Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Christa on di 09/02/2016 at 16:44:35,05. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Christa\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 9/02/2016 16:47:35 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\Christa\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Christa\AppData\Local\EmieSiteList deleted successfully C:\Users\Christa\AppData\Local\EmieUserList deleted successfully C:\Users\Christa\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3920277992-1130943974-3322280642-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-3920277992-1130943974-3322280642-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-3920277992-1130943974-3322280642-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3920277992-1130943974-3322280642-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Windows\AutoKMS deleted C:\Users\Christa\AppData\Roaming\Mozilla\Firefox\Profiles\sigclx82.default-1452355372726\extensions\marcoagpinto@mail.telepac.pt deleted C:\fca303290426223e34ccfebaf7 deleted C:\Users\Christa\AppData\LocalLow\Unity deleted "C:\Windows\tasks\AutoKMS.job" deleted "C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE" deleted "C:\Program Files\Microsoft\BingBar" not deleted "C:\Users\Christa\AppData\Local\Unity" deleted "C:\Program Files\Microsoft\BingBar\7.1.355.0" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Christa\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2016-01-13 17:13:55 50D1D9B3C24E783B6A8451158215AA55 138176 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-01-13 17:13:54 E58CFE0F44B9775603BA70813D48D66A 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-01-13 17:13:51 D405E63A7FEED75B40ACE03E57B44AB5 225792 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-01-13 17:13:51 1D5CC65FECC628397CB72F87DD6A78F3 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-01-13 17:13:50 E688B7D9B5422F23102E1920E19473E9 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-01-13 17:12:45 A3F684B866A7D89AE396276CE7AFD416 5120 ----a-w- C:\Windows\System32\drivers\drmkaud.sys 2016-01-13 17:12:45 53F70F2B5ED939C0013D625F6444F5C7 81408 ----a-w- C:\Windows\System32\drivers\drmk.sys 2016-01-13 17:12:45 1F3096B1725382912803B6027AF4B94A 177152 ----a-w- C:\Windows\System32\drivers\portcls.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-02-08 18:30:24 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Christa\AppData\Roaming ====== 2016-01-30 16:36:02 A808168A8B9FCB6195CB3B864D3464E4 1464 ----a-w- C:\Users\Christa\AppData\Local\recently-used.xbel ====== C:\Users\Christa ====== 2016-02-08 18:27:59 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Christa\Downloads\RSIT.exe ====== C: exe-files == 2016-02-08 18:30:25 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Christa.exe 2016-02-08 18:27:59 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Christa\Downloads\RSIT.exe 2016-02-05 16:54:12 46D45B75D08B186F27C0879109FDC148 852560 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.103\48.0.2564.103_48.0.2564.97_chrome_updater_3stage.exe 2016-02-03 18:48:27 F489BF87E4B3E9CCEFA102CC347F180F 95048 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe 2016-02-03 18:48:27 A70C804C5BCC0BBFCB7E9173C32B0221 95048 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe 2016-02-03 18:48:27 1457C6AC71CAEC4D692FDD62155A9745 95048 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateBroker.exe 2016-02-03 18:48:26 A4C58EA455234AFD3B622D838CDE4C39 987728 ----a-w- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateSetup.exe 2016-02-03 18:48:21 ABF64234F3462571E66527828040219B 252232 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe 2016-02-03 18:48:21 8C17EAF5E4883284A75FC560C7F021AB 137544 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe 2016-02-03 18:48:21 750446ED76A5D13E902174DDDDA1A62B 154440 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleUpdate.exe 2016-02-03 18:48:21 2E6215108125A42160A1EC17208A50F0 313672 ----atw- C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler64.exe 2016-02-03 18:48:17 A4C58EA455234AFD3B622D838CDE4C39 987728 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.29.5\GoogleUpdateSetup.exe === C: other files == 2016-02-08 17:40:44 81516AF8EE3C18149463E7C5446CAAF6 18129 ----a-w- C:\Users\Christa\Pictures\Outlook.com.zip ==== Orphaned Tasks deleted from Registry ====================== AutoPico Daily Restart deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "jswtrayutil"="C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ==== Startup Folders ====================== 2015-07-03 12:11:34 1942 ----a-w- C:\Users\Christa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 3520 series.lnk 2015-06-08 16:22:07 870 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/01/2016 19:49] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2015 19:11] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3520 series" ["C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Christa\AppData\Roaming\Mozilla\Firefox\Profiles\sigclx82.default-1452355372726 - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Christa\AppData\Roaming\Mozilla\Firefox\Profiles\sigclx82.default-1452355372726 999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update 0205ADAFFDDF04F0F69200E5CFB5FFD9 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin A107920551356DAEE665F0884F34D2D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Google Slides - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Christa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.finder6.com_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.finder6.com_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.blobla.com_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.blobla.com_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shedeals.be_0.localstorage deleted successfully C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shedeals.be_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully ==== Empty IE Cache ====================== C:\Users\Christa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Christa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Christa\AppData\Local\Mozilla\Firefox\Profiles\sigclx82.default-1452355372726\cache2 will be emptied at reboot ==== Empty Chrome Cache ====================== C:\Users\Christa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5435 folders=1833 29437498 bytes) ==== Empty Temp Folders ====================== C:\Users\Christa\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Christa\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Microsoft\BingBar" not found ==== EOF on di 09/02/2016 at 17:13:34,71 ======================