Zoek.exe Version 4.0.0.2 Updated 01-March-2013 Tool run by Gebruiker on do 07/03/2013 at 23:35:46,38. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode No Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Classic Shell\ClassicShellService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\SvcHost.exe -k BullGuard_Backup C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy C:\Windows\System32\SvcHost.exe -k BullGuard_Main C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\SvcHost.exe -k BullGuard C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskhost.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\system32\csrss.exe C:\Windows\System32\WinLogon.exe C:\Windows\System32\dwm.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhostex.exe C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe C:\Windows\System32\WUDFHost.exe D:\Users\Gebruiker\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1430814123-1320494670-813026478-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.selectedEngine", "Delta Search"); Added to C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119828&babsrc=NT_ss&mntrId=4c6d33b7000000000000902b345fc6f7"); ---- Lines BabylonToolbar modified from prefs.js ---- ---- Lines BabylonToolbar removed from user.js ---- ---- Lines delta removed from prefs.js ---- user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=4c6d33b7000000000000902b345fc6f7"); user_pref("avg.install.userSPSettings", "Delta Search"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.rvrt", "false"); ---- Lines delta modified from prefs.js ---- ---- Lines delta removed from user.js ---- user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines search.com removed from user.js ---- ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); user_pref("extentions.y2layers.installId", "3123e2ce-179f-41ab-8365-a753ef24604d"); ---- Lines y2layers modified from prefs.js ---- ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "3123e2ce-179f-41ab-8365-a753ef24604d"); user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); ---- Lines yontoo removed from prefs.js ---- ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14,plugin%40yontoo.com:1.20.02,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"antiphishing@bullguard\":{\"descriptor\":\"C:\\\\Program Files\\\\BullGuard Ltd\\\\BullGuard\\\\Files32\\\\Antiphishing\\\\FF\\\\antiphishing@bullguard\",\"mtime\":1358608252672}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1361292877769}}},{\"name\":\"app-profile\",\"addons\":{\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\Gebruiker\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x4g1c3xd.default\\\\extensions\\\\plugin@yontoo.com.xpi\",\"mtime\":1362605469605},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"descriptor\":\"C:\\\\Users\\\\Gebruiker\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x4g1c3xd.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\",\"mtime\":1361654027753}}}]"); ---- Lines yontoo removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20130703_2342_.backup prefs_20130703_2342_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default\searchplugins\delta.xml" deleted "C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default\extensions\plugin@yontoo.com.xpi" deleted "C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default\extensions\plugin@yontoo.com.xpi" deleted "C:\ProgramData\Tarma Installer" deleted "C:\Users\Gebruiker\AppData\Local\SwvUpdater" deleted "C:\Users\Gebruiker\AppData\LocalLow\Delta" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-03-07 16:22:01 E71E8FA2184549A2FD0FF3FA511CAB1D 108968 ----a-w- C:\Windows\SysWOW64\BgGamingMonitor.dll.PendingBullGuardUpdate 2013-02-27 20:07:22 C08850B2A4E8CD9D2A1D085A7E8BB1C4 375808 ----a-w- C:\Windows\SysWOW64\ReAgent.dll ====== C:\Windows\SysWOW64\drivers ===== 2013-02-18 07:44:53 D79B8B7BED8D30387C22663B24E8C191 256904 ----a-w- C:\Windows\SysWOW64\drivers\tmcomm.sys ====== C:\Windows\Sysnative ===== 2013-03-07 22:27:59 ADC3FCBB651E42517604085985C4E0AD 480 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD 2013-03-07 16:22:01 D270BCF06E24AF7141E05D193B955DED 120840 ----a-w- C:\Windows\Sysnative\BgGamingMonitor.dll.PendingBullGuardUpdate 2013-02-27 20:07:22 6BF1792C79273D725C09CAEFD05073BB 443392 ----a-w- C:\Windows\Sysnative\ReAgent.dll 2013-02-27 20:07:22 1163E4766A15660118722AC3C3D5776A 1010688 ----a-w- C:\Windows\Sysnative\reseteng.dll ====== C:\Windows\Sysnative\drivers ===== 2013-02-18 23:55:19 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2013-02-16 16:30:47 ED120AA770A78B5079F8C7BB5AF8A035 1448168 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2013-02-16 16:30:46 C32A7A39B960A42BA9D4FBE47213CA03 28904 ----a-w- C:\Windows\Sysnative\drivers\msgpiowin32.sys 2013-02-16 16:30:46 C2504AA983B5D411F7D31402E8B57725 341504 ----a-w- C:\Windows\Sysnative\drivers\HdAudio.sys 2013-02-16 16:30:46 11D7A4A4A1DA60F394F53B413DCDF0DE 1934056 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2013-02-16 16:30:45 D6ACCF9F2EEEEA711C14EFD976E573F3 91880 ----a-w- C:\Windows\Sysnative\drivers\partmgr.sys 2013-02-16 16:30:45 C66EF7F7E4BA6FB0DF62AA85D33020DC 124648 ----a-w- C:\Windows\Sysnative\drivers\dumpsd.sys 2013-02-16 16:30:45 2ADC985B85A71BD7D99712EC0C24358B 785504 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys 2013-02-16 16:30:45 28619B6E5A37F71AE1145643949CFA60 303848 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2013-02-16 16:30:45 12F06525912BBEF67837DE47D87C60A9 194280 ----a-w- C:\Windows\Sysnative\drivers\sdbus.sys 2013-02-13 19:52:02 D192288CE5FB395F0BBAFDD1A8B5285D 2226408 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2013-02-11 16:32:52 FB365D68B0A9DDEA218DF7D8192A7AF4 44544 ----a-w- C:\Windows\Sysnative\drivers\mcvidrv_x64.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-02-12 23:42:29 -------- d-----w- C:\Program Files\LockHunter ======= C:\Program Files (x86) ===== 2013-03-06 21:19:37 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-03 19:03:57 -------- d-----w- C:\Program Files (x86)\NCH Software 2013-02-11 16:32:27 -------- d-----w- C:\Program Files (x86)\ManyCam 2013-02-06 23:16:57 -------- d-----w- C:\Program Files (x86)\FreeTime 2013-02-06 23:14:41 -------- d-----w- C:\Program Files (x86)\ConvertHelper ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2013-03-07 07:31:33 075686349E13CDF92FC090104551A364 94524 ----a-w- C:\users\Gebruiker\AppData\Local\ars.cache 2013-03-03 19:03:53 -------- d-----w- C:\users\Gebruiker\AppData\Roaming\NCH Software 2013-02-18 07:44:31 B258221DA7EE1625A9AF9A2D74C02089 36 ----a-w- C:\users\Gebruiker\AppData\Local\housecall.guid.cache 2013-02-11 23:32:45 -------- d-----w- C:\users\Gebruiker\AppData\Roaming\GlarySoft 2013-02-11 16:32:54 -------- d-----w- C:\users\Gebruiker\AppData\Local\ManyCam 2013-02-11 16:32:53 -------- d-----w- C:\users\Gebruiker\AppData\Roaming\ManyCam ====== C:\Users\Gebruiker ====== 2013-03-03 19:03:57 -------- d-----w- C:\ProgramData\NCH Software 2013-02-11 16:32:54 -------- d-----w- C:\ProgramData\ManyCam 2013-02-11 16:32:27 -------- d-----w- C:\ProgramData\Temp 2013-02-06 01:04:14 -------- d-----w- C:\Users\Gebruiker\dwhelper ====== C: exe-files == 2013-03-07 16:22:00 E20F9510D0F8D074B35B592D0673EB6F 202592 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\Files32\Spamfilter\LittleHook.exe 2013-03-07 16:22:00 C72C1F932EF0460DE4BA81D0195BCA65 74592 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BgRegister.exe 2013-03-07 16:22:00 1C7E4ED4C18881A71FC258AEB419E625 97632 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BgProbe.exe 2013-03-07 16:22:00 170D5F468F0C8C89C069D78D1BBEC5CE 91488 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\Files32\BgProbe.exe 2013-03-07 16:21:58 A96CFAAFAE848668CB9BD36EC00A0064 136032 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BgNag.exe 2013-03-07 16:21:57 4F09057D5A53D6C93FE2810A6E3E7CB4 144736 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\ManualUpdate.exe 2013-03-07 16:21:57 363B3ABF2FA313A884E0FBC7D4B9139B 124768 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\bgcrs.exe 2013-03-07 16:21:57 325670C5E919FE6F1A05FA007BF8908D 202080 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\Files32\BsMailProxy\BgCertUtil32.exe 2013-03-07 16:21:56 F54CBF787FD5F782D297E3FB11C73E15 285024 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BackupShellTransfer.exe 2013-03-07 16:21:56 413160240F364A9A46B61A5CC59741E1 234336 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BgSecErase.exe 2013-03-07 16:21:56 05FCD74A0AF2E1B00EB5EEFEBA670328 294240 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\InspectorScan.exe 2013-03-07 16:21:55 86EDFD9761872905811A6679AF8D3CBA 447840 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BgScan.exe 2013-03-07 16:21:55 1E12756901B1F7FB5F203C29423BF24F 490848 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BackupRun.exe 2013-03-07 16:21:54 50E306B56D644382FA32B60C9C5CCAA0 243040 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BullGuardScanner.exe 2013-03-07 16:21:53 A27EF839BF790FFFCC27543101649B84 458592 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\TuneUpScanner.exe 2013-03-07 16:21:53 24DAF245BC85FBF942D177499628D2EA 383840 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BullGuardBhvScanner.exe 2013-03-07 16:21:52 29B3D8D1548256F62A6DBF629BDA12AB 727392 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BullGuard.exe 2013-03-07 16:21:50 66C607BBEA09064AE92F3A041F43EF86 475392 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\Uninst.exe 2013-03-07 16:18:35 3D2045ED5ED98FC14E6B18EC3BF3951A 384352 ----a-w- C:\ProgramData\BullGuard\Update\Download\APPDIR\BullGuardUpdate.exe 2013-03-07 16:18:35 3D2045ED5ED98FC14E6B18EC3BF3951A 384352 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe 2013-03-07 07:28:32 FD35BD83DCD48338931442B47644719A 192512 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\HouseCall32\bspatch.exe 2013-03-07 07:28:30 A7A0791ECADCF96CAEE258033A2D3878 2445744 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\HCBackup\hcpackage.exe 2013-03-05 22:27:27 9ADE7A15BF99B343354E1FAEB47FAB67 775664 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\831fc6f9901af1fd98115b5a10864eef\DeltaTB.exe 2013-03-05 22:27:27 5E2B91FF25316AA0B922DE904AD0D00A 152608 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\e09a883280a895c8e633d4be2309cae3\setup__1654_i4657506.exe 2013-03-05 22:27:27 18432B6FBB43A6502DF334B54E27CA7D 4242251 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\OCS\Downloads\9f8cc62c3640bf6eb115b4c78bb22a3f\0082420b290340071b67b8f80cd1c877\pdf_image_extraction_wizard_6.11.exe 2013-03-05 18:54:49 09F02C017E40A998537F26D0CAEE8D22 319488 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\OCS\ocs_v6z.exe 2013-03-03 19:03:58 3C0A436B68E1FF41BE35C5C7CC9A9211 777880 ----a-w- C:\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.62.exe 2013-03-03 19:03:57 58C6CE7D0B1272623B502624AC3CC8F5 1774744 ----a-w- C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe 2013-03-01 21:44:36 D13879F9A51F6F8C6AC33A5B86694E9F 24449680 ----a-w- C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe === C: other files == 2013-03-07 07:28:32 D79B8B7BED8D30387C22663B24E8C191 256904 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\HouseCall32\tmcomm.sys 2013-03-07 07:28:32 46772A40CFD50847932B3C0F730ED209 2475 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip 2013-03-07 05:53:21 FEBC4601C7BBA976702E84728CD84068 590 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage12.zip 2013-03-07 05:53:21 F44D47E9366C669932FC230BFFC2F47B 569 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage16.zip 2013-03-07 05:53:21 E486A1483BD628002A798E8C0E2AFD4E 545 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage11.zip 2013-03-07 05:53:21 DED49327E43ACBB35182DE3CD1BC02E3 552 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage20.zip 2013-03-07 05:53:21 BE217A79010FAEC8E8989CBACFF7BB66 570 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip 2013-03-07 05:53:21 B75CCADD92FAE32E85E5A89ED859F870 597 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage15.zip 2013-03-07 05:53:21 AC9486C21DE4AF281E43A0678A78B49D 541 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage10.zip 2013-03-07 05:53:21 A30E3C24ED51E8179F24B3AD6B12D81A 543 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage23.zip 2013-03-07 05:53:21 93605E7294FA55C99B014F2E63FCFB08 551 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage27.zip 2013-03-07 05:53:21 8EEC0E095F6F15F3A43B4BDEFCD6730A 597 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage25.zip 2013-03-07 05:53:21 810C738E91F5033F73F6133AA7827B49 555 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage6.zip 2013-03-07 05:53:21 80DAB848FD7858FAF91DB4AB712D0606 593 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage24.zip 2013-03-07 05:53:21 7DF785746D5E975C488441BED09B338E 625 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage17.zip 2013-03-07 05:53:21 6903361CF311220F5215EEEEB602B071 571 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage7.zip 2013-03-07 05:53:21 5EE2C6556FBB52080B95EC35E8DF4517 566 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage18.zip 2013-03-07 05:53:21 5E740CD71D57631A89DF3F31B07DFCE8 586 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip 2013-03-07 05:53:21 598C63B9AB0792F06B4A574C14C61002 539 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage22.zip 2013-03-07 05:53:21 4C6DA065FF863E64F8B8E1AC9662178E 626 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage19.zip 2013-03-07 05:53:21 476CD86B68448D20D69F19302B0C2C27 592 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage26.zip 2013-03-07 05:53:21 430A86327EF7E915653A02D1A7C3FAB6 573 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\WinUrFacebho1.zip 2013-03-07 05:53:21 3EDAEAFB2EFC9F3B27801D4F1F2E0D2C 510 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage9.zip 2013-03-07 05:53:21 3EDAEAFB2EFC9F3B27801D4F1F2E0D2C 510 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage8.zip 2013-03-07 05:53:21 3B51723FCC8A9F3122E1B38783F59E9B 618 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage5.zip 2013-03-07 05:53:21 313D9D8EC47753B7113A50D8FF7E3EE1 697 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage13.zip 2013-03-07 05:53:21 249917B967541BDEF9BF5E7B6E480B2E 589 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\WinUrFacebho.zip 2013-03-07 05:53:21 21BE8F1375AA3EFF640407F6CC060C0E 603 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage14.zip 2013-03-07 05:53:21 1C1438F8F31CB7319CE96F7FE6A774EB 621 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage21.zip 2013-03-07 05:53:20 ED267B1C8CB2B5511284323197EEB2FD 494 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip 2013-03-07 05:53:20 CB99D52F5848E08E23599C38DB954FBE 307 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip 2013-03-07 05:53:20 CB87811F3526DB83ADF98B73BD36B8CA 94622 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip 2013-03-07 05:53:20 BB83DA15C0EA794E0B21BBD57AFFC260 2533 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip 2013-03-07 05:53:20 8CF3EF37CEC3D6D3E37E29576147F7C3 1565 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip 2013-03-07 05:53:20 51CFD15A87460EEA284C9690529F76DE 588 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage.zip 2013-03-07 05:53:20 24C8B98D3AA7EC583FB75D6FFDD460C9 575 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip 2013-03-07 05:53:20 18FEFA5A61764EFD0CB40186ED54CAE1 320 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip 2013-03-07 05:41:20 687925C11EDB8CD6F12FF1E409B5CD4D 982507 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Updates\startup.zip 2013-03-07 05:41:19 31A6D4DE4F73A803B5EB181917F23520 288516 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Updates\desc.english.zip ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/02/2013 21:46] C:\Windows\tasks\GlaryInitialize.job --a-------- C:\Program Files (x86)\Glary Utilities\initialize.exe [05/01/2013 00:26] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/01/2013 00:34] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/01/2013 00:34] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4g1c3xd.default E64819B6014A93E2503BB52419A0F6F3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash 6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions niapdbllcanepiiimjjndipklodoedlc - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== shortcuts on Users Desktops ====================== C:\Users\Gebruiker\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe C:\Users\Gebruiker\Desktop\CLEANING\HiJackThis.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Express Burn.lnk - C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\ManyCam.lnk - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BullGuard\BullGuard.lnk - C:\Program Files (x86)\BullGuard Ltd\BullGuard\BullGuard.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk - C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /x {468D22C0-8080-11E2-B86E-B8AC6F98CCE3} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter\LockHunter on the Web.lnk - C:\Program Files\LockHunter\LockHunter.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter\LockHunter.lnk - C:\Program Files\LockHunter\LockHunter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter\Uninstall LockHunter.lnk - C:\Program Files (x86)\LockHunter\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\ManyCam.lnk - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Uninstall ManyCam.lnk - C:\Program Files (x86)\ManyCam\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\User Guide.lnk - C:\Program Files (x86)\ManyCam\Help\UserGuide.pdf ==== shortcuts in Quick Launch ====================== C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Gebruiker\AppData\Local\Mozilla\Firefox\Profiles\x4g1c3xd.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied