Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by ErikD on zo 31/07/2016 at 10:24:07,59. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\ErikD\Documents\Mijn ontvangen bestanden\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-07-28-194308.log 34178 bytes C:\zoek-results2016-07-30-122314.log 1789955 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Folders Found ====================== 2011-03-03 13:26:59 2016-07-29 18:27:41 -------- d-----w- C:\ProgramData\Trend Micro 2011-03-03 13:26:59 2016-07-29 18:27:41 -------- d-----w- C:\Users\All Users\Trend Micro 2016-07-29 16:53:32 2016-07-29 16:53:32 -------- d-----w- C:\Users\ErikD\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Trend Micro-29072016-185332 2016-07-29 18:19:02 2016-07-29 18:19:02 -------- d-----w- C:\Users\ErikD\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Trend Micro-29072016-201902 2016-07-30 11:29:44 2016-07-30 11:38:03 -------- d---a-w- C:\zoek_backup\C_Program Files_Trend Micro_Security Agent ==== Files Found ====================== ==== Registry Search Results for "Trend Micro" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE234DE8-69D8-425C-8E33-8D81E4ADAEBD}\1.0\0\win32] @="C:\\Program Files\\Trend Micro\\Security Agent\\TmIEPlg.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP] "InstallDir"="C:\\Program Files\\Trend Micro\\Security Agent\\CCSF\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy] "TempPath"="C:\\Program Files\\Trend Micro\\Security Agent\\Temp\\TmpxTmp\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy] "InstallPath"="C:\\Program Files\\Trend Micro\\Security Agent\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy] "LogPath"="C:\\Program Files\\Trend Micro\\Security Agent\\Temp\\TmpxTmp\\Log\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy] "ErrTitle"="Trend Micro Proxy Service Installation" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\Scan\Common\AntiSpam\config] "RulePath"="C:\\Program Files\\Trend Micro\\Security Agent\\AspmData\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\Scan\Common\MailManager\config] "DisclaimerSubject"="Trend Micro OfficeScan detected and took action on a malicious email" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\Scan\Common\MailManager\config] "DisclaimerAddress"="Trend Micro" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion] "Application Path"="C:\\Program Files\\Trend Micro\\Security Agent\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.] "ProductName"="Trend Micro Worry-Free Business Security" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration] "VSApiNTHome"="C:\\Program Files\\Trend Micro\\Security Agent\\" [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\Add PIDs] "C:\\Program Files\\Trend Micro\\Security Agent\\PccNTMon.exe"=dword:0000100c [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\TMAS] "TMASInstallPath"="C:\\Program Files\\Trend Micro\\Security Agent\\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TMFILTER\0000] "DeviceDesc"="Trend Micro Filter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TMPREFILTER\0000] "DeviceDesc"="Trend Micro PreFilter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TMTDI\0000] "DeviceDesc"="Trend Micro TDI Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VSAPINT\0000] "DeviceDesc"="Trend Micro VSAPI NT" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Worry-Free Business Security] "CategoryMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Worry-Free Business Security] "EventMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Worry-Free Business Security] "ParameterMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Perf_iCrcPerfMonMgr\Performance] "Library"="C:\\Program Files\\Trend Micro\\Security Agent\\perfiCrcPerfMonMgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmactmon] "Description"="Trend Micro Activity Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmcomm] "Description"="Trend Micro Common Engine Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmevtmgr] "Description"="Trend Micro Event Manager Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TmFilter] "DisplayName"="Trend Micro Filter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TmFilter] "CurrentPatternName"="C:\\Program Files\\Trend Micro\\Security Agent\\ssaptn.749" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TmPreFilter] "DisplayName"="Trend Micro PreFilter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmtdi] "DisplayName"="Trend Micro TDI Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmumh] "Description"="Trend Micro User Mode Hook Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmumh] "HPCCache"="\\Device\\HarddiskVolume2\\Program Files\\Trend Micro\\Security Agent\\CCSF\\module\\20019\\hpc.ts" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tmumh] "DCLCache"="\\Device\\HarddiskVolume2\\Program Files\\Trend Micro\\Security Agent\\CCSF\\module\\20019\\dcl.ts" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSApiNt] "DisplayName"="Trend Micro VSAPI NT" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TMFILTER\0000] "DeviceDesc"="Trend Micro Filter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TMPREFILTER\0000] "DeviceDesc"="Trend Micro PreFilter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TMTDI\0000] "DeviceDesc"="Trend Micro TDI Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_VSAPINT\0000] "DeviceDesc"="Trend Micro VSAPI NT" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Worry-Free Business Security] "CategoryMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Worry-Free Business Security] "EventMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Worry-Free Business Security] "ParameterMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Perf_iCrcPerfMonMgr\Performance] "Library"="C:\\Program Files\\Trend Micro\\Security Agent\\perfiCrcPerfMonMgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmactmon] "Description"="Trend Micro Activity Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmcomm] "Description"="Trend Micro Common Engine Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmevtmgr] "Description"="Trend Micro Event Manager Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\TmFilter] "DisplayName"="Trend Micro Filter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\TmFilter] "CurrentPatternName"="C:\\Program Files\\Trend Micro\\Security Agent\\ssaptn.749" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\TmPreFilter] "DisplayName"="Trend Micro PreFilter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmtdi] "DisplayName"="Trend Micro TDI Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmumh] "Description"="Trend Micro User Mode Hook Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmumh] "HPCCache"="\\Device\\HarddiskVolume2\\Program Files\\Trend Micro\\Security Agent\\CCSF\\module\\20019\\hpc.ts" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\tmumh] "DCLCache"="\\Device\\HarddiskVolume2\\Program Files\\Trend Micro\\Security Agent\\CCSF\\module\\20019\\dcl.ts" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\VSApiNt] "DisplayName"="Trend Micro VSAPI NT" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMFILTER\0000] "DeviceDesc"="Trend Micro Filter" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMPREFILTER\0000] "DeviceDesc"="Trend Micro PreFilter" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TMTDI\0000] "DeviceDesc"="Trend Micro TDI Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSAPINT\0000] "DeviceDesc"="Trend Micro VSAPI NT" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Worry-Free Business Security] "CategoryMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Worry-Free Business Security] "EventMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Worry-Free Business Security] "ParameterMessageFile"="C:\\Program Files\\Trend Micro\\Security Agent\\TMNotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Perf_iCrcPerfMonMgr\Performance] "Library"="C:\\Program Files\\Trend Micro\\Security Agent\\perfiCrcPerfMonMgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon] "Description"="Trend Micro Activity Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmcomm] "Description"="Trend Micro Common Engine Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmevtmgr] "Description"="Trend Micro Event Manager Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmFilter] "DisplayName"="Trend Micro Filter" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmFilter] "CurrentPatternName"="C:\\Program Files\\Trend Micro\\Security Agent\\ssaptn.749" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmPreFilter] "DisplayName"="Trend Micro PreFilter" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmtdi] "DisplayName"="Trend Micro TDI Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmumh] "Description"="Trend Micro User Mode Hook Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmumh] "HPCCache"="\\Device\\HarddiskVolume2\\Program Files\\Trend Micro\\Security Agent\\CCSF\\module\\20019\\hpc.ts" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmumh] "DCLCache"="\\Device\\HarddiskVolume2\\Program Files\\Trend Micro\\Security Agent\\CCSF\\module\\20019\\dcl.ts" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSApiNt] "DisplayName"="Trend Micro VSAPI NT" [HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_USERS\S-1-5-19\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\S-1-5-19\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_USERS\S-1-5-20\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\S-1-5-20\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123\Software\Classes\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123\Software\Classes\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123_Classes\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\S-1-5-21-1619535343-1243465146-1099412663-1123_Classes\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" [HKEY_USERS\S-1-5-18\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "FriendlyName"="Trend Micro Anti-Spam Addin" [HKEY_USERS\S-1-5-18\Software\Microsoft\Office\Outlook\Addins\TMAS_OLA.OLAgent] "Description"="Trend Micro Anti-Spam Agent for Outlook" ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [30/07/2016 14:55] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - No path found[] Invite All (for Facebook) - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih Avast Online Security - ErikD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki ==== Chromium Startpages ====================== C:\Users\ErikD\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}&rlz=1I7ADSA_nlBE481" ==== Empty IE Cache ====================== C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bnsadmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\ErikD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ErikD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\ErikD\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=9832 folders=335 4006145600 bytes) ==== Empty Temp Folders ====================== C:\Users\administrator\AppData\Local\Temp emptied successfully C:\Users\bnsadmin\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\erik\AppData\Local\Temp emptied successfully C:\Users\ErikD\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ErikD\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 31/07/2016 at 11:16:56,06 ======================