Zoek.exe v5.0.0.0 Updated 21-05-2014 Tool run by admin on wo 21/05/2014 at 18:46:48,62. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\admin\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 21/05/2014 18:55:05 Zoek.exe System Restore Point Created Succesfully. ==== Possible Rootkit Infection ====================== C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}\L C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}\U C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}\@ ==== Empty Folders Check ====================== C:\Program Files\ALDI Foto Service deleted successfully C:\Program Files\Bulk Rename Utility deleted successfully C:\Program Files\Gabest deleted successfully C:\Program Files\iOrgSoft deleted successfully C:\Program Files\trend micro deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\WinZip deleted successfully C:\Users\admin\AppData\Roaming\Samsung deleted successfully C:\Users\admin\AppData\Roaming\Test-A deleted successfully C:\Users\admin\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rstbs6x3.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.id", "ace670bf0000000000000007ca06517e"); user_pref("extensions.BabylonToolbar.instlDay", "15699"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=ace670bf0000000000000007ca06517e&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=116632&tt=5212_8"); user_pref("extensions.BabylonToolbar_i.excTlbr", false); user_pref("extensions.BabylonToolbar_i.newTab", false); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=17425&tt=3912_8&babsrc=NT_def"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.217:38:37"); ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=ace670bf0000000000000007ca06517e&q="); user_pref("extensions.BabylonToolbar.id", "ace670bf0000000000000007ca06517e"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.instlDay", "15699"); user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.217:38:37"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar_i.excTlbr", false); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=116632&tt=5212_8"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar_i.newTab", false); ---- Lines Search removed from prefs.js ---- user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); ---- Lines mybrowserbar modified from prefs.js ---- user_pref("extensions.enabledItems", "{3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1912,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016- ---- FireFox user.js and prefs.js backups ---- user_20142105_1913_.backup prefs_20142105_1913_.backup ProfilePath: C:\Users\admin\AppData\Roaming\TomTom\HOME\Profiles\u52k2ok5.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20142105_1913_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- ""=- "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== "AVG Security Toolbar - C:\Program Files\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll" not found C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\vShare deleted C:\Users\admin\AppData\Roaming\GoforFiles deleted C:\Users\admin\AppData\Roaming\GetRightToGo deleted C:\PROGRA~2\AVG January 2013 Campaign deleted C:\PROGRA~2\AVG Secure Search deleted C:\PROGRA~2\Tarma Installer deleted C:\Users\admin\AppData\Local\AVG Secure Search deleted C:\Users\admin\AppData\Local\SwvUpdater deleted C:\Users\admin\AppData\LocalLow\AVG Secure Search deleted C:\Users\admin\AppData\LocalLow\vShare deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\system32\tasks\Go for FilesUpdate deleted C:\Windows\tasks\ROC_REG_JAN_DELETE.job deleted C:\Windows\system32\tasks\ROC_REG_JAN_DELETE deleted C:\Windows\system32\Tasks\GoforFilesUpdate deleted C:\user.js deleted C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rstbs6x3.default\searchplugins\babylon1.xml deleted C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rstbs6x3.default\extensions\firefox@kozaka.net.xpi deleted C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rstbs6x3.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted "C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}\@" deleted "C:\Program Files\GoforFiles\GFFUpdater.exe" deleted "C:\Program Files\GoforFiles\htmlayout.dll" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll" deleted "C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}" deleted "C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}\L" deleted "C:\Users\admin\AppData\Local\{14c22d02-b022-6df7-dc20-49d0f2fc3f0e}\U" deleted "C:\Program Files\GoforFiles" deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\admin\AppData\Local\Temp ==== 2014-05-16 16:34:16 C7613503E8FE311D1DAA9A61E384C1F8 10094400 ----a-w- C:\Users\admin\AppData\Local\temp\HitmanPro.exe ====== Java Cache ===== 2014-05-21 16:36:12 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-3fc7c845 2014-05-21 16:36:01 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-2c264dac 2014-05-21 16:36:01 5CEA5DB03D63BB64F8B0298020EB5BFC 425 ----a-w- C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-05-21 16:35:59 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-3d420dbb 2014-05-21 16:36:02 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-73cda7cc ====== C:\Windows\system32 ===== 2014-05-21 16:34:38 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-05-21 16:33:47 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-05-21 16:33:47 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe 2014-05-21 16:33:47 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-05-15 05:54:44 202F1B15130E696EA7F31E0F52BFF621 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2014-05-15 05:54:42 41F1636BDCF4D06D716DC77E436677E1 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-15 05:54:42 0E468A0C51460D8DA3DF9B782275F1DB 12347392 ----a-w- C:\Windows\System32\mshtml.dll 2014-05-14 11:37:18 8C4836F71F2DB629A99CF5A774594C66 11587584 ----a-w- C:\Windows\System32\shell32.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-21 16:34:45 -------- d-----w- C:\Program Files\Common Files\Java 2014-05-21 16:33:24 -------- d-----w- C:\Program Files\Java 2014-05-15 05:57:41 -------- d-----w- C:\Program Files\Common Files\DESIGNER ======= C: ===== ====== C:\Users\admin\AppData\Roaming ====== ====== C:\Users\admin ====== 2014-05-21 16:33:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-21 16:30:14 92DF65EF28BD86A2EA4506310A76F9ED 921512 ----a-w- C:\Users\admin\Desktop\JavaSetup7u55.exe 2014-05-20 21:10:59 A4582C5BD9BD59F4C54F238CCEC68404 921512 ----a-w- C:\Users\admin\Downloads\jxpiinstall.exe 2014-05-20 18:10:19 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\admin\Desktop\RSIT.exe ====== C: exe-files == 2014-05-21 16:34:38 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\System32\javaws.exe 2014-05-21 16:33:47 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\System32\java.exe 2014-05-21 16:33:47 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-05-21 16:33:32 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-05-21 16:33:32 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-05-21 16:33:31 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-05-21 16:33:31 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-05-21 16:33:31 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-05-21 16:33:31 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-05-21 16:33:31 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-05-21 16:33:31 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-05-21 16:33:31 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-05-21 16:33:30 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-05-21 16:33:30 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-05-21 16:33:30 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-05-21 16:33:30 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-05-21 16:33:30 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-05-21 16:33:30 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-05-21 16:33:29 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-05-21 16:33:29 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-05-21 16:33:29 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-05-21 16:33:29 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-05-21 16:33:29 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-05-21 16:33:29 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-05-21 16:31:57 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\admin\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe 2014-05-21 16:30:14 92DF65EF28BD86A2EA4506310A76F9ED 921512 ----a-w- C:\Users\admin\Desktop\JavaSetup7u55.exe 2014-05-20 21:10:59 A4582C5BD9BD59F4C54F238CCEC68404 921512 ----a-w- C:\Users\admin\Downloads\jxpiinstall.exe 2014-05-20 18:10:19 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\admin\Desktop\RSIT.exe 2014-05-16 16:34:16 C7613503E8FE311D1DAA9A61E384C1F8 10094400 ----a-w- C:\Users\admin\AppData\Local\temp\HitmanPro.exe 2014-05-15 17:12:21 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe === C: other files == 2014-05-21 16:33:33 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "RtHDVCpl"="RtHDVCpl.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "beidsystemtray"="C:\Program Files\Belgium Identity Card\beidsystemtray.exe" "setc"="C:\Program Files\MySecurityCenter\Programs\setc.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\browse~1\\251005~1.80\\{c16c1~1\\browse~1.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acrobat Assistant 8.0" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\Acrotray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acronis Scheduler2 Service" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcronisTimounterMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AcronisTimounterMonitor" "hkey"="HKLM" "command"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Acrobat Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Acrobat Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\Acrobat_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS5.5ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AppleSyncNotifier" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoStartNPSAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AutoStartNPSAgent" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroFilterCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrueImageMonitor.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UVS10 Preload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UVS10 Preload" "hkey"="HKLM" "command"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio SE DVD\\uvPL.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Mobile Device Center" "hkey"="HKLM" "command"="%windir%\\WindowsMobile\\wmdc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\MCAFEE~1\\30C8C1~1.271\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk" "backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "path"="C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 20:09] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [20/12/2010 12:58] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [20/12/2010 12:58] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 1050 J410 series" ["C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [30/06/2013 17:58] ==== Firefox Extensions ====================== ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rstbs6x3.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ProfilePath: C:\Users\admin\AppData\Roaming\TomTom\HOME\Profiles\u52k2ok5.default - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rstbs6x3.default A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash 785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update 01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect 8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight 41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.deredactie.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.deredactie.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-980913775-1571781051-1477424493-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload deleted successfully ==== Empty IE Cache ====================== C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\rstbs6x3.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=494 folders=192 187419387 bytes) ==== Empty Temp Folders ====================== C:\Users\admin\AppData\Local\temp will be emptied at reboot C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\admin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found ==== EOF on wo 21/05/2014 at 19:44:38,72 ======================