Zoek.exe Version 4.0.0.2 Updated 01-March-2013 Tool run by thuis on vr 01/03/2013 at 9:36:07,96. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1503386550-1563833762-866553309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{51859894-E545-47E4-916A-C691F186D029} deleted successfully HKEY_USERS\S-1-5-21-1503386550-1563833762-866553309-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1503386550-1563833762-866553309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default ---- Lines incredibar removed from prefs.js ---- user_pref("browser.startup.homepage", "http://mystart.incredibar.com/mb128?a=6OyDQ5JNq7&i=26"); user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.did", "10658"); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.id", "163c1d0b0000000000007071bc465865"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.instlDay", "15494"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.ppd", ""); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6OyDQ5JNq7&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.upn2", "6OyDQ5JNq7"); user_pref("extensions.incredibar_i.upn2n", "92261522386328639"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:31:36"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); ---- Lines incredibar modified from prefs.js ---- ---- Lines incredibar removed from user.js ---- user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.upn2", "6OyDQ5JNq7"); user_pref("extensions.incredibar_i.upn2n", "92261522386328639"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.did", "10658"); user_pref("extensions.incredibar_i.ppd", ""); user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6OyDQ5JNq7&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.id", "163c1d0b0000000000007071bc465865"); user_pref("extensions.incredibar_i.instlDay", "15494"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:31:36"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.excTlbr", false); ---- Lines CT2504091 removed from prefs.js ---- ---- Lines CT2504091 modified from prefs.js ---- ---- Lines CT2504091 removed from user.js ---- ---- Lines CT2865317 removed from prefs.js ---- ---- Lines CT2865317 modified from prefs.js ---- ---- Lines CT2865317 removed from user.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091 removed from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091 modified from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091 removed from user.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317 removed from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317 modified from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317 removed from user.js ---- ---- Lines conduit removed from prefs.js ---- ---- Lines conduit modified from prefs.js ---- ---- Lines conduit removed from user.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines Web Search removed from user.js ---- ---- Lines y2layers removed from prefs.js ---- ---- Lines y2layers modified from prefs.js ---- ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "659e6828-8eff-451d-9205-890a3911f71b"); user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube"); ---- Lines CommunityToolbar removed from prefs.js ---- ---- Lines CommunityToolbar modified from prefs.js ---- ---- Lines CommunityToolbar removed from user.js ---- ---- Lines SweetIM removed from prefs.js ---- ---- Lines SweetIM modified from prefs.js ---- ---- Lines SweetIM removed from user.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from user.js ---- ---- Lines {48FB8510-61E8-4DFF-88FD-5FB277118ED9} removed from prefs.js ---- ---- Lines {48FB8510-61E8-4DFF-88FD-5FB277118ED9} modified from prefs.js ---- ---- Lines {48FB8510-61E8-4DFF-88FD-5FB277118ED9} removed from user.js ---- ---- Lines {BA14329E-9550-4989-B3F2-9732E92D17CC} removed from prefs.js ---- ---- Lines {BA14329E-9550-4989-B3F2-9732E92D17CC} modified from prefs.js ---- ---- Lines {BA14329E-9550-4989-B3F2-9732E92D17CC} removed from user.js ---- ---- Lines {87775FDB-6972-41F9-AE51-8326E38CB206} removed from prefs.js ---- ---- Lines {87775FDB-6972-41F9-AE51-8326E38CB206} modified from prefs.js ---- ---- Lines {87775FDB-6972-41F9-AE51-8326E38CB206} removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20130103_0942_.backup prefs_20130103_0942_.backup ProfilePath: C:\Users\Zaak\AppData\Roaming\Mozilla\Firefox\Profiles\jbo3zxfz.default user.js not found ---- Lines incredibar removed from prefs.js ---- ---- Lines incredibar modified from prefs.js ---- ---- Lines CT2504091 removed from prefs.js ---- ---- Lines CT2504091 modified from prefs.js ---- ---- Lines CT2865317 removed from prefs.js ---- ---- Lines CT2865317 modified from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091 removed from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091 modified from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317 removed from prefs.js ---- ---- Lines C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317 modified from prefs.js ---- ---- Lines conduit removed from prefs.js ---- ---- Lines conduit modified from prefs.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines y2layers removed from prefs.js ---- ---- Lines y2layers modified from prefs.js ---- ---- Lines CommunityToolbar removed from prefs.js ---- ---- Lines CommunityToolbar modified from prefs.js ---- ---- Lines SweetIM removed from prefs.js ---- ---- Lines SweetIM modified from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ---- ---- Lines {48FB8510-61E8-4DFF-88FD-5FB277118ED9} removed from prefs.js ---- ---- Lines {48FB8510-61E8-4DFF-88FD-5FB277118ED9} modified from prefs.js ---- ---- Lines {BA14329E-9550-4989-B3F2-9732E92D17CC} removed from prefs.js ---- ---- Lines {BA14329E-9550-4989-B3F2-9732E92D17CC} modified from prefs.js ---- ---- Lines {87775FDB-6972-41F9-AE51-8326E38CB206} removed from prefs.js ---- ---- Lines {87775FDB-6972-41F9-AE51-8326E38CB206} modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20130103_0942_.backup ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\searchplugins\SweetIM Search.xml" deleted "C:\user.js" deleted "C:\END" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\searchplugins\MyStart Search.xml" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\searchplugins\SweetIM Search.xml" deleted "C:\Program Files\1ClickDownload" deleted "C:\Program Files\Conduit" deleted "C:\ProgramData\Tarma Installer" deleted "C:\Users\thuis\AppData\Local\CRE" deleted "C:\Users\thuis\AppData\Local\Conduit" deleted "C:\Users\thuis\AppData\LocalLow\PriceGong" deleted "C:\Users\thuis\AppData\LocalLow\Conduit" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2504091" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\CT2865317" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\conduit" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\conduitCommon" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{48fb8510-61e8-4dff-88fd-5fb277118ed9}" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}" deleted "C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\thuis\AppData\Local\Temp ==== 2013-02-28 13:52:59 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\thuis\AppData\Local\Temp\i4jdel0.exe ====== C:\Windows\system32 ===== 2013-02-15 10:54:18 EED68558AAA106535E7290C9A8E0D5A3 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-15 10:54:18 A9919376933F7E43F93E5DA1FFBEFC9F 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2013-02-15 10:54:17 F8D269134EEC097B7E47C818AF4862A7 176640 ----a-w- C:\Windows\System32\ieui.dll 2013-02-15 10:54:17 CDBFCB9A88E130F1138F80B01C56B680 420864 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-15 10:54:16 CBC39CAD3421AB71966BDD98ABF847E0 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2013-02-15 10:54:16 6E14642F79C2510626BA399F9BCC4DE6 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-15 10:54:16 39511E05F37F0BEF8FA3B85386800BB9 65024 ----a-w- C:\Windows\System32\jsproxy.dll 2013-02-15 10:54:15 C079169E6A07FC4412475C02969EB9CE 1800704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-15 10:54:15 B49B56B64F57699A1A663D2CF7D0A56F 1129472 ----a-w- C:\Windows\System32\wininet.dll 2013-02-15 10:54:15 9352AF851D98380738161620C916A042 231936 ----a-w- C:\Windows\System32\url.dll 2013-02-15 10:54:15 8843B6A1B8E102841B2DFF02805C5CEC 717824 ----a-w- C:\Windows\System32\jscript.dll 2013-02-15 10:54:14 D171EAA745A2C0C583CDDA13D9088EE4 1796096 ----a-w- C:\Windows\System32\iertutil.dll 2013-02-15 10:54:14 BE157C3800DA3010EFC48280ECF81C16 1103872 ----a-w- C:\Windows\System32\urlmon.dll 2013-02-15 10:54:13 C97434C851C4821BD92D2831FDF1ECBE 12321280 ----a-w- C:\Windows\System32\mshtml.dll 2013-02-15 10:54:13 470D8189D7FE9928FFFECBF55AAA3233 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-15 10:54:11 0E816EA3C5DCE94C95099E8B38E75E67 9738240 ----a-w- C:\Windows\System32\ieframe.dll 2013-02-15 10:12:10 E185428925DBC53CE59B2A5CBA64B837 3602808 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2013-02-15 10:12:10 691F1612558BF6B27F952C4B1073B0D1 3550072 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-15 10:12:08 C43DECDAC58C0A43E0376A216590F40A 1314816 ----a-w- C:\Windows\System32\quartz.dll 2013-02-15 10:12:07 1C1F3014453865E805A8708751743A48 2048512 ----a-w- C:\Windows\System32\win32k.sys ====== C:\Windows\system32\drivers ===== 2013-02-15 10:12:08 74E2D020C47BB2B2FCCBA29A518A7EB4 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-02-12 19:17:26 -------- d-----w- C:\Program Files\UBISOFT ======= C: ===== ====== C:\Users\thuis\AppData\Roaming ====== 2013-02-12 19:16:41 -------- d-----w- C:\users\thuis\AppData\Roaming\InstallShield ====== C:\Users\thuis ====== 2013-02-12 19:27:44 -------- d-----w- C:\ProgramData\Horsez - Het geheim van de manege ====== C: exe-files == 2013-02-28 17:01:31 C9340C74368F3BE8F336CD0B19F105DF 7606304 ----a-w- C:\Users\thuis\AppData\Roaming\Azureus\tmp\AZU5345515128914425825.tmp\Vuze_4.9.0.0_win32.exe 2013-02-28 13:52:59 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\thuis\AppData\Local\temp\i4jdel0.exe 2013-02-25 17:55:41 8ED432533260AE1EBD44474F32FD00BD 8004960 ----a-w- C:\Users\thuis\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.97\25.0.1364.97_24.0.1312.57_chrome_updater.exe === C: other files == 2013-02-28 13:53:53 FCAC80903EC6AFE0152D4F46FE2056C6 6852429 ----a-w- C:\Users\thuis\AppData\Local\temp\Vuze_4.9.0.0_win32.zip 2013-02-23 18:23:14 DA8DD67AE33B3A6A1F5F747BAF1B795A 2334560 ----a-w- C:\Users\thuis\Desktop\Sims downloads\paarden\Shetland Pony by X-tina\Shetland Pony by X-tina.zip 2013-02-23 18:16:41 36A4D0ED244F93972A8FB9E82BE819F6 782370 ----a-w- C:\Users\thuis\Desktop\Sims downloads\paarden\allround_saddle\allround_saddle.zip 2013-02-22 16:40:11 AA62D66DDD6D989C7E2B2027A196A846 71003 ----a-w- C:\Users\thuis\Desktop\Sims downloads\paarden\FullLambskinPadOFR\FullLambskinPadOFR.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1503386550-1563833762-866553309-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\thuis\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes' Anti-Malware" "hkey"="HKLM" "command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" ==== Startup Folders ====================== 2009-02-17 21:58:15 1117 ----a-w- C:\users\Zaak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/02/2013 21:52] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/02/2010 11:41] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503386550-1563833762-866553309-1000UA.job --a------ C:\Users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe [16/06/2010 13:43] ==== Firefox Extensions ====================== ProfilePath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default - Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru - Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru - Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} - Fast Search by Surf Canyon - %ProfilePath%\extensions\{75623d5d-4683-402a-b610-ac4bab767c86} - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} - ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi ProfilePath: C:\Users\Zaak\AppData\Roaming\Mozilla\Firefox\Profiles\jbo3zxfz.default - Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} AppDir: C:\Program Files\Mozilla Firefox - Anti-Banner - %AppDir%\extensions\KavAntiBanner@kaspersky.ru_bak - Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru_bak - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default 3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat 9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 81D388824634378A37765FD943FB3144 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 47AFF25B68CE4885FEC6CFDEF8FEBB5C - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll - Java Deployment Toolkit 6.0.290.11 1E96525AE85D402F9F8047F8CAEF5F06 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U29 B9E9FD858DCC51AA47FDFCD0C1E9218C - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox 8AC0E79C7FD3F036C5648FADFC76B785 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.5 3FA1EE8E8EAB2A7FD079B8CB37579F77 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.5 CF93B12EF635644AA6A9E536D4B2DC3F - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.5 9D8C702B1468F936DC9401C68DBBD580 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.5 E995897C4BA2CBA9B88FC1CDE06AE430 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.5 ACDAE3E50E8D66F1608A540A349BCE8C - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.5 F2999A08132FB47593435330D7146994 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.5 AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 47AFF25B68CE4885FEC6CFDEF8FEBB5C - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.290.11 99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\thuis\AppData\Local\Temp\ccex.crx[] dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx[03/05/2012 15:49] dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx[03/05/2012 15:49] jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files\1ClickDownload\1click12.crx[] ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\thuis\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx[20/07/2011 15:31] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\thuis\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[01/11/2012 13:00] ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\thuis\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[] Profile Spy - thuis - Default\Extensions\aliehnpboecfkgefnblgcnegjfnenmoi YouTube - thuis - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - thuis - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky URL Advisor - thuis - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj Virtual Keyboard - thuis - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh 20-20 3D Viewer for IKEA - thuis - Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm Vuze Remote - thuis - Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Gmail - thuis - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Anti-Banner - thuis - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {CD6C25D5-EB83-4615-B05F-0CF6195DAFD6} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\users\thuis\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\thuis\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1503386550-1563833762-866553309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CD6C25D5-EB83-4615-B05F-0CF6195DAFD6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Defraggler.lnk - C:\Program Files\Defraggler\Defraggler.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler\Uninstall Defraggler.lnk - C:\Program Files\Defraggler\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully ==== Empty IE Cache ====================== C:\Users\thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Zaak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Zaak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Zoë\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Zoë\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Zoë\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Zoë\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Zaak\AppData\Local\Mozilla\Firefox\Profiles\jbo3zxfz.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\thuis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\users\thuis\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\thuis\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found