Zoek.exe v5.0.0.0 Updated 27-09-2014 Tool run by bernadeb on za 27/09/2014 at 17:54:00,63. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPDXEQAM\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 27/09/2014 17:55:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 C:\PROGRA~2\MyPC Backup C:\PROGRA~2\predm C:\Program Files\CCleaner C:\Users\bernadeb\AppData\Roaming\ap_logs C:\Users\dariot\AppData\Local\VirtualStore C:\Users\image\AppData\Local\VirtualStore ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\webssearches.xml deleted C:\PROGRA~2\Universal Updater deleted C:\PROGRA~2\Salus deleted C:\PROGRA~2\SearchProtect deleted C:\PROGRA~2\MyPC Backup deleted C:\PROGRA~2\SupTab deleted C:\PROGRA~2\predm deleted C:\Users\bernadeb\AppData\Roaming\aps.uninstall.scan.results deleted C:\Users\bernadeb\AppData\Roaming\webssearches deleted C:\Users\bernadeb\AppData\Roaming\pdfforge deleted C:\PROGRA~3\IePluginServices deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\Users\Administrator\AppData\Local\CPAUTO.tmp deleted C:\Users\bernadeb\AppData\Local\CPAUTO.tmp deleted C:\Users\bernadeb\AppData\Local\nsgC376.tmp deleted C:\Users\bernadeb\AppData\Local\nsj53F1.tmp deleted C:\Users\bernadeb\AppData\Local\SearchProtect deleted C:\Users\dariot\AppData\Local\CPAUTO.tmp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CPAUTO.tmp deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office XP Web Services Toolkit deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\bernadeb\AppData\Roaming\Mozilla\Firefox\Profiles\mk6rq2hb.default\searchplugins\trovi-search.xml deleted "C:\Windows\Installer\a810b.msi" deleted "C:\Users\bernadeb\AppData\Roaming\ap_logs" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-09-16 06:37:26 28222BF506FD04CEA55DB9D9AED5F5FB 281 ----a-w- C:\Windows\Inbox.xnk 2014-09-15 09:50:42 7D71A59A39B4D1E6CB4ACB5FB3EB2AA8 6020578 ----a-w- C:\Windows\FramePkg.exe 2014-09-15 08:36:37 BF1115E2C2F7E1A7F9BB4294D699D8E8 33 ----a-w- C:\Windows\SAPMSG.INI 2014-09-15 07:26:34 906DD298C62891D9DA4F4AFF601CC786 53 ----a-w- C:\Windows\TSLIB.INI ====== C:\Users\bernadeb\AppData\Local\Temp ==== 2014-09-17 08:18:34 3A532CEDE906ED0133DE089129E2ADD8 8030720 ----a-w- C:\Users\bernadeb\AppData\Local\Temp\Jing_Setup\Jing_Setup_Release.msi 2014-09-15 14:15:56 DA195EB29474C79EEE34AC5F9C791D17 27843432 ----a-w- C:\Users\bernadeb\AppData\Local\Temp\PDFCreator_setup.exe 2014-09-15 09:51:40 E8B0B9E66DA893E477C468F8D1247A12 26923008 ----a-w- C:\Users\bernadeb\AppData\Local\Temp\Skype.msi 2014-09-15 08:36:47 85A5571258DE322458F288B94EE28CFB 1521152 ----a-w- C:\Users\bernadeb\AppData\Local\Temp\49dff9d9\msxml6_x86.msi ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-09-26 07:42:02 6E098A827A6439DDA1EE4C59A1BFA39D 3675824 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-19 13:47:42 A1563AAE57D81CF27B9BEC2587452B6C 701104 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-19 13:47:42 261DBD3E1F37FFF94BEE334AF84CA77E 71344 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-15 14:16:22 D329085A88A9019ED5700C0F04B3176E 137000 ----a-w- C:\Windows\SysWOW64\MSMAPI32.OCX 2014-09-15 14:16:21 6EC9A8DC8508D724E7456600B0CCB995 23552 ----a-w- C:\Windows\SysWOW64\MSMPIDE.DLL 2014-09-15 08:41:51 2F8884ADE4546290C9F21B113C8BDB7C 5225472 ----a-w- C:\Windows\SysWOW64\librfc32u.dll 2014-09-15 08:40:50 FADC93D54F78526C746E7AF9867DB854 843776 ----a-w- C:\Windows\SysWOW64\icuin34.dll 2014-09-15 08:40:50 65F5C3D4FB59C055905B6A62E5B5980E 1818 ----a-w- C:\Windows\SysWOW64\icu_license.txt 2014-09-15 08:40:50 1CB1C2752200206A658B1D441E7E694C 946176 ----a-w- C:\Windows\SysWOW64\icuuc34.dll 2014-09-15 08:40:49 35EC468CC6CFDD22BF59D762C86FE757 8847360 ----a-w- C:\Windows\SysWOW64\icudt34.dll 2014-09-15 08:40:26 AD9D9E27AA0680E44483CDA68E63CDD9 51200 ----a-w- C:\Windows\SysWOW64\h5tool32.dll 2014-09-15 08:40:26 A0BA2E557D8E11610D66AE3AEE062C64 175616 ----a-w- C:\Windows\SysWOW64\h5menu32.dll 2014-09-15 08:40:26 55F65C7107E39F0F4EFE5365AD197A2D 95744 ----a-w- C:\Windows\SysWOW64\h5rtf32.dll 2014-09-15 08:40:25 886B0DFB2EE93FC9F2D11B285ED7DC89 1064960 ----a-w- C:\Windows\SysWOW64\h5krnl32.dll 2014-09-15 08:40:25 765089B5FA5D94935AE8E1EA30C8D4B8 114688 ----a-w- C:\Windows\SysWOW64\h5dlg32.dll 2014-09-15 08:40:25 21B9DD56BB08C4E13E1ADD94E1972940 188928 ----a-w- C:\Windows\SysWOW64\h5icon32.dll 2014-09-15 08:40:03 0DB04D84B06F760BE7A852A8CFC20DF2 67376 ----a-w- C:\Windows\SysWOW64\sysinfo.ocx 2014-09-15 08:40:02 39BBA51C9D8C3E79E8A40F2821BBA5CA 278352 ----a-w- C:\Windows\SysWOW64\msdatgrd.ocx 2014-09-15 08:40:02 3973673288371C24056FEDA47AD3CF96 659264 ----a-w- C:\Windows\SysWOW64\mscomct2.ocx 2014-09-15 08:40:00 FC9FEF25CD6620D5691375F392B0FDC8 614992 ----a-w- C:\Windows\SysWOW64\comctl32.ocx 2014-09-15 08:40:00 C24F1E7C15C6D47ECED9DBD3E9B90D52 415552 ----a-w- C:\Windows\SysWOW64\comct332.ocx 2014-09-15 08:40:00 2648D9081FDD9BAF5E0667D6B319DACC 170080 ----a-w- C:\Windows\SysWOW64\comct232.ocx 2014-09-15 08:39:59 62CC2C6B200D995791ACFC527CA4CC58 150528 ----a-w- C:\Windows\SysWOW64\tlbinf32.dll 2014-09-15 08:39:58 92A8F0723B2E9DF178713C23D2903F64 1355776 ----a-w- C:\Windows\SysWOW64\msvbvm50.dll 2014-09-15 08:39:58 734E38415B25D254CBC0E2E586E2BCB6 94744 ----a-w- C:\Windows\SysWOW64\grid32.ocx 2014-09-15 08:39:45 2AC628CCF4860E52F7F85DEEE2D68066 4331520 ----a-w- C:\Windows\SysWOW64\librfc32.dll 2014-09-15 08:38:37 E490D8704FF7A24FC545ADB94556E0CF 1708168 ----a-w- C:\Windows\SysWOW64\SAPbtmp.dll 2014-09-15 08:38:37 90C59074EFB72DF9981670BABB8F6CE6 133904 ----a-w- C:\Windows\SysWOW64\mfcans32.dll 2014-09-15 08:31:52 C3BE386146F2D36E386EE13C326E736C 1214768 ----a-w- C:\Windows\SysWOW64\pwrgrids.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-09-15 14:16:22 C89B88BCA6D6B72A470D8BF5730254C6 110264 ----a-w- C:\Windows\Sysnative\pdfcmon.dll 2014-09-15 08:31:52 C3BE386146F2D36E386EE13C326E736C 1214768 ----a-w- C:\Windows\Sysnative\pwrgrids.exe ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-09-19 13:47:43 B51FF7A3B0B18864424F25244AFA2933 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-19 13:47:43 934652FA0CF8F6353EDB00462F60B4FA 3768 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-25 11:53:59 -------- d-----w- C:\Program Files\WinRAR ======= C:\PROGRA~2 ===== 2014-09-26 16:15:47 -------- d-----w- C:\PROGRA~2\trend micro 2014-09-26 06:30:26 -------- d-----w- C:\PROGRA~2\CommonShare 2014-09-17 08:19:17 -------- d-----w- C:\PROGRA~2\TechSmith 2014-09-15 14:16:54 -------- d-----w- C:\PROGRA~2\PDF Architect 2 2014-09-15 14:16:21 -------- d-----w- C:\PROGRA~2\PDFCreator 2014-09-15 14:15:38 -------- d-----w- C:\PROGRA~2\KleosChecker 2014-09-15 12:51:20 -------- d-----w- C:\PROGRA~2\Wolters Kluwer 2014-09-15 09:52:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-09-15 09:52:07 -------- d-----r- C:\PROGRA~2\Skype 2014-09-15 09:44:11 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-09-15 08:40:16 -------- d-----w- C:\PROGRA~2\COMMON~1\SAP Shared 2014-09-15 08:36:37 -------- d-----w- C:\PROGRA~2\SAP 2014-09-15 08:35:54 -------- d-----w- C:\PROGRA~2\WKB 2014-09-15 08:14:02 -------- d-----w- C:\PROGRA~2\MSXML 4.0 2014-09-15 07:26:05 -------- d-----w- C:\PROGRA~2\Microsoft UDDI SDK 2014-09-15 07:26:05 -------- d-----w- C:\PROGRA~2\COMMON~1\MSSoap 2014-09-15 07:26:05 -------- d-----w- C:\PROGRA~2\COMMON~1\Crystal Decisions 2014-09-15 07:26:02 -------- d-----w- C:\PROGRA~2\Avaya 2014-09-15 06:52:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Citrix 2014-09-15 06:52:44 -------- d-----w- C:\PROGRA~2\Citrix ======= C: ===== ====== C:\Users\bernadeb\AppData\Roaming ====== 2014-09-27 15:30:13 -------- d-----w- C:\Users\bernadeb\AppData\Local\ElevatedDiagnostics 2014-09-26 15:10:52 42DE9D61E7B7CF5C95139E186CA0CED4 110520 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-25 11:54:20 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\WinRAR 2014-09-19 08:56:06 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\PDF Architect 2 2014-09-17 08:19:30 -------- d-----w- C:\Users\bernadeb\AppData\Local\TechSmith 2014-09-15 12:50:18 -------- d-----w- C:\Users\bernadeb\AppData\Local\Programs 2014-09-15 11:02:33 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\KLEOS 2014-09-15 11:02:13 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolters Kluwer 2014-09-15 11:01:53 -------- d-----w- C:\Users\bernadeb\AppData\Local\Deployment 2014-09-15 10:57:59 -------- d-----w- C:\Users\bernadeb\AppData\Locallow\Adobe 2014-09-15 10:57:59 -------- d-----w- C:\Users\bernadeb\AppData\Local\Adobe 2014-09-15 09:52:17 -------- d-----w- C:\Users\bernadeb\AppData\Local\Skype 2014-09-15 09:52:12 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\Skype 2014-09-15 09:44:19 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\Mozilla 2014-09-15 09:44:19 -------- d-----w- C:\Users\bernadeb\AppData\Local\Mozilla 2014-09-15 09:31:40 -------- d-----w- C:\Users\bernadeb\AppData\Local\Intel_Corporation 2014-09-15 09:07:48 -------- d-sh--w- C:\Users\bernadeb\AppData\Local\EmieUserList 2014-09-15 09:07:48 -------- d-sh--w- C:\Users\bernadeb\AppData\Local\EmieSiteList 2014-09-15 09:07:05 -------- d-----w- C:\Users\bernadeb\AppData\Local\ISL Online Cache 2014-09-15 08:39:04 -------- d-----w- C:\Users\bernadeb\AppData\Local\Apps 2014-09-15 08:38:57 -------- d-----w- C:\Users\bernadeb\AppData\Local\SAP 2014-09-15 08:36:37 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\SAP 2014-09-15 08:36:33 6754839620D9B90FDDCE4B90AB4D02DC 6 ----a-w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\IconCache.reswm 2014-09-15 08:35:47 -------- d-----w- C:\Users\bernadeb\AppData\Local\RES 2014-09-15 08:13:56 -------- d-s---w- C:\Users\bernadeb\AppData\Locallow\Microsoft 2014-09-15 08:09:02 FC6857E1E1D2AC1A25441ADD9FE25DC9 110520 ----a-w- C:\Users\bernadeb\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-15 08:09:02 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\ICAClient 2014-09-15 08:09:01 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\CheckPoint 2014-09-15 08:08:57 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\Adobe 2014-09-15 08:08:56 -------- d-----r- C:\Users\bernadeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-09-15 08:08:56 -------- d-----r- C:\Users\bernadeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-09-15 08:08:48 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\Identities 2014-09-15 08:08:40 -------- d-s---w- C:\Users\bernadeb\AppData\Roaming\Microsoft 2014-09-15 08:08:40 -------- d-----w- C:\Users\bernadeb\AppData\Roaming\Media Center Programs 2014-09-15 08:08:40 -------- d-----w- C:\Users\bernadeb\AppData\Local\Temp 2014-09-15 08:08:40 -------- d-----w- C:\Users\bernadeb\AppData\Local\Microsoft Help 2014-09-15 08:08:40 -------- d-----w- C:\Users\bernadeb\AppData\Local\Microsoft 2014-09-15 08:08:40 -------- d-----w- C:\Users\bernadeb\AppData\Local\Citrix 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-15 07:48:48 FE1047A1339F0C3FD795B4761E4A7DC7 109296 ----a-w- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-15 07:48:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\ICAClient 2014-09-15 07:48:47 -------- d-----w- C:\Users\Administrator\AppData\Local\Citrix 2014-09-15 07:25:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-09-15 06:52:51 -------- d-----w- C:\Users\Default\AppData\Local\Citrix 2014-09-15 06:52:51 -------- d-----w- C:\Users\Default User\AppData\Local\Citrix 2014-09-15 06:52:44 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Citrix 2014-09-15 06:43:15 -------- d-----w- C:\Users\Administrator\AppData\Roaming\CheckPoint 2014-09-15 06:43:10 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Adobe ====== C:\Users\bernadeb ====== 2014-09-26 16:15:26 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\bernadeb\Downloads\RSIT.exe 2014-09-17 08:19:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-09-17 08:18:26 DBD4DE7B97B97093364C6D5FB3D78A33 6692840 ----a-w- C:\Users\bernadeb\Downloads\jing.exe 2014-09-16 13:10:40 -------- d-----w- C:\ProgramData\Dell 2014-09-15 14:17:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2 2014-09-15 14:16:30 -------- d-----w- C:\ProgramData\PDF Architect 2 2014-09-15 14:16:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2014-09-15 09:52:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-15 09:52:03 -------- d-----w- C:\ProgramData\Skype 2014-09-15 09:51:21 F0201746A6262629A401D7B19A7F6BD1 1678440 ----a-w- C:\Users\bernadeb\Downloads\SkypeSetup.exe 2014-09-15 09:44:12 -------- d-----w- C:\ProgramData\Mozilla 2014-09-15 09:07:46 -------- d-sh--w- C:\Users\bernadeb\IEDownloadHistory 2014-09-15 09:07:45 -------- d-sh--w- C:\Users\bernadeb\DNTException 2014-09-15 09:07:45 -------- d--h--w- C:\Users\bernadeb\PrivacIE 2014-09-15 08:41:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Explorer 2014-09-15 08:40:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End 2014-09-15 08:36:53 -------- d-sh--w- C:\Users\bernadeb\iecompatuaCache 2014-09-15 08:36:53 -------- d-sh--w- C:\Users\bernadeb\IECompatCache 2014-09-15 08:31:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RES Workspace Manager 2014-09-15 08:08:56 -------- d-----r- C:\Users\bernadeb\Searches 2014-09-15 08:08:47 -------- d-----r- C:\Users\bernadeb\Contacts 2014-09-15 08:08:45 06A1E80681F00D99169BFF497C2DF11E 440 --sha-r- C:\Users\bernadeb\ntuser.pol 2014-09-15 08:08:40 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\bernadeb\ntuser.ini 2014-09-15 08:08:40 -------- d--h--w- C:\Users\bernadeb\AppData 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Videos 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Saved Games 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Pictures 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Music 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Links 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Favorites 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Downloads 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Documents 2014-09-15 08:08:40 -------- d-----r- C:\Users\bernadeb\Desktop 2014-09-15 07:26:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avaya Computer Telephony 2014-09-15 07:26:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avaya Contact Center Express 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Videos 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Saved Games 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Pictures 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Links 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Favorites 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Downloads 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Documents 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Desktop 2014-09-15 07:25:46 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Contacts 2014-09-15 07:25:45 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Searches 2014-09-15 07:25:45 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Music 2014-09-15 06:53:18 -------- d-----w- C:\ProgramData\Citrix ====== C: exe-files == 2014-09-26 16:15:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\bernadeb.exe 2014-09-26 16:15:26 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\bernadeb\Downloads\RSIT.exe 2014-09-26 07:42:02 6E098A827A6439DDA1EE4C59A1BFA39D 3675824 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-25 10:12:07 FE6D1C65EFF2199820A9A672A476BAA2 710752 ----a-w- C:\Program Files (x86)\Wolters Kluwer\Kleos for Outlook\unins000.exe 2014-09-25 10:11:46 5E5BF744AD74A48ADB93766EB4FE569B 1129992 ----a-w- C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\256J42T8\KFO4.0Setup.exe 2014-09-24 07:42:42 C0FE26369B03AB32B5862AE97FB601BF 10848 ----a-w- C:\Users\bernadeb\AppData\Local\ISL Online Cache\ISL Light Desk\1\shellsendto.exe 2014-09-24 07:42:42 8C447A363670201FAE7524B7B22D3D5E 970688 ----a-w- C:\Users\bernadeb\AppData\Local\ISL Online Cache\ISL Light Desk\1\isllight.exe 2014-09-24 07:42:42 7EEDFE2601BD68899BA19192F638D627 17504 ----a-w- C:\Users\bernadeb\AppData\Local\ISL Online Cache\ISL Light Desk\1\mailopen.exe 2014-09-24 07:42:41 8C447A363670201FAE7524B7B22D3D5E 970688 ----a-w- C:\Users\bernadeb\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1411544561_5224_5292_1098256139\KluwerSupportDesk.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2058965023-251273446-709122288-28761\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Jing"="C:\Program Files (x86)\TechSmith\Jing\Jing.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Check Point VPN"="C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "McAfeeUpdaterUI"="C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe /StartedFromRunKey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Jing"="C:\Program Files (x86)\TechSmith\Jing\Jing.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe /s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1" "WavesSvc"="C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe" "RtHDVBg_PushButton"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [19/09/2014 15:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\bernadeb\AppData\Roaming\Mozilla\Firefox\Profiles\mk6rq2hb.default - Fast Start - %ProfilePath%\extensions\faststartff@gmail.com ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\bernadeb\AppData\Roaming\Mozilla\Firefox\Profiles\mk6rq2hb.default\extensions\faststartff@gmail.com deleted ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://intranet.wkb.int" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://intranet.wkb.int" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D9E16CE297571BD44814FD53E99DDF34 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EC61E9D-7579-4DB1-8441-DF359ED9FD43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D9E16CE297571BD44814FD53E99DDF34 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\dariot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\image\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H33MAOY will be deleted at reboot C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPDXEQAM will be deleted at reboot C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB3AVNMR will be deleted at reboot C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF2EWITN will be deleted at reboot C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5GW0YLS will be deleted at reboot C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDLKQL1G will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=691 folders=69 18823752 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\bernadeb\AppData\Local\Temp will be emptied at reboot C:\Users\dariot\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\image\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\bernadeb\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H33MAOY" not found "C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPDXEQAM" not found "C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB3AVNMR" not found "C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF2EWITN" not found "C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5GW0YLS" not found "C:\Users\bernadeb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDLKQL1G" not found ==== EOF on za 27/09/2014 at 22:56:32,54 ======================