Zoek.exe Version 4.0.0.5 Updated 14-November-2013 Tool run by Beheerder on za 16-11-2013 at 20:15:26,50. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\test\zoek\zoek.exe [Script inserted] ==== System Restore Info ====================== 16-11-2013 20:16:17 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\ProgramData\Babylon deleted successfully C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} deleted successfully C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} deleted successfully C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} deleted successfully C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully C:\Users\Beheerder\AppData\Roaming\WinRAR deleted successfully C:\Users\Beheerder\AppData\Local\GHISLER deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC4E693F-9E8F-4A54-8212-F59BDBAA30BE} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wajamupdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.id", "483c6043000000000000ac8112407ca4"); user_pref("extensions.BabylonToolbar.instlDay", "15688"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=483c6043000000000000ac8112407ca4&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9"); user_pref("extensions.BabylonToolbar_i.excTlbr", false); user_pref("extensions.BabylonToolbar_i.newTab", false); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.921:24:34"); ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=483c6043000000000000ac8112407ca4&q="); user_pref("extensions.BabylonToolbar.id", "483c6043000000000000ac8112407ca4"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.instlDay", "15688"); user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.921:24:34"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar_i.excTlbr", false); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar_i.newTab", false); ---- Lines babsrc removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.claro-search.com/?affID=117423&tt=5012_4&babsrc=NT_ss&mntrId=483c6043000000000000ac8112407ca4"); ---- Lines claro removed from prefs.js ---- user_pref("extensions.claro.admin", false); user_pref("extensions.claro.aflt", "babsst"); user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); user_pref("extensions.claro.dfltLng", "en"); user_pref("extensions.claro.excTlbr", false); user_pref("extensions.claro.id", "483c6043000000000000ac8112407ca4"); user_pref("extensions.claro.instlDay", "15688"); user_pref("extensions.claro.instlRef", "sst"); user_pref("extensions.claro.prdct", "claro"); user_pref("extensions.claro.prtnrId", "claro"); user_pref("extensions.claro.tlbrId", "claro"); user_pref("extensions.claro.tlbrSrchUrl", ""); user_pref("extensions.claro.vrsn", "1.8.3.10"); user_pref("extensions.claro.vrsni", "1.8.3.10"); user_pref("extensions.claro_i.smplGrp", "none"); user_pref("extensions.claro_i.vrsnTs", "1.8.3.1022:44:18"); ---- Lines claro removed from user.js ---- user_pref("extensions.claro.tlbrSrchUrl", ""); user_pref("extensions.claro.id", "483c6043000000000000ac8112407ca4"); user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); user_pref("extensions.claro.instlDay", "15688"); user_pref("extensions.claro.vrsn", "1.8.3.10"); user_pref("extensions.claro.vrsni", "1.8.3.10"); user_pref("extensions.claro_i.vrsnTs", "1.8.3.1022:44:18"); user_pref("extensions.claro.prtnrId", "claro"); user_pref("extensions.claro.prdct", "claro"); user_pref("extensions.claro.aflt", "babsst"); user_pref("extensions.claro_i.smplGrp", "none"); user_pref("extensions.claro.tlbrId", "claro"); user_pref("extensions.claro.instlRef", "sst"); user_pref("extensions.claro.dfltLng", "en"); user_pref("extensions.claro.excTlbr", false); user_pref("extensions.claro.admin", false); ---- Lines wajam removed from prefs.js ---- user_pref("extensions.wajam.affiliate_id", "6334"); user_pref("extensions.wajam.firstrun", "false"); user_pref("extensions.wajam.log_send_info", "false"); user_pref("extensions.wajam.no_trace", "false"); user_pref("extensions.wajam.server_current_mapping_version", "0.21087"); user_pref("extensions.wajam.trace_log", ""); user_pref("extensions.wajam.unique_id", "85431C8A3D8592BFCE418A0C7AE4BBC8"); user_pref("extensions.wajam.user_current_mapping_version", "0"); user_pref("extensions.wajam.version", "1.26"); ---- Lines wajam modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure S ---- FireFox user.js and prefs.js backups ---- user_16-11-2013_2022_.backup prefs_16-11-2013_2022_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} not found C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} not found C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} not found C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Claro LTD deleted C:\PROGRA~2\Driver-Soft deleted C:\PROGRA~2\Wajam deleted C:\PROGRA~2\Conduit deleted C:\Users\Beheerder\AppData\Roaming\Babylon deleted C:\Users\Beheerder\AppData\Roaming\OpenCandy deleted C:\Users\Beheerder\AppData\Roaming\Claro deleted C:\ProgramData\BrowserProtect deleted C:\ProgramData\AVG Secure Search deleted C:\Users\Beheerder\AppData\Local\Wajam deleted C:\Users\Beheerder\AppData\Local\AVG Secure Search deleted C:\Users\Beheerder\AppData\Local\Conduit deleted C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl deleted C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data deleted C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam deleted C:\Users\Beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect deleted C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9} deleted C:\Users\Beheerder\AppData\LocalLow\Claro LTD deleted C:\Users\Beheerder\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\Beheerder\AppData\LocalLow\AVG Secure Search deleted C:\Users\Beheerder\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\user.js deleted C:\END deleted C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default\searchplugins\babylon1.xml deleted C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default\searchplugins\avg-secure-search.xml deleted C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default\bProtector_extensions.sqlite deleted C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default\bProtector_prefs.js deleted "C:\Windows\Installer\2e5c1.msi" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.1.2" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.1.2" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\BEHEER~1\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-11-13 18:36:41 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 18:36:41 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-11-13 18:36:40 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-11-13 18:36:40 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 18:36:40 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 18:36:40 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-11-13 18:36:39 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-11-13 18:36:38 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 18:36:38 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-11-13 18:36:37 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-11-13 18:36:37 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-11-13 18:36:35 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 18:36:35 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-11-13 18:36:33 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-11-13 18:36:29 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-11-13 16:43:56 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-11-13 16:43:24 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-11-13 16:43:24 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll 2013-11-13 16:43:24 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 16:43:02 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-11-13 16:43:01 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 16:43:01 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-11-13 16:43:01 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-11-13 16:42:53 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2013-11-13 16:42:51 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 16:42:51 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-13 18:36:41 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-11-13 18:36:41 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-11-13 18:36:40 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-11-13 18:36:40 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-11-13 18:36:40 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-11-13 18:36:40 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-11-13 18:36:40 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-11-13 18:36:39 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-11-13 18:36:38 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-11-13 18:36:38 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-11-13 18:36:37 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-11-13 18:36:36 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-11-13 18:36:36 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-11-13 18:36:34 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-11-13 18:36:32 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-11-13 18:36:32 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-11-13 16:43:56 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-11-13 16:43:25 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll 2013-11-13 16:43:24 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll 2013-11-13 16:43:24 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll 2013-11-13 16:43:02 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-11-13 16:43:02 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-11-13 16:43:01 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-11-13 16:43:01 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-11-13 16:43:01 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-11-13 16:43:01 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-11-13 16:43:01 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-11-13 16:42:53 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2013-11-13 16:42:52 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2013-11-13 16:42:51 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2013-11-13 16:42:51 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll ====== C:\Windows\Sysnative\drivers ===== 2013-11-13 16:43:27 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-13 16:43:02 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-13 16:43:02 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-13 16:43:02 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2013-10-28 21:50:24 E91DA76A97285D09F33104639347C4FF 2770 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2013-10-27 19:56:16 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe-online actualiseringsprogramma ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-16 09:34:32 -------- d-----w- C:\Program Files\trend micro 2013-10-26 19:19:13 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== 2013-10-27 19:48:19 -------- d-----w- C:\PROGRA~2\TuneUp Utilities 2013 2013-10-26 21:09:22 -------- d-----w- C:\PROGRA~2\TeamViewer 2013-10-25 19:57:18 -------- d-----w- C:\PROGRA~2\Spotnet ======= C: ===== ====== C:\Users\Beheerder\AppData\Roaming ====== 2013-11-06 20:11:41 68EF565C26BFCD04B8C8D16C56B9F9DC 330496 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2013-10-27 21:44:16 27FEE8B289CED629D73EE35E727BB97F 109280 ----a-w- C:\Users\Beheerder\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-27 20:21:48 -------- d-----w- C:\Users\Beheerder\AppData\Roaming\AVG2013 2013-10-27 20:21:38 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2013 2013-10-27 20:21:22 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2013 2013-10-27 20:18:14 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013 2013-10-27 20:14:36 -------- d-----w- C:\Users\Beheerder\AppData\Local\Avg2013 2013-10-26 21:02:13 -------- d-----w- C:\Users\Beheerder\AppData\Roaming\TeamViewer 2013-10-25 20:02:13 -------- d-----w- C:\Users\Beheerder\AppData\Local\Spotnet ====== C:\Users\Beheerder ====== 2013-10-28 20:55:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2013-10-27 20:18:44 -------- d-----w- C:\ProgramData\AVG2013 2013-10-27 19:48:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 2013-10-26 23:11:32 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Desktop 2013-10-26 19:19:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2013-10-26 11:14:49 -------- d-----w- C:\ProgramData\HitmanPro 2013-10-25 19:57:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet 2013-10-25 19:57:18 -------- d-----w- C:\ProgramData\Spotnet ====== C: exe-files == 2013-11-16 15:05:51 53502C685FE56B5FE25507EF951E0779 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\Installer\setup.exe 2013-11-16 15:05:50 636D97B3BAF854511FF3F4093E895FED 863184 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe 2013-11-16 15:05:47 EBE4C8AF3BA71159C4B80606D0078D0B 83408 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\chrome_frame_helper.exe 2013-11-16 15:05:47 B7CD51AEC29B1099BB1F3C6A4644A941 123856 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\chrome_launcher.exe 2013-11-16 15:05:47 9A482844F61B84CD6E33786CE2845437 1869776 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\nacl64.exe 2013-11-16 15:05:47 6E4AC033DB70872566D5C897408D371D 1494992 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\delegate_execute.exe 2013-11-16 15:00:05 1A7C91AC6F14EBB22688704A13DC8D17 12598112 ----a-w- C:\Program Files (x86)\Google\Update\Install\{01C9D416-FFD1-47FE-AEEC-2BEB8C501871}\31.0.1650.57_30.0.1599.101_chrome_updater.exe 2013-11-16 15:00:05 1A7C91AC6F14EBB22688704A13DC8D17 12598112 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_30.0.1599.101_chrome_updater.exe 2013-11-16 09:34:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Beheerder.exe 2013-11-15 21:23:04 70D09276FE2AAA808813399245A2F493 1542696 ----a-w- C:\Windows\Temp\contentDATs.exe 2013-11-13 18:36:40 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-11-13 18:36:40 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 18:36:40 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-11-13 18:36:39 D7D5768B8A697FCBAEE2CFE137070F02 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-11-13 18:36:39 39D0074C59F6D1A62731942C7FA8B60B 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-11-13 16:43:01 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe === C: other files == 2013-11-16 15:05:43 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\default_apps\youtube.crx 2013-11-16 15:05:43 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\default_apps\search.crx 2013-11-16 15:05:43 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\default_apps\drive.crx 2013-11-16 15:05:43 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\default_apps\gmail.crx 2013-11-16 15:05:43 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\default_apps\docs.crx 2013-11-13 16:43:27 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-13 16:43:02 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-11-13 16:43:02 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-11-13 16:43:02 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}"="C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\h0o3moe3.default - Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dcillohgikpecbmgioknapdpcjofaafl - C:\Users\Beheerder\AppData\Roaming\Claro\claro.crx[] jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Beheerder\AppData\Local\Wajam\Chrome\wajam.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx[] pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[] Wajam - Beheerder - Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp AVG Secure Search - Beheerder - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Chrome In-App Payments service - Beheerder - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda BrowserProtect - Beheerder - Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph ==== Chrome Fix ====================== C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\mozilla\Firefox\Extensions\{58bd07eb-0ee0-4df0-8121-dc9b693373df} deleted successfully HKEY_USERS\S-1-5-21-3116998117-3608917340-3632595343-1000\Software\mozilla\Firefox\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BEHEER~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 16-11-2013 at 20:28:12,34 ======================