
Zoek.exe Version 4.0.0.1 Updated 24-January-2013
Tool run by gebruiker on za 26/01/2013 at 14:22:04,73.
Microsoft Windows 7 Professional  6.1.7600  x86
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2580319987-2403226320-272165444-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully
HKEY_USERS\S-1-5-21-2580319987-2403226320-272165444-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2580319987-2403226320-272165444-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully
HKEY_USERS\S-1-5-21-2580319987-2403226320-272165444-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\rjdni0pq.default

user.js not found
---- Lines search.conduit.com removed from prefs.js ----

user_pref("CT2849859.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=2&q=");
user_pref("CT2849859.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2849859&SearchSource=13");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2849859/CT2849859", "\"4fe4478b1465fcd6c384aabccee641cb3\"");
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=2&q=");

---- Lines search.conduit.com modified from prefs.js ----


---- Lines {2d8d9acc-f6d7-4362-8876-a275ca929591} removed from prefs.js ----


---- Lines {2d8d9acc-f6d7-4362-8876-a275ca929591} modified from prefs.js ----

user_pref("extensions.enabledAddons", "{2d8d9acc-f6d7-4362-8876-a275ca929591}:3.16.0.3,{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.5.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"mtime\":1335713121675}}},{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"D:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\",\"mtime\":1323275570752},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"D:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1335698415133}}},{\"name\":\"app-profile\",\"addons\":{\"{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\":{\"descriptor\":\"C:\\\\Users\\\\gebruiker\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rjdni0pq.default\\\\extensions\\\\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi\",\"mtime\":1357986634815},\"{2d8d9acc-f6d7-4362-8876-a275ca929591}\":{\"descriptor\":\"C:\\\\Users\\\\gebruiker\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\rjdni0pq.default\\\\extensions\\\\{2d8d9acc-f6d7-4362-8876-a275ca929591}\",\"mtime\":1352482058172}}}]");

---- FireFox user.js and prefs.js backups ---- 

prefs_20132601_1423_.backup

==== Deleting Files \ Folders ======================

"c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk" deleted
"C:\program files\BittorrentBar_NL" deleted
"C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\rjdni0pq.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}" deleted
"C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\rjdni0pq.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-01-05 14:08:34	--------	d-----w-	C:\Program Files\Common Files\Adobe
======= C: =====
====== C:\Users\gebruiker\AppData\Roaming ======
2013-01-05 14:09:22	--------	d-----w-	C:\users\gebruiker\AppData\Locallow\Adobe
2013-01-05 14:09:22	--------	d-----w-	C:\users\gebruiker\AppData\Local\Adobe
====== C:\Users\gebruiker ======
2013-01-24 16:31:29	F647C65825C77E1E29E457527CA4749A	2959	----a-w-	C:\ProgramData\dsgsdgdsgdsgw.js
2013-01-24 16:31:26	396BE33B9BA82D956CC77FB39B7AA7AE	95023320	----atw-	C:\ProgramData\dsgsdgdsgdsgw.pad

====== C: exe-files ==
2013-01-25 22:43:00	68B59B1AEF0DFC71005836216A29BB65	700768	----a-w-	C:\Users\gebruiker\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.56\24.0.1312.56_24.0.1312.52_chrome_updater.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2580319987-2403226320-272165444-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Folders ======================

2011-07-30 10:35:59	1270	----a-w-	C:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
2012-08-11 17:47:44	1723	----a-w-	C:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
2011-05-06 13:59:17	757	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk

==== Task Scheduler Jobs ======================


==== Firefox Extensions ======================

ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\rjdni0pq.default
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\rjdni0pq.default
9AC863FD5976316C29D4CB5E4C9EFD9C	- C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll -	Shockwave Flash
89AC2634B447B7917CC8CF99127CF50D	- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
3FCF47BD73094FA62D81373515F46110	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
C04FCB7EEBEB5097B30468828F20FB9E	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U9
2C82D753EF779945977C82A3908DA20A	- C:\Windows\system32\npDeployJava1.dll -	Java Deployment Toolkit 7.0.90.5
C7794A997CEC29173A4401F3AE16C51F	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
B30BFE5817EF9BB23EF299E10C210C31	- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -	NVIDIA 3D Vision
CB2DB588335669AA88076DE419B2964B	- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -	NVIDIA 3D VISION
586FDC4E02623EE228EC35B9604AE5F2	- C:\Users\gebruiker\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll -	Google Update
711A2E6A55EC7BFD59B5F649D58B704B	- C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll -	Silverlight Plug-In
1A02FC0F35E1236136A2AF0BAE2D1A0E	- C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll -	Foxit Reader Plugin for Mozilla
6F4F3E329FCD6CD3FE5D899C902F5611	- C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
21A55BABD31DA624449F06A591AE73ED	- C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll -	Microsoft (R) Silverlight
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\system32\npmproxy.dll -	Microsoft® Windows® Operating System