
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by bertkatrien on ma 02/06/2014 at 22:44:11,54.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\bertkatrien\Bureaublad\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

2/06/2014 22:47:38 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\AVS4YOU deleted successfully
C:\Program Files\Elaborate Bytes deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\MyFree Codec deleted successfully
C:\Program Files\Network Associates deleted successfully
C:\Program Files\Optimizer Pro deleted successfully
C:\Program Files\Samsung deleted successfully
C:\Program Files\SlySoft deleted successfully
C:\Program Files\Standaard deleted successfully
C:\Program Files\WinAVI deleted successfully
C:\Program Files\Zylom Games deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Big Fish Games deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonEPP deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJEPPEX2 deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\Documents and Settings\bertkatrien\Application Data\AccurateRip deleted successfully
C:\Documents and Settings\bertkatrien\Application Data\Canon Easy-WebPrint EX deleted successfully
C:\Documents and Settings\bertkatrien\Application Data\Lite deleted successfully
C:\Documents and Settings\bertkatrien\Application Data\passport_photo deleted successfully
C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully
C:\Documents and Settings\Lore en Koen\Application Data\Canon Easy-WebPrint EX deleted successfully
C:\Documents and Settings\NetworkService\Application Data\Apple Computer deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files deleted successfully
C:\Documents and Settings\bertkatrien\Local Settings\Application Data\WMTools Downloaded Files deleted successfully
C:\Documents and Settings\Default User\Local Settings\Application Data\WMTools Downloaded Files deleted successfully
C:\Documents and Settings\Lore en Koen\Local Settings\Application Data\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\crossriderapp498@crossrider.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\crossriderapp498@crossrider.com deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Optimizer Pro not found
C:\Documents and Settings\All Users\Application Data\144597c31676fe4c deleted
C:\Documents and Settings\All Users\Application Data\topbuyeR deleted
C:\Program Files\Common Files\DVDVideoSoft deleted
C:\Documents and Settings\bertkatrien\Application Data\DVDVideoSoft deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-05-26 21:42:36	0B5A0005C0BDF4A05174576AF80DEA04	43152	----a-w-	C:\WINDOWS\avastSS.scr
====== C:\DOCUME~1\BERTKA~1\LOCALS~1\Temp ====
2014-05-26 20:28:22	7B2B913BD08C003813CF6A70409C4D19	55880808	----a-w-	C:\Documents and Settings\bertkatrien\Local Settings\Temp\Garmin Software Updates\BaseCamp.exe
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2014-05-27 20:56:45	6EA69D2312F3571F6F8BEADD224165E8	264616	----a-w-	C:\WINDOWS\System32\javaws.exe
2014-05-27 20:56:24	B42338F92D3BDADA79B6BE553E72587C	94632	----a-w-	C:\WINDOWS\System32\WindowsAccessBridge.dll
2014-05-27 20:56:24	9533FE0A942E00114047140B42DF8E3D	175016	----a-w-	C:\WINDOWS\System32\java.exe
2014-05-27 20:56:24	37C15684482B4D596316735DCEEE939A	175528	----a-w-	C:\WINDOWS\System32\javaw.exe
2014-05-26 21:42:46	6A85CD15AB3981ED506CD03F2E6E007F	271264	----a-w-	C:\WINDOWS\System32\aswBoot.exe
====== C:\WINDOWS\system32\drivers =====
2014-05-26 21:42:52	B2D7EE52633CA8831DDAFCA81C2D46C3	180632	----a-w-	C:\WINDOWS\System32\drivers\aswVmm.sys
2014-05-26 21:42:52	AF01CD260A9EF60B09029C9F5EF99040	57672	----a-w-	C:\WINDOWS\System32\drivers\aswTdi.sys
2014-05-26 21:42:51	D1A68A33B082FA1C7087CE54A7923D90	411680	----a-w-	C:\WINDOWS\System32\drivers\aswsp.sys
2014-05-26 21:42:51	D13182758BAC9B4996D592E7684C9267	777488	----a-w-	C:\WINDOWS\System32\drivers\aswsnx.sys
2014-05-26 21:42:51	A148A36F871BFDBF80654D28D6B59FAE	776976	----a-w-	C:\WINDOWS\System32\drivers\aswsnx.sys.1401140716328
2014-05-26 21:42:51	24B3BDA01DB3A704E33A5266C7B52DAF	49944	----a-w-	C:\WINDOWS\System32\drivers\aswRvrt.sys
2014-05-26 21:42:50	4D6C6E0505A8E5A0656DCB223497D37C	24184	----a-w-	C:\WINDOWS\System32\drivers\aswHwid.sys
2014-05-26 21:42:50	1A2CC93BBD77C2D95A7567938D7D7239	67824	----a-w-	C:\WINDOWS\System32\drivers\aswMonFlt.sys
2014-05-26 21:42:49	FFB1BDC9CAF255019D678DB5BEDAF0F0	54832	----a-w-	C:\WINDOWS\System32\drivers\aswrdr.sys
2014-05-26 21:42:49	46B3ABE51856A9F5B2ABBA0221F4C360	54832	----a-w-	C:\WINDOWS\System32\drivers\aswrdr.sys.1401140716328
====== C:\WINDOWS\Tasks ======
2014-05-26 21:44:07	B97B79164B6A852EB9B3A742BEA995AD	374	---ha-w-	C:\WINDOWS\Tasks\avast! Emergency Update.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-05-31 20:26:14	--------	d-----w-	C:\Program Files\Microsoft Windows 7 Upgrade Advisor
======= C: =====
2014-05-04 18:46:52	5B3ABF9C1AA7556C3A36FEA4E695C5D2	4	----a-w-	C:\end
====== C:\Documents and Settings\bertkatrien\Application Data ======
2014-05-31 20:29:21	--------	d-----w-	C:\Documents and Settings\bertkatrien\Local Settings\Application Data\Microsoft Corporation
====== C:\Documents and Settings\bertkatrien ======
2014-05-31 21:36:40	F4BC9F24AB2389F0D18812865157E97A	549426	----a-w-	C:\Documents and Settings\bertkatrien\Bureaublad\WhyIGotInfected.exe
2014-05-25 08:34:39	--------	d-----w-	C:\Documents and Settings\bertkatrien\AppData

====== C: exe-files ==
2014-06-02 16:02:37	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Documents and Settings\bertkatrien\Mijn documenten\Downloads\RSIT (1).exe
2014-06-02 15:59:32	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Documents and Settings\bertkatrien\Mijn documenten\Downloads\RSIT.exe
2014-05-31 21:36:40	F4BC9F24AB2389F0D18812865157E97A	549426	----a-w-	C:\Documents and Settings\bertkatrien\Bureaublad\WhyIGotInfected.exe
2014-05-31 20:23:12	F12FE98405679BDAD148C491D98E5166	38824552	----a-w-	C:\Documents and Settings\bertkatrien\Mijn documenten\Downloads\FileFormatConverters.exe
2014-05-31 20:23:07	E9CFB613C83655A06712EB1989E86BEC	8665360	----a-w-	C:\Documents and Settings\bertkatrien\Mijn documenten\Downloads\Windows7UpgradeAdvisorSetup.exe
2014-05-27 21:11:31	39AFD05EC753BC6032745C3CD81D447B	2973184	------w-	C:\Documents and Settings\All Users\Application Data\FNET\UsbBoost\Uninstall.exe
2014-05-27 20:54:11	3842C46F2FBC7522EF625F1833530804	145408	----a-w-	C:\Documents and Settings\bertkatrien\Application Data\Sun\Java\jre1.7.0_55\lzma.exe
2014-05-26 21:37:01	5360BE8CD6F5181A1B934BD6892A09A7	4796856	----a-w-	C:\Documents and Settings\bertkatrien\Mijn documenten\Downloads\avast_free_antivirus_setup_online.exe
2014-05-26 21:37:01	5360BE8CD6F5181A1B934BD6892A09A7	4796856	----a-w-	C:\Documents and Settings\All Users\Bureaublad\avast_free_antivirus_setup_online.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1310669757-2741214076-3707491104-1008\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"Google Update"="C:\Documents and Settings\bertkatrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"Google Update"="C:\Documents and Settings\bertkatrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\bertkatrien\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OpwareSE4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PinnacleDriverCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^bertkatrien^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
"item"="Registration-InstantCopy"
"path"="C:\\Documents and Settings\\bertkatrien\\Menu Start\\Programma's\\Opstarten\\Registration-InstantCopy.lnk"
"backup"="C:\\WINDOWS\\pss\\Registration-InstantCopy.lnkStartup"
"command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\INSTAN~1\\Pixie\\RegTool.exe"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"Malwarebytes' Anti-Malware"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/11/2009 23:02]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/11/2009 23:02]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1310669757-2741214076-3707491104-1008Core.job --a------ C:\Documents and Settings\bertkatrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [23/10/2011 13:56]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1310669757-2741214076-3707491104-1008UA.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job --a------ C:\WINDOWS\system32\xp_eos.exe [27/02/2014 01:28]
C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job --a------ C:\WINDOWS\system32\xp_eos.exe [27/02/2014 01:28]
C:\WINDOWS\tasks\RegCure Pro.job --a------ C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe []
C:\WINDOWS\tasks\zuluSevenDaysInit.job --a------ C:\Program Files\NCH Software\Zulu\zulu.exe []
C:\WINDOWS\tasks\zuluShakeIcon.job --a------ C:\Program Files\NCH Software\Zulu\zulu.exe []

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [23/10/2009 22:42]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=255 folders=44 157710487 bytes)

==== EOF on ma 02/06/2014 at 22:58:12,68 ======================