Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by ANTONIO on vr 17/04/2015 at 20:55:12,12. Running in: Normal Mode Internet Access Detected Launched: C:\Users\ANTONIO\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== Failed to create System Restore Point ==== Empty Folders Check ====================== C:\Program Files\fst_be_57 deleted successfully C:\Program Files\GRETECH deleted successfully C:\Program Files\TomTom DesktopSuite deleted successfully C:\PROGRA~2\HDBR31 deleted successfully C:\PROGRA~2\PDF Architect deleted successfully C:\Users\Administrator\AppData\Roaming\Solvusoft deleted successfully C:\Users\Administrator\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\ANTONIO\AppData\Roaming\Boost Windows deleted successfully C:\Users\ANTONIO\AppData\Roaming\DAEMON Tools Lite deleted successfully C:\Users\ANTONIO\AppData\Roaming\Ecuwhis deleted successfully C:\Users\ANTONIO\AppData\Roaming\Fefuka deleted successfully C:\Users\ANTONIO\AppData\Roaming\Firetrust deleted successfully C:\Users\ANTONIO\AppData\Roaming\Lite deleted successfully C:\Users\ANTONIO\AppData\Roaming\Malwarebytes deleted successfully C:\Users\ANTONIO\AppData\Roaming\Media Player Classic deleted successfully C:\Users\ANTONIO\AppData\Roaming\Systweak deleted successfully C:\Users\ANTONIO\AppData\Roaming\WinRAR deleted successfully C:\Users\Administrator\AppData\Local\fst_be_57 deleted successfully C:\Users\Administrator\AppData\Local\{DD35BBDF-8693-403E-98C0-F25EA2AA7D9B} deleted successfully C:\Users\Administrator\AppData\Local\{EA41FFAA-D6FB-4045-A290-3E7803FB64A3} deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7FF99715-3016-4381-84CE-E4E4C9673020} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nfb8qx5l.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151704_2130_.backup ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Thunderbird\Profiles\a78shui8.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151704_2130_.backup ProfilePath: C:\Users\ANTONIO\AppData\Roaming\Thunderbird\Profiles\5jz6rqsn.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151704_2130_.backup ProfilePath: C:\Users\ANTONIO\AppData\Roaming\TomTom\HOME\Profiles\mbkco0cd.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151704_2130_.backup ProfilePath: C:\Users\ANTONIO\AppData\Roaming\Mozilla\Firefox\Profiles\fx2tr3ni.default prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== C:\Program Files\fst_be_57 not found C:\Program Files\GRETECH not found C:\Program Files\TomTom DesktopSuite not found C:\Program Files\MarkAnyContentSAFER deleted C:\Windows\system32\appdata deleted C:\Program Files\FromDocToPDF_65 deleted C:\Program Files\MapsGalaxy_39 deleted C:\Users\ANTONIO\AppData\Local\FromDocToPDF_65 deleted C:\Users\ANTONIO\appdata\locallow\FromDocToPDF_65 deleted C:\Users\ANTONIO\AppData\Local\MapsGalaxy_39 deleted C:\Users\ANTONIO\appdata\locallow\MapsGalaxy_39 deleted C:\Program Files\PC Inspector File Recovery deleted C:\Program Files\NewPlayer deleted C:\Program Files\BitLord deleted C:\Program Files\Registry Mechanic deleted C:\Program Files\Common Files\DVDVideoSoft\TB deleted C:\Users\Administrator\AppData\Roaming\simplitec deleted C:\Users\ANTONIO\AppData\Roaming\simplitec deleted C:\Users\ANTONIO\AppData\Roaming\UserFlag.ini deleted C:\Users\ANTONIO\AppData\Roaming\pcouffin.log deleted C:\Users\ANTONIO\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\Users\ANTONIO\AppData\Roaming\GetRightToGo deleted C:\Users\ANTONIO\AppData\Roaming\pdfforge deleted C:\Users\ANTONIO\AppData\Roaming\OpenCandy deleted C:\PROGRA~2\Setting.dat deleted C:\PROGRA~2\simplitec deleted C:\Users\ANTONIO\AppData\Local\GLFE616.tmp deleted C:\Users\ANTONIO\AppData\Local\fst_be_57 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY deleted C:\Users\ANTONIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage deleted C:\Users\Public\sdelevURL.tmp deleted C:\Users\Administrator\AppData\LocalLow\AskToolbar deleted C:\Users\Administrator\AppData\LocalLow\MapsGalaxy_39 deleted C:\Users\ANTONIO\AppData\LocalLow\IAC deleted C:\Users\ANTONIO\AppData\LocalLow\Conduit deleted C:\Windows\wininit.ini deleted C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted C:\Windows\system32\Tasks\LaunchSignup deleted C:\END deleted C:\Windows\system32\roboot.exe deleted C:\Windows\System32\SET33D.tmp deleted C:\Windows\System32\SET6491.tmp deleted C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted C:\Users\ANTONIO\Desktop\NewPlayer.lnk deleted C:\Users\ANTONIO\chromeinstall-8u25.exe deleted C:\Users\ANTONIO\cyic09jk.exe deleted C:\Users\ANTONIO\Defogger (1).exe deleted C:\Users\ANTONIO\Defogger.exe deleted C:\Users\ANTONIO\MicrosoftFixit.wu.Run.exe deleted C:\Users\ANTONIO\msert.exe deleted C:\Users\ANTONIO\SUPERAntiSpyware.exe deleted C:\Users\ANTONIO\uninstall_flash_player.exe deleted C:\Users\ANTONIO\AppData\Roaming\Mozilla\Firefox\Profiles\fx2tr3ni.default\extensions\39ffxtbr@MapsGalaxy_39.com deleted C:\Users\ANTONIO\AppData\Roaming\Mozilla\Firefox\Profiles\fx2tr3ni.default\extensions\65ffxtbr@FromDocToPDF_65.com deleted "C:\Users\ANTONIO\AppData\Local\893686b8" deleted "C:\Users\ANTONIO\AppData\Roaming\893686b8" deleted "C:\ProgramData\893686b8" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ANTONIO\AppData\Local\Temp ==== 2015-04-17 18:35:48 EB3F8534322D883F4A61274210551662 43008 ----a-w- C:\Users\ANTONIO\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmpic3s.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-15 17:34:32 -------- d-----w- C:\Program Files\trend micro 2015-04-14 21:47:25 -------- d-----w- C:\Program Files\Speccy ======= C: ===== ====== C:\Users\ANTONIO\AppData\Roaming ====== ====== C:\Users\ANTONIO ====== 2015-04-14 21:47:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy ====== C: exe-files == 2015-04-15 17:34:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\ANTONIO.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MoraLrob"="regsvr32.exe C:\ProgramData\MoraLrob\KaliTakz.kes" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "WLSync"="C:\Program Files\Windows Live\Mesh\WLSync.exe /background" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft Connection Service" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BDRegion" "hkey"="HKLM" "command"="C:\\Program Files\\Cyberlink\\Shared files\\brs.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beid" "hkey"="HKCU" "command"="C:\\Program Files\\Belgium Identity Card\\beid35gui.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus Photo RX585 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON Stylus Photo RX585 Series" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATICLE.EXE /FU \"C:\\Users\\ANTONIO\\AppData\\Local\\Temp\\E_SF508.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ESDRWSTT] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ESDRWSTT" "hkey"="HKLM" "command"="C:\\Program Files\\wGXe SOFTWARE\\wGXe Photo Recovery\\esdrwstt.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\ANTONIO\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FSC OSD Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FSC OSD Utility" "hkey"="HKLM" "command"="c:\\PROGRA~1\\FSCOSD~1\\OSDUTI~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FSCRecovery] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FSCRecovery" "hkey"="HKLM" "command"="c:\\Program Files\\Fujitsu Siemens Computers\\Fujitsu Siemens Computers Recovery\\FSCRecoveryReminder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fst_be_57] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fst_be_57" "hkey"="HKLM" "command"="\"C:\\Program Files\\fst_be_57\\fst_be_57.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google EULA Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google EULA Launcher" "hkey"="HKLM" "command"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\ANTONIO\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google+ Auto Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google+ Auto Backup" "hkey"="HKCU" "command"="\"C:\\Users\\ANTONIO\\AppData\\Local\\Programs\\Google\\Google+ Auto Backup\\Google+ Auto Backup.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesHelper" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\KiesHelper.exe /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Launch Manager" "hkey"="HKLM" "command"="C:\\PROGRA~1\\FSCLAU~1\\LAUNCH~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy EPM Support] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MapsGalaxy EPM Support" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\MAPSGA~2\\bar\\1.bin\\39medint.exe\" T8EPMSUP.DLL,S" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy Search Scope Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MapsGalaxy Search Scope Monitor" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\MAPSGA~2\\bar\\1.bin\\39srchmn.exe\" /m=2 /w /h" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy_39 Browser Plugin Loader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MapsGalaxy_39 Browser Plugin Loader" "hkey"="HKLM" "command"="C:\\Program Files\\MapsGalaxy_39\\bar\\1.bin\\39brmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mxomssmenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mxomssmenu" "hkey"="HKLM" "command"="\"C:\\Program Files\\Maxtor\\OneTouch Status\\maxmenumgr.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Ghost 12.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Ghost 12.0" "hkey"="HKLM" "command"="\"C:\\Program Files\\Norton Ghost\\Agent\\VProTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD9LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVD9LanguageShortcut" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD9\\Language\\Language.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl10" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl9] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl9" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD9\\PDVD9Serv.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SDTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VirtualCloneDrive" "hkey"="HKLM" "command"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Mobile Device Center" "hkey"="HKLM" "command"="%windir%\\WindowsMobile\\wmdc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk] "item"="Philips GoGear VIBE Device Manager" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Philips GoGear VIBE Device Manager.lnk" "backup"="C:\\Windows\\pss\\Philips GoGear VIBE Device Manager.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Philips\\GOGEAR~1\\GOGEAR~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^ANTONIO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk] "path"="C:\\Users\\ANTONIO\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk" "backup"="C:\\Windows\\pss\\MyPC Backup.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MYPCBA~1\\MYPCBA~1.EXE " "item"="MyPC Backup" ==== Startup Folders ====================== 2015-04-14 18:30:45 1049 ----a-w- C:\Users\ANTONIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/04/2015 21:06] C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000Core.job --a------ C:\Users\ANTONIO\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 23:08] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000UA.job --a------ C:\Users\ANTONIO\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 23:08] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [17/10/2014 21:49] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000Core.job --a------ C:\Users\ANTONIO\AppData\Local\Google\Update\GoogleUpdate.exe [26/04/2014 18:12] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000UA.job --a------ C:\Users\ANTONIO\AppData\Local\Google\Update\GoogleUpdate.exe [26/04/2014 18:12] C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job --a------ C:\Program Files\Spybot - Search Destroy 2\SDImmunize.exe [] C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job --a------ C:\Program Files\Spybot - Search Destroy 2\SDScan.exe [] C:\Windows\tasks\Security Center Update - 1436225257.job --a------ C:\Users\ANTONIO\AppData\Roaming\Ecuwhis\yxevt.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Check for updates (Spybot - Search & Destroy)" [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000Core" [C:\Users\ANTONIO\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000UA" [C:\Users\ANTONIO\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000Core" [C:\Users\ANTONIO\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1290501801-2183166161-1729595285-1000UA" [C:\Users\ANTONIO\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Refresh immunization (Spybot - Search & Destroy)" [C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe] "C:\Windows\system32\tasks\Scan the system (Spybot - Search & Destroy)" [C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe] "C:\Windows\system32\tasks\Security Center Update - 1173996274" [C:\Users\ANTONIO\AppData\Roaming\Fefuka\odepi.exe] "C:\Windows\system32\tasks\Security Center Update - 1436225257" [C:\Users\ANTONIO\AppData\Roaming\Ecuwhis\yxevt.exe] "C:\Windows\system32\tasks\{C508080C-72AD-49D4-A934-1BF3D462BD69}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.18.0.106/nl/go/help.faq.installer?LastError=1618] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [03/03/2015 20:21] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/01/2012 23:06] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Thunderbird\Profiles\a78shui8.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi ProfilePath: C:\Users\ANTONIO\AppData\Roaming\Thunderbird\Profiles\5jz6rqsn.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi ProfilePath: C:\Users\ANTONIO\AppData\Roaming\TomTom\HOME\Profiles\mbkco0cd.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.8.419.1257@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.401.862279@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.430.890926@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.465.1074274@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] Google Slides - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia MSN Homepage Bing Search Engine - ANTONIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd Google Wallet - ANTONIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com", "startup_urls": [ "http://www.google.com" ] C:\Users\ANTONIO\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.msn.com/nl-nl/?pc=__PARAM__&ocid=__PARAM__DHP", ==== Chromium Fix ====================== C:\Users\ANTONIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.be/?gws_rd=ssl" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="https://www.google.com/search?q={searchTerms}" {868F27AB-A2F6-4A28-9031-62139268FE42} Yahoo! Search Url="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}" {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} Web Search Url="http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}" {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} Unknown Url="Not_Found" {afdbddaa-5d3f-42ee-b79c-185a7020515b} DVDVideoSoftTB Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050" ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7095FD27-37F0-4750-9DE8-D37DC0043706} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX585 Series deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fst_be_57 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy EPM Support deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy Search Scope Monitor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy_39 Browser Plugin Loader deleted successfully ==== Empty IE Cache ====================== C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(112)\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(13)\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(19)\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(88)\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini will be deleted at reboot C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\nfb8qx5l.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\ANTONIO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=197 folders=172 158391923 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\ANTONIO\AppData\Local\temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\TEMP\AppData\Local\temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ANTONIO\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini" deleted "C:\Users\ANTONIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on vr 17/04/2015 at 21:49:07,12 ======================