
Zoek.exe Version 4.0.0.5 Updated 05-November-2013
Tool run by Administrator on wo 06/11/2013 at  9:01:43,32.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Desktop\zoek\zoek.exe [Script inserted] 

==== Older Logs ======================

C:\zoek-results2013-11-03-182111.log	17788 bytes

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP"="5985:TCP:*:Disabled:Windows Remote Management "
"80:TCP"="80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1828693745-1477894102-373245962-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-

==== Deleting Files \ Folders ======================

C:\DOCUME1\ADMINI1\APPLIC1\BABSOL1 not found
C:\Program Files\LyricsContainer not found
C:\Program Files\Betcat not found
C:\Program Files\WebCake deleted
C:\Documents and Settings\Administrator\Application Data\WebCake deleted
C:\Documents and Settings\Administrator\Application Data\BabSolution deleted
C:\Documents and Settings\Administrator\Application Data\Babylon deleted
C:\Documents and Settings\Administrator\Application Data\Delta deleted
C:\Documents and Settings\All Users\Application Data\Tarma Installer deleted
C:\Documents and Settings\All Users\Application Data\Babylon deleted
C:\Documents and Settings\Administrator\Local Settings\Application Data\avgchrome deleted
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data deleted
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences deleted
C:\Documents and Settings\Administrator\Start Menu\Programs\BitGuard deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\tasks\LyricsContainer Update.job deleted
C:\WINDOWS\tasks\EPUpdater.job deleted
C:\WINDOWS\System32\searchplugins deleted
C:\WINDOWS\System32\Extensions deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ====
2013-11-02 14:47:50	E66E725E10B9CB8A6F5C74D7CA9E98A9	2864096	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Temp\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
2013-11-02 14:47:30	E66E725E10B9CB8A6F5C74D7CA9E98A9	2864096	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Temp\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
2013-11-02 14:47:30	B0709680A86BDD99F968752C9449B809	2735584	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Temp\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
====== Java Cache =====
2013-11-03 15:01:35	415FC9732A3F4D89A0E01251CD66E136	646	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\49a00451-5cdcff27
2013-11-03 15:01:32	415FC9732A3F4D89A0E01251CD66E136	646	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\3d7894d3-4c746080
2013-11-03 19:06:50	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-32e7fa87
====== C:\WINDOWS\system32 =====
2013-11-03 15:01:01	B01416804D89B5EC1D206E6DF542DFAB	145408	----a-w-	C:\WINDOWS\System32\javacpl.cpl
2013-11-03 15:01:01	9223A2810B73069F4A03A636052EF14A	264616	----a-w-	C:\WINDOWS\System32\javaws.exe
2013-11-03 15:00:55	DC1342498BEE7EF1646E9D63138B69CC	175016	----a-w-	C:\WINDOWS\System32\javaw.exe
2013-11-03 15:00:55	9BF46C7F21E75FA0BB03AA93368CC66C	94632	----a-w-	C:\WINDOWS\System32\WindowsAccessBridge.dll
2013-11-03 15:00:55	658633D255FEF154EA1CB8705B4468C5	174504	----a-w-	C:\WINDOWS\System32\java.exe
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-03 16:54:56	--------	d-----w-	C:\Program Files\trend micro
2013-11-03 15:01:04	--------	d-----w-	C:\Program Files\Common Files\Java
2013-11-03 15:00:42	--------	d-----w-	C:\Program Files\Java
======= C: =====
====== C:\Documents and Settings\Administrator\Application Data ======
2013-11-03 15:01:22	--------	d-----w-	C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
====== C:\Documents and Settings\Administrator ======

====== C: exe-files ==
2013-11-03 16:54:57	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Administrator.exe
2013-11-03 16:54:35	69CA82A7482A00D8EE063D2B97FC4338	781383	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GNBKJRH\RSIT[1].exe
2013-11-03 15:01:01	9223A2810B73069F4A03A636052EF14A	264616	----a-w-	C:\WINDOWS\system32\javaws.exe
2013-11-03 15:00:55	DC1342498BEE7EF1646E9D63138B69CC	175016	----a-w-	C:\WINDOWS\system32\javaw.exe
2013-11-03 15:00:55	658633D255FEF154EA1CB8705B4468C5	174504	----a-w-	C:\WINDOWS\system32\java.exe
2013-11-03 15:00:47	CE10E75E10EB6952A7D813FA587EC632	15784	----a-w-	C:\Program Files\Java\jre7\bin\ktab.exe
2013-11-03 15:00:47	CC27986F45EF9FD700BC347355B002B3	15784	----a-w-	C:\Program Files\Java\jre7\bin\rmid.exe
2013-11-03 15:00:47	CBFE91C51D4FA69FE9D140ABEB7E51DC	15784	----a-w-	C:\Program Files\Java\jre7\bin\kinit.exe
2013-11-03 15:00:47	80A79264302910C7C24BA7E44267EFEF	182696	----a-w-	C:\Program Files\Java\jre7\bin\jqs.exe
2013-11-03 15:00:47	7F55715977ECF32633857F16980F008E	52648	----a-w-	C:\Program Files\Java\jre7\bin\jp2launcher.exe
2013-11-03 15:00:47	7814B0A3E6FE8FFF31B7108D16FC4591	15784	----a-w-	C:\Program Files\Java\jre7\bin\keytool.exe
2013-11-03 15:00:47	738AF811C60870FB218D47C628D350AA	15784	----a-w-	C:\Program Files\Java\jre7\bin\rmiregistry.exe
2013-11-03 15:00:47	707BFE32E04720B9D50562669A30F86C	49064	----a-w-	C:\Program Files\Java\jre7\bin\ssvagent.exe
2013-11-03 15:00:47	5FA3FFE74E893E8A9443C2CF3DFA7A64	15784	----a-w-	C:\Program Files\Java\jre7\bin\pack200.exe
2013-11-03 15:00:47	5721DA732075E01569A287767CBCFA5A	15784	----a-w-	C:\Program Files\Java\jre7\bin\klist.exe
2013-11-03 15:00:47	555651269833A415E1F9E594E8DD829F	146344	----a-w-	C:\Program Files\Java\jre7\bin\unpack200.exe
2013-11-03 15:00:47	54A30377949D4984EE72C5510C58B83D	16296	----a-w-	C:\Program Files\Java\jre7\bin\tnameserv.exe
2013-11-03 15:00:47	464358DE0429ABB319DFE3F5E5C85F77	15784	----a-w-	C:\Program Files\Java\jre7\bin\orbd.exe
2013-11-03 15:00:47	3FB1EAAB3CD35126D1F3B9A0A5B7B2DC	15784	----a-w-	C:\Program Files\Java\jre7\bin\policytool.exe
2013-11-03 15:00:47	15EBB4D4B54FCE42D8CB116145BB7EBA	15784	----a-w-	C:\Program Files\Java\jre7\bin\servertool.exe
2013-11-03 15:00:46	DC1342498BEE7EF1646E9D63138B69CC	175016	----a-w-	C:\Program Files\Java\jre7\bin\javaw.exe
2013-11-03 15:00:46	A9743D2D69B80800FEA5F24E7C4B02B3	48040	----a-w-	C:\Program Files\Java\jre7\bin\jabswitch.exe
2013-11-03 15:00:46	9223A2810B73069F4A03A636052EF14A	264616	----a-w-	C:\Program Files\Java\jre7\bin\javaws.exe
2013-11-03 15:00:46	83D790AA563347A026771D50E3D07A9B	66984	----a-w-	C:\Program Files\Java\jre7\bin\javacpl.exe
2013-11-03 15:00:46	658633D255FEF154EA1CB8705B4468C5	174504	----a-w-	C:\Program Files\Java\jre7\bin\java.exe
2013-11-03 15:00:46	2F7EBCD8FB6557997F0583508FFFE6B1	15784	----a-w-	C:\Program Files\Java\jre7\bin\java-rmi.exe
2013-11-02 14:47:50	E66E725E10B9CB8A6F5C74D7CA9E98A9	2864096	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Temp\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
2013-11-02 14:47:30	E66E725E10B9CB8A6F5C74D7CA9E98A9	2864096	----a-w-	C:\Documents and Settings\Administrator\Local Settings\Temp\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
=== C: other files ==
2013-11-03 17:43:02	D23A631CDE7462DDE041F208205503FB	1105	----a-w-	C:\Documents and Settings\All Users\Desktop\sample_20130311_1842.zip
2013-11-03 15:00:47	0A35B7026416325DE4A3EEC131F6EE2C	18636	----a-w-	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1828693745-1477894102-373245962-500\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
"RTHDCPL"="RTHDCPL.EXE"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe /StartedFromRunKey"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login"
"nwiz"="C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\bitguard\\271769~1.27\\{c16c1~1\\bitguard.dll "

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/10/2013 13:12]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/06/2013 20:27]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12/06/2013 20:27]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
abfmigjiaapipflmopkaaooigcjjdojh - C:\Program Files\LyricsContainer\133.crx[]
eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\Administrator\Application Data\BabSolution\CR\Delta.crx[]
fjoijdanhaiflhibkljeklcghcmmfffh - C:\Program Files\Betcat\WebCakeLayers.crx[]

LyricsContainer - Administrator - Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Google Docs - Administrator - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Administrator - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Administrator - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Administrator - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Delta Toolbar - Administrator - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
WebCake - Administrator - Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Google Wallet - Administrator - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Administrator - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage-journal deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjoijdanhaiflhibkljeklcghcmmfffh_0.localstorage deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjoijdanhaiflhibkljeklcghcmmfffh_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{5D02474F-08B1-47DC-BC24-556DFB94CF24}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5D02474F-08B1-47DC-BC24-556DFB94CF24} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\UpdatusUser\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on wo 06/11/2013 at  9:16:18,87 ======================