Zoek.exe v5.0.0.0 Updated 24-07-2014 Tool run by user on do 24/07/2014 at 16:11:52,66. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\user\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 24/07/2014 16:12:42 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\Philips deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\user\AppData\Roaming\Malwarebytes deleted successfully C:\Users\user\AppData\Roaming\Philips deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully C:\Users\user\AppData\Local\Bundled software uninstaller deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} deleted successfully HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} deleted successfully HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Deal Keeper deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Deal Keeper deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "AnyProtect Scanner"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\AnyProtectEx not found C:\Program Files (x86)\DVDVideoSoftTB deleted C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys deleted C:\ProgramData\Systweak deleted C:\Users\user\AppData\Roaming\Systweak deleted "C:\Windows\tasks\APSnotifierPP1.job" deleted "C:\Windows\tasks\APSnotifierPP2.job" deleted "C:\Windows\tasks\APSnotifierPP3.job" deleted "C:\windows\SysNative\roboot64.exe" deleted "C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" deleted "C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe" deleted "C:\Program Files (x86)\Deal Keeper" not deleted "C:\Program Files (x86)\Deal Keeper\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\user\AppData\Local\Temp ==== 2014-07-22 16:43:05 C360C9543007AEED2F770E3A51F2A769 8217344 ----a-w- C:\Users\user\AppData\Local\Temp\SettingsManagerSetup.exe 2014-07-22 16:26:30 8DC8286FAB0193AF701D8A5FB85ED6D6 17202688 ----a-w- C:\Users\user\AppData\Local\Temp\BeidMW.msi 2014-07-22 16:26:30 639C0F8172702E3E88723681579B2642 18949120 ----a-w- C:\Users\user\AppData\Local\Temp\BeidMW64.msi 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\user\AppData\Local\Temp\is45637729\1837474_stp\AnyProtectScannerSetup.exe 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\user\AppData\Local\Temp\is45637729\166456_stp\AnyProtectScannerSetup.exe 2014-07-22 09:24:54 7D6D3F6855244014A620FD0334B8D924 582416 ------w- C:\Users\user\AppData\Local\Temp\is45637729\1837608_stp\dealkeeper1.exe 2014-07-17 09:20:38 D2636B799F84EE34B850C4C44CABBF2E 4312648 ------w- C:\Users\user\AppData\Local\Temp\is45637729\1837600_stp\rcpsetup_adppi12_adppi12.exe ====== Java Cache ===== 2014-07-24 14:07:57 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-6556df16 2014-07-24 14:07:52 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6b69a51f 2014-07-24 14:07:52 306C6E2DC3EEC5967158E134FE9AF9DE 100 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-07-24 14:07:51 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-1b677796 2014-07-24 14:07:52 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-6cea9f42 ====== C:\Windows\SysWOW64 ===== 2014-07-24 14:06:49 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-07-24 14:06:44 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-07-24 14:06:44 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-07-24 14:06:44 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-07-22 16:23:45 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2014-07-09 09:56:18 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2014-07-01 09:11:17 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-07-01 09:10:46 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-07-01 09:10:46 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys ====== C:\Windows\Tasks ====== 2014-07-22 17:32:22 66B0630FAF2D43D1E2838BA94617DE43 3314 ----a-w- C:\Windows\Sysnative\Tasks\ASP ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-23 18:46:10 -------- d-----w- C:\Program Files\trend micro 2014-07-22 16:27:11 -------- d-----w- C:\Program Files\DIFX ======= C:\PROGRA~2 ===== 2014-07-24 14:07:06 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-07-24 14:06:28 -------- d-----w- C:\PROGRA~2\Java 2014-07-22 17:32:39 -------- d-----w- C:\PROGRA~2\Deal Keeper 2014-07-22 16:26:38 -------- d-----w- C:\PROGRA~2\Belgium Identity Card ======= C: ===== ====== C:\Users\user\AppData\Roaming ====== 2014-07-24 14:00:02 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun 2014-07-22 17:33:15 333C5960CD3F84F40F0ABC7F097FEA7C 322 ----a-w- C:\Users\user\AppData\Roaming\aps.uninstall.scan.results 2014-07-22 17:32:35 93B3D9FDB32A28260024803369E1F6F7 575783 ----a-w- C:\Users\user\AppData\Local\AnyProtectScannerSetup.exe 2014-07-22 16:47:25 -------- d-----w- C:\Users\user\AppData\Locallow\DataMngr 2014-07-22 16:45:35 -------- d-----w- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-07-22 16:45:34 -------- d-----w- C:\Users\user\AppData\Roaming\VOPackage ====== C:\Users\user ====== 2014-07-24 14:06:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-24 13:57:27 9059B92D1FC80382BE836A75040EFCBF 918440 ----a-w- C:\Users\user\Downloads\JavaSetup7u65.com 2014-07-22 16:27:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID ====== C: exe-files == 2014-07-24 14:06:49 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-07-24 14:06:44 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-07-24 14:06:44 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-07-24 14:06:35 91B7F0DA8B6C52096CFD8B738F3D3D24 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe 2014-07-24 14:06:35 04390E59F4EA447B05B3B31DA4CB23FF 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe 2014-07-24 14:06:34 CBBC0857D6E677362AADD3C54FFD6E50 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe 2014-07-24 14:06:34 992B9F82FE3364B1DE57DD1FA09DC590 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe 2014-07-24 14:06:34 74F08806423063B1ABD3B79958DA8B22 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe 2014-07-24 14:06:34 51CCA1D8C86EEDD01E962F54AD0A40A3 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe 2014-07-24 14:06:34 24A247CB63FE3A5DEC8E1070F9D49ECE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe 2014-07-24 14:06:34 131EE1B71F6F770AB6820FD383BC184E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe 2014-07-24 14:06:34 09AD1CE65816D427E12A564A24F3FE11 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe 2014-07-24 14:06:33 9538F45F86C30E9AB73E9159BA55FE2B 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe 2014-07-24 14:06:33 7EF928D407D281E66C248AC323995F6E 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe 2014-07-24 14:06:33 731F0F68BD4B24C96539E7041162F4B5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe 2014-07-24 14:06:33 550D282FDE001860D09544DCE6F3B218 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe 2014-07-24 14:06:32 F67B94393ADB74B6616CFEECD1171EFE 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 2014-07-24 14:06:32 A980296E1EC9921356F0D8AD06A6EF9C 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe 2014-07-24 14:06:32 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe 2014-07-24 14:06:32 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe 2014-07-24 14:06:32 4A9C9EB33EC6779E2B8A1CDAB6B22E75 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe 2014-07-24 14:06:31 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe 2014-07-24 14:06:31 C626BC51E0149090DDBA9A98C5E27689 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe 2014-07-24 14:06:31 6A81137F68B0A8815B9BE3BE11F29CCE 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe 2014-07-24 14:05:29 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\jre1.7.0_65\lzma.exe 2014-07-23 18:46:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\user.exe 2014-07-23 10:39:11 9F04C8F41F522F8CB233B436E2B420B3 919936 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\Downloads\RegHunter_Web_Setup.exe.exe 2014-07-23 10:09:04 ACAB828B684B2435BAEAF54BE99EC4E2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4106771238-2743045684-2386013679-1000\$IDXS83P.exe 2014-07-22 17:32:35 93B3D9FDB32A28260024803369E1F6F7 575783 ----a-w- C:\Users\user\AppData\Local\AnyProtectScannerSetup.exe 2014-07-22 16:45:46 7290B6906102D42F12865E1EEEC4C82C 71680 ----a-w- C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe 2014-07-22 16:45:46 6E0E447E97638789AD7E918C6E5402D4 48640 ----a-w- C:\Users\user\AppData\Roaming\VOPackage\runasu.exe 2014-07-22 16:45:34 F95CE3CD865D69BAB740DF595E927CC4 288344 ----a-w- C:\Users\user\AppData\Roaming\VOPackage\VOPackage.exe 2014-07-22 16:45:34 F3DB3A0502D2CCA2052BF6BE9F57FE17 118847 ----a-w- C:\Users\user\AppData\Roaming\VOPackage\Uninstall.exe 2014-07-22 16:43:05 C360C9543007AEED2F770E3A51F2A769 8217344 ----a-w- C:\Users\user\AppData\Local\Temp\SettingsManagerSetup.exe 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\user\AppData\Local\Temp\is45637729\1837474_stp\AnyProtectScannerSetup.exe 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\user\AppData\Local\Temp\is45637729\166456_stp\AnyProtectScannerSetup.exe 2014-07-22 09:24:54 7D6D3F6855244014A620FD0334B8D924 582416 ------w- C:\Users\user\AppData\Local\Temp\is45637729\1837608_stp\dealkeeper1.exe === C: other files == 2014-07-24 14:13:36 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JWALPO3\java[1].com 2014-07-24 14:06:35 C17BF24D0FEB42E51B0C961030CB5F36 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip 2014-07-24 13:57:27 9059B92D1FC80382BE836A75040EFCBF 918440 ----a-w- C:\Users\user\Downloads\JavaSetup7u65.com 2014-07-24 13:56:48 9059B92D1FC80382BE836A75040EFCBF 918440 ----a-w- C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZDADFFO\JavaSetup7u65.com 2014-07-22 16:26:30 C1F1650DA495D8957E83608F8BE613A5 61312 ----a-w- C:\drivers\SPR3322K.sys 2014-07-22 16:26:30 2DD63DBA58D76D3B500EEC1EF77B97EC 43392 ----a-w- C:\drivers\apg8201z.sys 2014-07-22 16:26:30 2825E0E294686A26506690059E1F437A 29184 ----a-w- C:\drivers\usbccid.sys 2014-07-22 16:26:30 0F39961D10D4DE80C95BE441E42D9C23 50688 ----a-w- C:\drivers\apg8201zx64.sys 2014-07-22 16:26:29 B871A8F6396ECC620766F20E3A120857 57984 ----a-w- C:\drivers\SCR3XX2K.sys 2014-07-22 16:26:29 B2FB0404BFA484BFA5D9A2BE7C0C809C 172544 ----a-w- C:\drivers\cxbu0x64.sys 2014-07-22 16:26:29 888DFE4137F626CEA9CCE3BD47941B64 44672 ----a-w- C:\drivers\a38usbx64.sys 2014-07-22 16:26:29 8378A77DFAF832A7ACBE90F59066FF9A 14080 ----a-w- C:\drivers\acr38svr.sys 2014-07-22 16:26:29 5F92E1E98EC2F4E6FE13D19AA3E24AD7 37632 ----a-w- C:\drivers\a38usb.sys 2014-07-22 16:26:29 258D95A50AC8EF725E114C92FA3A38AA 71680 ----a-w- C:\drivers\S332x64.sys 2014-07-22 16:26:29 1BAACB69DC6C99FA6B249EF27D4642ED 68608 ----a-w- C:\drivers\S3XXx64.sys 2014-07-22 16:26:29 0FA03F53C0A635513F34B3D85BA1D361 17674 ----a-w- C:\drivers\a38usb98.sys 2014-07-22 16:26:29 0284C94FC495D8D08DF24C18994C1662 114304 ----a-w- C:\drivers\cxbu0wdm.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4106771238-2743045684-2386013679-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /nosplash /minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /nosplash /minimized" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Folders ====================== 2012-01-05 10:58:42 1239 ----a-w- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/07/2014 15:46] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASP" ["C:\Program Files (x86)\RegClean Pro\SystweakASP.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\SomotoUpdateCheckerAutoStart" [C:\Users\user\AppData\Local\FilesFrog Update Checker\update_checker.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\user\AppData\Roaming\Philips-Songbird\Profiles\pydc7b4y.default - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\7digital@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com - Dutch nl Language Pack - %ProfilePath%\extensions\langpack-nl@songbirdnest.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chrome Look ====================== Google Drive - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=63 folders=14 173854475 bytes) ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Deal Keeper" not found ==== EOF on do 24/07/2014 at 16:20:11,85 ======================