Zoek.exe v5.0.0.0 Updated 28-12-2014 Tool run by murat on ma 29/12/2014 at 11:04:23,41. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\murat\AppData\Local\Temp\Rar$EX00.463\zoek.exe.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-12-28-164432.log 184050 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6121e5b6-ee3b-41df-9c29-6b728fae0485} deleted successfully HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{622ee0de-8b24-4839-961b-367bdf89f98c} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6121e5b6-ee3b-41df-9c29-6b728fae0485} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{622ee0de-8b24-4839-961b-367bdf89f98c} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\faststartff@gmail.com deleted successfully ==== Running Processes ====================== C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Launch Manager\HotkeyApp.exe C:\Program Files (x86)\Launch Manager\OSD.exe C:\Program Files (x86)\Launch Manager\WButton.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Easy Downloads\easydownloads.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Windows\system32\crypserv.exe C:\ElsaWin\bin\LcSvrAdm.exe C:\ElsaWin\bin\LcSvrDba.exe C:\ElsaWin\bin\LcSvrHis.exe C:\ElsaWin\bin\LcSvrPas.exe C:\ElsaWin\bin\LcSvrSaz.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\Launch Manager\WisLMSvc.exe C:\ElsaWin\bin\LcSvrAuf.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Users\murat\AppData\Local\Temp\Rar$EX00.463\zoek.exe.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("browser.startup.homepage", "http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EBE&gct=hp&apn_ptnrs= ---- Lines ORJ-SPE removed from prefs.js ---- user_pref("extensions.ORJ-SPE.my-keyword-url", "\"\""); user_pref("extensions.ORJ-SPE.previous-keyword-url", "\"\""); ---- Lines faststartff@gmail.com modified from prefs.js ---- user_pref("extensions.enabledAddons", "faststartff@gmail.com:4.3.0,6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com:0.95.24,{972ce4c6-7e08-4474-a28 user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20142912_1131_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\faststartff@gmail.com not found "C:\Windows\SysWOW64\srvany.exe" not found C:\PROGRA~3\AskPartnerNetwork deleted C:\PROGRA~3\APN deleted C:\Users\murat\AppData\Local\AskPartnerNetwork deleted C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\ask-search.xml deleted "C:\Windows\KMService.exe" deleted "C:\Windows\Installer\112838.msi" deleted "C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi" deleted "C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\PROGRA~2\AskPartnerNetwork" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4004 MB CPU Info: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz CPU Speed: 2107.0 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Wireless-N 1030 | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW SN-S083F | F: Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 424.7GB | D: 38.0GB Hard Disks - Free: C: 305.8GB | D: 19.8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 03/11/11 | MEDION - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: MEDION E6224 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! antivirus On-access scanning disabled (Outdated) Anti-Spyware: avast! antivirus disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 11.0 Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 11.0 (x86 nl) Google Chrome version: 39.0.2171.95 Adobe Reader version: 10.1.13.16 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) Flash Player version: 15.0.0.246 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-12-01 22:53:53 93C80BC8FFA8A67989B774A9188665FA 378 ------w- C:\Windows\mbcase_ini.pud 2014-12-01 22:49:29 F572598CCC81F54C37E4C9B70B4245FA 753 ----a-w- C:\Windows\d2kinst.bat 2014-12-01 22:49:29 A241538FACC7249FDEC88D78E4C5DB2A 236 ----a-w- C:\Windows\tbwin.ini 2014-12-01 22:49:03 7098732E38790300F9F0A40E25B0CA90 49152 ------w- C:\Windows\wluninst.dll 2014-12-01 22:48:58 217CEC617F569D56DE78478281190365 48 ----a-w- C:\Windows\lic_key.dat 2014-12-01 22:41:51 4DEFF98C811A27696C85AA6C6CAE2D52 1270 ----a-w- C:\Windows\mbcase.ini_uninst 2014-12-01 22:15:31 21F73C861F2263DC46C5BA4F05E7618D 8 ----a-w- C:\Windows\lan.id ====== C:\Users\murat\AppData\Local\Temp ==== 2014-12-29 09:53:58 39944DA83B29D4A46F3BEB5C98B1159F 666520 ----a-w- C:\Users\murat\AppData\Local\Temp\APNSetup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2023-04-03 13:06:00 000F66BEA6070A8B6C84AE6810D61D96 135168 ----a-w- C:\Windows\SysWOW64\vbSendMail.dll 2014-12-18 23:12:45 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-18 23:12:45 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe ====== C:\Windows\Sysnative\drivers ===== 2014-12-10 09:53:41 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys ====== C:\Windows\Tasks ====== 2014-12-26 14:55:09 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task 2014-12-01 22:02:39 37EE5801D98A2727653D95A0DFD42B9E 3078 ----a-w- C:\Windows\Sysnative\Tasks\{F88D04D3-35EF-40E0-8639-04FB199780E2} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-12-29 09:53:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\murat\AppData\Roaming ====== 2014-12-29 09:54:43 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun 2014-12-28 15:29:05 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-12-28 15:29:04 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-12-28 15:29:04 -------- d-----w- C:\Users\murat\AppData\Local\Temp 2014-12-28 15:29:04 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-12-28 15:29:04 -------- d-----w- C:\Users\Default User\AppData\Local\Temp ====== C:\Users\murat ====== 2014-12-29 09:52:43 -------- d-----w- C:\ProgramData\Oracle 2014-12-27 21:45:03 97558D7CCF229CC2D6AFC4660A9048C2 432320 ----a-w- C:\Users\murat\Downloads\epc online opel ru__2789_i1433111812_il1327280.exe 2014-12-01 22:59:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIS ====== C: exe-files == 2014-12-28 16:49:43 20C4DCF3FB9635C949FA978B11DD12B1 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3998879849-3691024730-1580810151-1000\$IBMRSW0.exe 2014-12-28 14:49:28 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3998879849-3691024730-1580810151-1000\$RBMRSW0.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotkeyApp"="C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" "LMgrVolOSD"="C:\Program Files (x86)\Launch Manager\OSD.exe" "Wbutton"="C:\Program Files (x86)\Launch Manager\Wbutton.exe" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "YouCam Mirage"="C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" "YouCam Tray"="C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe /s" "avast\Program Files\Alwil Software\Avast4\ashDisp.exe" "EasyDownloads"="C:\Program Files (x86)\Easy Downloads\easydownloads.exe -tray" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "ApnTBMon"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2014-02-14 18:33:49 1304 ----a-w- C:\Users\murat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/12/2014 19:34] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ :C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{530CCF4D-68F8-43A3-B3F5-FA83748EB4CE}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default user_pref("browser.search.selectedEngine", "Ask Search"); user_pref("extensions.APN_TB.first-previous-keyword-url", ""); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [16/01/2013 15:16] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash D133DC1D1AB138903809DA328D00AF3E - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) 1E6C511897343C92B8F6412BBA296813 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) AD2CD67BCF3E4475563D25C075C55DC5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[09/08/2012 13:06] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13] YouTube - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Downloader - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Google Wallet - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {264BE1EB-4AAF-49F9-868E-C7F1E6D8A7EF} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393" {5A648C62-1BD7-464D-A7BD-43CC146543CC} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC05100 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC05100 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5