Zoek.exe v5.0.0.0 Updated 24-10-2014 Tool run by Kim on vr 24-10-2014 at 21:17:53,76. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kim\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 24-10-2014 21:20:02 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Babylon C:\PROGRA~2\Evernote C:\Users\Kim\AppData\Roaming\PerformerSoft ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-8230857-1659337415-2449746315-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\found.000 deleted C:\Users\Kim\AppData\Roaming\Babylon deleted C:\Users\Kim\AppData\Roaming\PerformerSoft deleted C:\PROGRA~2\Avg_Update_0814av deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\PROGRA~2\IBUpdaterService deleted C:\PROGRA~2\Babylon deleted C:\Users\Public\sdelevURL.tmp deleted C:\Users\Kim\AppData\LocalLow\Claro LTD deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted C:\Windows\tasks\0814avUpdateInfo.job deleted C:\Windows\system32\tasks\0814avUpdateInfo deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\roboot.exe deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kim\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-10-17 16:41:04 1333DD61BA97EE3F9DF23A0D65A70AA0 230912 ----a-w- C:\Windows\System32\generaltel.dll 2014-10-17 16:41:04 0F655F9B3EBB3E05698B8F905F48953C 396288 ----a-w- C:\Windows\System32\aepdu.dll 2014-10-17 16:41:03 975CB5016F5C5520607F6CA6768F161B 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-10-17 16:41:02 348289FDF17FB4A1F23091F9463642D6 2379264 ----a-w- C:\Windows\System32\win32k.sys 2014-10-17 16:40:44 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\System32\rastls.dll 2014-10-17 16:40:42 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-10-17 16:40:42 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-10-17 16:40:42 8C8B6144B47FE37724590CA832ED26CA 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-10-17 16:40:41 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\System32\vbscript.dll 2014-10-17 16:40:41 CEA291F4C62ECBE1565EC4B37D9AF088 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-10-17 16:40:41 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-10-17 16:40:41 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-10-17 16:40:41 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-10-17 16:40:41 8F390C7AA11DF00FC3EF86FA72A939D2 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-10-17 16:40:40 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\System32\wininet.dll 2014-10-17 16:40:38 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\System32\dxtrans.dll 2014-10-17 16:40:37 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\System32\ieui.dll 2014-10-17 16:40:36 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-10-17 16:40:35 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-10-17 16:40:34 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-10-17 16:40:33 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\System32\iertutil.dll 2014-10-17 16:40:31 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-10-17 16:40:30 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\System32\jscript9.dll 2014-10-17 16:40:29 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\System32\mshtml.dll 2014-10-17 16:40:25 AF31CC5BAEB4916C0AF9AB062CFE8DA2 677888 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-10-17 16:40:25 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-10-17 16:40:25 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\System32\urlmon.dll 2014-10-17 16:40:24 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-10-17 16:40:24 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-10-17 16:40:23 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-10-17 16:40:23 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-10-17 16:40:21 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-10-17 16:40:21 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-10-17 16:40:20 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\System32\ieframe.dll 2014-10-17 16:40:20 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-10-17 16:40:10 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\System32\mscories.dll 2014-10-17 16:40:10 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\System32\mscorier.dll 2014-10-17 16:40:10 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\System32\dfshim.dll 2014-10-17 16:40:07 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\System32\locale.nls 2014-10-17 16:40:05 F1886C30C3E4A7C5513525CBA665AA31 6144 ----a-w- C:\Windows\System32\KBDTAT.DLL 2014-10-17 16:40:05 EB3D06A9EDFDFD12228AD7A9F24D15D6 5632 ----a-w- C:\Windows\System32\KBDRU.DLL 2014-10-17 16:40:05 40FFC65117C4AC69D33DEC6D567392FD 6144 ----a-w- C:\Windows\System32\KBDYAK.DLL 2014-10-17 16:40:05 33DB506498E0419CD50B144DE7CCFC75 6144 ----a-w- C:\Windows\System32\KBDBASH.DLL 2014-10-17 16:40:05 1235259E135F87BF4AE5864A818E1513 6144 ----a-w- C:\Windows\System32\KBDRU1.DLL 2014-10-17 16:39:58 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\System32\mstscax.dll 2014-10-17 16:39:58 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\System32\mstsc.exe 2014-10-17 16:39:57 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\System32\winsta.dll 2014-10-17 16:39:57 E05E31F7BF577228E27CFFCA5B54ABBD 523264 ----a-w- C:\Windows\System32\termsrv.dll 2014-10-17 16:39:57 B4203FC65D4C0D7A0B7A02AFD13472BB 130048 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2014-10-17 16:39:56 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\System32\credssp.dll 2014-10-17 16:39:56 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\System32\aaclient.dll 2014-10-17 16:39:56 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2014-10-17 16:39:20 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\System32\msi.dll 2014-10-17 16:39:02 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\System32\packager.dll ====== C:\Windows\system32\drivers ===== 2014-10-17 16:39:56 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-17 16:39:56 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-24 18:00:50 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Kim\AppData\Roaming ====== ====== C:\Users\Kim ====== ====== C: exe-files == 2014-10-24 18:00:51 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kim.exe 2014-10-24 17:59:46 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kim\Documents\Jeroen\RSIT.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-8230857-1659337415-2449746315-1000\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_0913b"="C:\Users\Kim\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 786253565cfe47d0aa4cd5343d91a1e3-69edd9f7e38f3cd1c6c16d4cceaa4c25c35ccb45 --CMPID 0913b" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "LManager"="C:\Program Files\Launch Manager\LManager.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_0913b"="C:\Users\Kim\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 786253565cfe47d0aa4cd5343d91a1e3-69edd9f7e38f3cd1c6c16d4cceaa4c25c35ccb45 --CMPID 0913b" ==== Startup Folders ====================== 2012-08-18 19:31:34 1280 ----a-w- C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2011-12-16 09:56:03 1728 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\Windows\system32\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\tykh0vs9.default-1414171210613 5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 7DD91826994E43192ABD0BD2AABE7954 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll - WildTangent Games App V2 Presence Detector 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully ==== Empty IE Cache ====================== C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Kim\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kim\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGI00BDL will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Kim\AppData\Local\Mozilla\Firefox\Profiles\tykh0vs9.default-1414171210613\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=28 folders=14 2829008 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kim\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kim\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGI00BDL" not found ==== EOF on vr 24-10-2014 at 21:55:18,11 ======================