Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by ldv on wo 21/01/2015 at  9:55:11,56.
Microsoft® Windows Vista™ Business  6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\ldv\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-03-22-091349.log	20812 bytes
C:\zoek-results2015-01-20-070055.log	27347 bytes

==== Empty Folders Check ======================

C:\Users\ldv\AppData\Local\Acer PowerSaver deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531182} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411391105} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2361067941-1604562449-4282051081-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A13C2648-91D4-4BF3-BC6D-0079707C4389} deleted successfully

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-12-24 11:43:12	65541F7F9075194CDA176FBAE8977560	308224	----a-w-	C:\Windows\IsUn0413.exe
====== C:\Users\ldv\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
2015-01-17 06:23:51	8D83E8C20A20B6E4D0ABCA3204C2C70A	3162	----a-w-	C:\Windows\system32\Tasks\avastBCLRestartS-1-5-21-2361067941-1604562449-4282051081-1003
2014-12-26 10:05:18	939ED4A55880F970BB4B13513AD0358A	3874	----a-w-	C:\Windows\system32\Tasks\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\ldv\AppData\Roaming ======
2015-01-21 08:44:36	--------	d-----w-	C:\Users\ldv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-20 06:57:52	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-20 06:57:52	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-20 06:57:52	--------	d-----w-	C:\Users\ldv\AppData\Local\Temp
2015-01-20 06:57:52	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-01-20 06:57:52	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
====== C:\Users\ldv ======
2015-01-17 06:29:06	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\ldv\Downloads\RSIT(1).exe
2015-01-16 14:44:07	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\ldv\Downloads\RSIT.exe

====== C: exe-files ==
2015-01-18 12:58:23	BA7DC0C9141BE7292CA7E744B6F19F26	897104	----a-w-	C:\Program Files\Google\Update\Install\{4C308190-CB82-472C-8676-11ACE2A2B090}\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-18 12:58:23	BA7DC0C9141BE7292CA7E744B6F19F26	897104	----a-w-	C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-17 06:29:06	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\ldv\Downloads\RSIT(1).exe
2015-01-16 14:44:07	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\ldv\Downloads\RSIT.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-2361067941-1604562449-4282051081-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE /EPT EPLTarget\P0000000000000000 /M Epson Stylus SX235"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe -startup"
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot"
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"Acer PowerSaver"="C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe"
"Acer SmartBoot"="C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe"
"AutoLockProcess"="C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe"
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE /EPT EPLTarget\P0000000000000000 /M Epson Stylus SX235"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

==== Startup Folders ======================

2014-12-24 11:45:38	1154	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/01/2015 13:41]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/02/2013 10:32]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/02/2013 10:32]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-PC_van_ldv-ldv" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\avastBCLRestartS-1-5-21-2361067941-1604562449-4282051081-1003" [C:\Program Files\Mozilla Firefox\firefox.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\SymErr.exe]
"C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/12/2014 17:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ldv\AppData\Roaming\Mozilla\Firefox\Profiles\wiqftbrl.default
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\ldv\AppData\Roaming\Mozilla\Firefox\Profiles\wiqftbrl.default
8560995C727974F27F2A1CE68909FEB9	- C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll -	Shockwave Flash
39309FEDDFA73FAE29EC99A07A55A3E8	- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
647670C013AD60DA6F94B6881E6AC9E4	- C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
D2377C9458EFEB094E38B8C874AA214C	- C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll -	Google Update
893BF7D2261C56C24F813405D9D018E0	- C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -	Silverlight Plug-In
C517E5EA7CEE783F3681F62D2A362E5B	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live? Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
8DA2ED6B04EA33F2EAE8BA883F903729	- C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -	Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/12/2014 17:01]

avast Online Security - ldv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - ldv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== C:\zoek_backup content ======================

C:\zoek_backup (files=247 folders=38 16550665 bytes)

==== EOF on wo 21/01/2015 at 10:00:06,74 ======================