Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Hilaire on di 01/03/2016 at 13:38:24,46. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hilaire\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-02-29-155832.log 55528 bytes C:\zoek-results2016-03-01-101026.log 6397 bytes C:\zoek-results2016-03-01-104740.log 82934 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AV] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AV\LinkScanner] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AV\LinkScanner\Prevalence] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\BrowserCleaner] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Dashboard] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\DuplicateFileFinder] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Maintenance] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Maintenance\Execution] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Maintenance\Execution\DiskCleaner] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Maintenance\Execution\ShortcutCleaner] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Nag] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Nag\Default] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\PCHealth] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\PerformanceOptimizer] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\ProgramDeactivator] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\RegGmsCache] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\Shortcuts] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\StartUpManager] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\TuningDefinition] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\UtilitiesSvc] [-HKEY_LOCAL_MACHINE\SOFTWARE\Avg\AWL\WelcomeScreen] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Tuneup] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Web TuneUp] [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] "Path"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR] @=- @=- @=- @=- @=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR] [HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui] @=- [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui] [-HKEY_USERS\.DEFAULT\Software\AVG] [-HKEY_USERS\.DEFAULT\Software\AVG\AWL] [-HKEY_USERS\.DEFAULT\Software\Avg Secure Update] [-HKEY_USERS\.DEFAULT\Software\Avg Secure Update\0116tb] [-HKEY_USERS\.DEFAULT\Software\Avg Secure Update\0615piz] [-HKEY_USERS\.DEFAULT\Software\Avg Secure Update\0815sc] [HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui] @=- [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\Avgdiag] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\BrowserCleaner] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\BrowserCleaner\1366x768x96] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\DiskCleaner] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\DiskCleaner\1366x768x96] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\Integrator] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\Nag] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\Nag\Default] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\Notifications] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\Statistics] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\Statistics\Shortcut Cleaner] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\UtilitiesService] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg\AWL\UtilitiesService\LiveOptimization] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg Secure Update] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg Secure Update\0116tb] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg Secure Update\0615piz] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Avg Secure Update\0815sc] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart] [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert] [-HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui] [-HKEY_USERS\S-1-5-18\Software\AVG] [-HKEY_USERS\S-1-5-18\Software\AVG\AWL] [-HKEY_USERS\S-1-5-18\Software\Avg Secure Update] [-HKEY_USERS\S-1-5-18\Software\Avg Secure Update\0116tb] [-HKEY_USERS\S-1-5-18\Software\Avg Secure Update\0615piz] [-HKEY_USERS\S-1-5-18\Software\Avg Secure Update\0815sc] [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\SecureLine] "DataFolder"=- [HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\SecureLine] "ProgramFolder"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until] "AVAST Software"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00AB3925-B470-4264-B354-03E373074F23}] "AppPath"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\SecureLine] [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast Mail Scanner Trusted] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast Mail Scanner Trusted\Certificates] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast Mail Scanner Trusted\CRLs] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast Mail Scanner Trusted\CTLs] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache\Certificates] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache\Certificates\140BEE426B650835601789488B1FB423F8148428] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache\Certificates\858CFE79447E8B7CC080AC09A695CB0DE78D8B15] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache\Certificates\86F63A58856B7EA665B0705D960361557250C55C] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache\CRLs] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\avast SSL Scanner Cache\CTLs] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL\Dashboard] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL\OneClick] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL\PerformanceOptimizer] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL\Dashboard] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL\OneClick] [-HKEY_USERS\S-1-5-21-3514900110-1255315834-3301955316-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Avg\AWL\PerformanceOptimizer] ==== Deleting Files \ Folders ====================== C:\Program Files\Common Files\AVG Secure Search deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avgsvca.exe_81d410e5b0b6aa24580ae8ae9c17fd77228369_6e0b5e8a_05067a8f deleted C:\Users\Default\AppData\Roaming\AVG deleted C:\Users\Hilaire\AppData\Local\Avg deleted C:\Users\Hilaire\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp deleted C:\Users\Hilaire\AppData\Local\VirtualStore\ProgramData\Avg deleted C:\windows\SysNative\config\systemprofile\AppData\Local\Avg deleted C:\Windows\syswow64\config\systemprofile\AppData\Local\Avg deleted C:\Windows\syswow64\config\systemprofile\AppData\Local\AvgSetupLog deleted C:\Windows\syswow64\config\systemprofile\AppData\Roaming\AVG deleted "C:\Users\Hilaire\AppData\Local\MFAData\logs\avguiru.log" deleted "C:\Users\Hilaire\AppData\Roaming\Opera Software\Opera Stable\Extensions\joakolhgkjffhhlmpikacioigeendmeb\1.30.2.3192_0\build\images\header\header_logo_AVG.png" deleted "C:\Windows\prefetch\AVGNDISA.EXE-31A4915C.pf" deleted "C:\Windows\prefetch\AVGSETUPX.EXE-3CD9C280.pf" deleted "C:\Windows\prefetch\AVGSETUPX.EXE-632D2476.pf" deleted "C:\Windows\prefetch\AVGUI.EXE-1AE35A5F.pf" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection\Avast SecureLine.lnk" deleted "C:\SYSTEM.SAV\Logs\Avast.log" deleted "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Security and Protection\Avast SecureLine.lnk" deleted "C:\Windows\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-6191B30F.pf" deleted "C:\Windows\prefetch\AVAST_INTERNET_SECURITY_SETUP-25C0C3A9.pf" deleted "C:\windows\SysNative\DriverStore\FileRepository\avgfwfd6.inf_amd64_5a3602f029ed748e" deleted ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1096 folders=182 327199456 bytes) ==== EOF on di 01/03/2016 at 13:43:22,52 ======================