Zoek.exe Version 4.0.0.4 Updated 31-08-2013 Tool run by tomas on za 07/09/2013 at 10:50:47,73. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\tomas\Bureaublad\zoek\zoek.exe [Script inserted] ==== System Restore Info ====================== 7/09/2013 10:51:32 Zoek.exe System Restore Point Created Succesfully. ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2013-09-02 17:25:28 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2013-09-02 17:25:28 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2013-09-02 17:25:28 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2013-09-02 17:25:28 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2013-09-02 17:25:28 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe ====== C:\DOCUME~1\tomas\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== 2013-09-02 10:10:25 1D9B3568CFDB55316985A053D6D96030 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll ====== C:\WINDOWS\system32\drivers ===== 2013-09-02 09:52:08 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-09-02 10:11:51 -------- d-----w- C:\Program Files\Trend Micro ======= C: ===== 2013-09-02 17:26:22 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak 2013-09-02 17:26:18 271E9B6A3AEC7BCA63D9231A4B3575C0 261936 --sha-r- C:\cmldr ====== C:\Documents and Settings\tomas\Application Data ====== 2013-09-02 17:25:19 -------- d-----r- C:\Documents and Settings\tomas\Menu Start\Programma's\Systeembeheer 2013-09-02 10:06:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Licenses ====== C:\Documents and Settings\tomas ====== 2013-09-04 10:54:26 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies 2013-09-02 09:49:38 -------- d--h--r- C:\Documents and Settings\tomas\Onlangs geopend ====== C: exe-files == 2013-09-04 16:13:17 514FC42D49F76C16CC1839A6B9D3AC05 1611104 ----a-w- C:\Documents and Settings\tomas\Local Settings\Application Data\Google\Update\Install\{511B10D0-1920-4E4A-A9F6-A82F9D56E11B}\29.0.1547.66_29.0.1547.62_chrome_updater.exe 2013-09-04 16:13:17 514FC42D49F76C16CC1839A6B9D3AC05 1611104 ----a-w- C:\Documents and Settings\tomas\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_29.0.1547.62_chrome_updater.exe 2013-09-02 17:26:17 5F1499F64F80AA219A94A5D945B3836D 610816 ----a-w- C:\cmdcons\autofmt.exe 2013-09-02 17:26:17 3C200120F6E86A1A42EDA2E1E2D17AEC 619008 ----a-w- C:\cmdcons\autochk.exe 2013-09-02 17:25:28 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2013-09-02 17:25:28 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2013-09-02 17:25:28 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2013-09-02 17:25:28 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2013-09-02 17:25:28 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe 2013-09-02 17:24:55 10A146C0DA60B8AF7AD7E39F9963B1A1 5119472 ----a-r- C:\RECYCLER\S-1-5-21-1539208241-3334852489-2779473983-1005\Dc2.exe 2013-09-02 17:14:49 5ACC34DF9A2AF7553684C37E0BFEAE17 368256 ----a-w- C:\Documents and Settings\tomas\Mijn documenten\Downloads\Download_MaxSDDMnew (1).exe 2013-09-02 17:13:24 FB3F7C198ADA3CCB43F01F3E36E4599A 368256 ----a-w- C:\Documents and Settings\tomas\Mijn documenten\Downloads\Download_MaxSDDMnew.exe 2013-09-02 10:07:59 0748E29E764BAC0E7F9E2567D4CECF94 903080 ----a-w- C:\Documents and Settings\tomas\Mijn documenten\Downloads\chromeinstall-7u25.exe 2013-09-02 10:06:12 0EED9CD892F88435BFD1AE41EF6ED60D 119976 ----a-w- C:\Program Files\SpywareBlaster\sburlhelper.exe 2013-09-02 10:06:11 AE13FB6BD8086465217F6A063EC3FCC3 715038 ----a-w- C:\Program Files\SpywareBlaster\unins000.exe 2013-09-02 10:05:47 78130949095E6721B40B50E77C1F1BBC 4095448 ----a-w- C:\Documents and Settings\tomas\Mijn documenten\Downloads\spywareblastersetup50.exe 2013-09-02 09:51:21 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\tomas\Mijn documenten\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-02 09:47:30 096C3277599629BD22AF6959D20774B9 4454952 ----a-w- C:\Documents and Settings\tomas\Mijn documenten\Downloads\ccsetup405.exe === C: other files == 2013-09-04 11:04:34 D7B842F8E99848C71BEFB062B9B22070 3754639 ----a-w- C:\RECYCLER\S-1-5-21-1539208241-3334852489-2779473983-1005\Dc5.zip 2013-09-02 09:52:08 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-1539208241-3334852489-2779473983-1005\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RTHDCPL"="RTHDCPL.EXE" "PrintDisp"="C:\WINDOWS\system32\PrintDisp.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleUpdate" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\tomas\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\McAfeeUpdaterUI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UdaterUI" "hkey"="HKLM" "command"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" ==== Startup Folders ====================== 2007-07-27 13:55:42 1757 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk 2008-04-14 09:35:21 1731 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk 2011-02-23 14:42:29 1030 ----a-w- C:\Documents and Settings\tomas\Menu Start\Programma's\Opstarten\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/08/2013 13:07] C:\WINDOWS\tasks\avast\Undetermined Task.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/03/2010 16:27] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/03/2010 16:27] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1539208241-3334852489-2779473983-1005Core.job --a------ C:\Documents and Settings\tomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [18/12/2008 16:01] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1539208241-3334852489-2779473983-1005UA.job --a------ C:\Documents and Settings\tomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [18/12/2008 16:01] ==== Chrome Look ====================== Brushed - tomas - Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg Dots - tomas - Default\Extensions\gliedaffibdnbhbiaolgkdhhfbjgmhgi Card number - tomas - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== EOF on za 07/09/2013 at 10:52:58,06 ======================