== Deleting Files \ Folders ====================== C:\ProgramData\Trymedia deleted C:\Program Files\Driver-Soft deleted C:\Users\home\AppData\Roaming\msconfig.ini deleted C:\Users\home\AppData\Roaming\AlawarEntertainment deleted C:\Users\home\AppData\Roaming\Performersoft deleted C:\PROGRA~2\DriverGenius deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Windows\System32\Tasks\PC Performer Logon Scan deleted C:\Windows\System32\Tasks\PC Performer Scheduled Scan deleted C:\Users\home\Downloads\avg_free_stb_all_2015_5315_cnet.exe deleted C:\Users\home\Downloads\VideoPerformerSetup.exe deleted C:\Windows\performersoftsetup.dll deleted C:\Windows\system32\Tasks\LaunchSignup deleted C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ppqkw0us.default-1401549750208\searchplugins\trovi-search.xml deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\home\AppData\Local\Temp ==== 2014-10-09 12:00:28 D2F31D4BCB2F93E137EED54A8F4C8874 733656 ----a-w- C:\Users\home\AppData\Local\Temp\JOBRUVFEILJ\tmppack.exe 2014-10-09 12:00:22 D2F31D4BCB2F93E137EED54A8F4C8874 733656 ----a-w- C:\Users\home\AppData\Local\Temp\OBKIFJV\tmppack.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2014-10-20 12:37:54 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-21 14:08:02 -------- d-----w- C:\Program Files\trend micro 2014-10-06 17:35:55 -------- d-----w- C:\Program Files\Steveredrum 2014-10-06 17:32:34 -------- d-----w- C:\Program Files\BFG 2014-10-05 08:15:49 -------- d-----w- C:\Program Files\Portable ======= C: ===== ====== C:\Users\home\AppData\Roaming ====== 2014-10-21 15:29:55 8CE1FCFF77CB2ABFC1118757C1BFA57C 138664 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-10-21 15:17:56 -------- d-----w- C:\Users\home\AppData\Roaming\TuneUp Software 2014-10-18 06:20:39 -------- d-----w- C:\Users\home\AppData\Roaming\SEGA 2014-10-18 06:20:14 -------- d-----w- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-10-06 17:36:33 -------- d-----w- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Peggle Nights Deluxe 2014-10-05 08:16:46 -------- d-----w- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs ====== C:\Users\home ====== 2014-10-21 15:23:13 A7B5B42365A80A7C4C5E10C662253456 4714656 ----a-w- C:\Users\home\Downloads\avira_en_av___ws.exe 2014-10-21 15:07:12 -------- d--h--w- C:\ProgramData\Common Files 2014-10-21 14:51:24 27D9039FC25B4418755AC54E0E09FA32 91906368 ----a-w- C:\Users\home\Downloads\avast_free_antivirus_setup.exe 2014-10-21 14:50:21 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\home\Downloads\avast_free_antivirus_setup_online.exe 2014-10-21 14:04:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\home\Downloads\RSIT(2).exe 2014-10-21 14:03:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\home\Downloads\RSIT.exe 2014-10-21 14:03:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\home\Downloads\RSIT(1).exe 2014-10-06 17:36:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle Nights Deluxe 2014-10-05 08:17:11 -------- d-----w- C:\ProgramData\PopCap Games ====== C: exe-files == 2014-10-21 14:08:03 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\home.exe === C: other files == 2014-10-18 06:20:02 D41D8CD98F00B204E9800998ECF8427E 0 ------w- C:\Users\home\Downloads\Sonic Heroes (Direct Play)\SONICHEROES\SONICHEROES\SECDRV.SYS ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2831626779-2003784964-1593610675-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Users\home\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Users\home\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:@C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ppqkw0us.default-1401549750208 - Flash Player - %ProfilePath%\extensions\M1uwW0@47z8gRpK8sULXXLivB.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\ppqkw0us.default-1401549750208 9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] flliilndjeohchalpbbcdekjklbdgfkk - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2831626779-2003784964-1593610675-1000\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully ==== Empty IE Cache ====================== C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\home\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\home\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=30 folders=19 10961365 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\home\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\home\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\McAfee Security Scan" not deleted "C:\PROGRA~2\McAfee" not deleted "C:\PROGRA~2\McAfee Security Scan" not deleted ==== EOF on di 21/10/2014 at 19:17:09,28 ======================