Ga naar inhoud

nieuwe start


Aanbevolen berichten

Zoek.exe Version 4.0.0.2 Updated 25-June-2013

Tool run by julian on di 25-06-2013 at 21:06:24,89.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe

C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Expat Shield\bin\hsswd.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\hasplms.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

D:\dead island\Steam.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Users\julian\AppData\Roaming\WebCake\WebCakeDesktop.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe

C:\Program Files (x86)\Logitech\G930\G930.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\julian\AppData\Local\Temp\Rar$EXa0.437\zoek.exe

C:\Windows\system32\conhost.exe

==== Older Logs ======================

C:\zoek-results23-06-2013-2252.log 5604 bytes

C:\zoek-results25-06-2013-2105.log 373 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F5F8CEF0-2B99-4C75-8BBF-C60A817400ED} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WebCake Desktop Updater deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\prefs.js:

user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=121845&babsrc=HP_ss_gin2g&mntrId=CE9300FF472E1D57");

user_pref("browser.search.defaulturl", "http://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=1511369152&lg=EN&cc=NL&unqvl=18&l=1&q=");

user_pref("browser.newtab.url", "http://www.delta-search.com/?affID=121845&babsrc=NT_ss&mntrId=CE9300FF472E1D57");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Delta Search");

user_pref("browser.search.selectedEngine,S", "WebSearch");

user_pref("browser.search.order.1", "WebSearch");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("keyword.URL", "http://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=1511369152&lg=EN&cc=NL&unqvl=18&l=1&q=");

user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489

---- Lines pc0ho2@zgkjmczm.org removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"pc0ho2@zgkjmczm.org\":{\"version\":\"3.9\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pc0ho2@zgkjmczm.org\"},\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"version\":\"1.0.0.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\RelevantKnowledge\\\\firefox\"}}");

---- Lines pc0ho2@zgkjmczm.org modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\RelevantKnowledge\\\\firefox\",\"mtime\":1370880295318},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\coFFPlgn\",\"mtime\":1371880871910},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\IPSFFPlgn\",\"mtime\":1371882113517}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1364139763909},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1361989143590}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\PriceGong\\\\2.6.4\\\\FF\",\"mtime\":1350112492205}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1369044100000},\"pc0ho2@zgkjmczm.org\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pc0ho2@zgkjmczm.org\",\"mtime\":1371296119823},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1370784052569},\"pricepeep@getpricepeep.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pricepeep@getpricepeep.com.xpi\",\"mtime\":1366211036000}}}]");

---- Lines pc0ho2@zgkjmczm.org removed from user.js ----

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119534&babsrc=NT_ss&mntrId=ce930259000000000000c86000ce59a3");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

---- Lines delta removed from prefs.js ----

user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119534&babsrc=HP_ss&mntrId=ce930259000000000000c86000ce59a3");

user_pref("avg.install.userSPSettings", "Delta Search");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.id", "ce93025900000000000000ff472e1d57");

user_pref("extensions.delta.instlDay", "15865");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.21.5");

user_pref("extensions.delta.vrsni", "1.8.21.5");

user_pref("extensions.delta.vrsnTs", "1.8.21.515:21:03");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=121845");

user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\RelevantKnowledge\\\\firefox\",\"mtime\":1370880295318},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\coFFPlgn\",\"mtime\":1371880871910},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\IPSFFPlgn\",\"mtime\":1371882113517}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1364139763909},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1361989143590}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\PriceGong\\\\2.6.4\\\\FF\",\"mtime\":1350112492205}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1369044100000},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\disabled\",\"mtime\":1371296119823},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1370784052569},\"pricepeep@getpricepeep.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pricepeep@getpricepeep.com.xpi\",\"mtime\":1366211036000}}}]");

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "ce93025900000000000000ff472e1d57");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15865");

user_pref("extensions.delta.vrsn", "1.8.21.5");

user_pref("extensions.delta.vrsni", "1.8.21.5");

user_pref("extensions.delta.vrsnTs", "1.8.21.515:21:03");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta_i.babTrack", "affID=121845");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.srcExt", "ss");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- Lines WebSearch removed from prefs.js ----

---- Lines WebSearch modified from prefs.js ----

---- Lines WebSearch removed from user.js ----

---- Lines search.com removed from prefs.js ----

---- Lines search.com modified from prefs.js ----

---- Lines search.com removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_25-06-2013_2110_.backup

prefs_25-06-2013_2110_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\delta.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\WebSearch.xml" deleted

"C:\Users\julian\Battlefield 2\BF2VoipServer.dll" deleted

"C:\Users\julian\Battlefield 2\BF2VoipServer_w32ded.dll" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml" deleted

"C:\Users\julian\Downloads\SoftonicDownloader_voor_gadwin-printscreen.exe" deleted

"C:\Users\julian\Downloads\SoftonicDownloader_voor_peggle-deluxe.exe" deleted

"C:\Users\julian\Downloads\SoftonicDownloader_voor_vlc-media-player.exe" deleted

"C:\Users\julian\update-bf2.bat" deleted

"C:\windows\SysNative\dmwu.exe" deleted

"C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted

"C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\windows\SysNative\Tasks\Express FilesUpdate" deleted

"C:\windows\SysNative\Tasks\EPUpdater" deleted

"C:\END" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\babylon.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\askcom.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\WebSearch.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\bProtector_extensions.sqlite" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\bprotector_prefs.js" deleted

"C:\Users\julian\Desktop\Oude Firefox-gegevens\ilividtoolbarguid\search\ilividtoolbarguid-search-history.xml" deleted

"C:\Users\julian\AppData\Roaming\WebCake\WebCakeDesktop.exe" deleted

"C:\Program Files (x86)\TornTV.com" deleted

"C:\ProgramData\cOOntiNuetaosave" deleted

"C:\Program Files (x86)\SearchAmong Toolbar" deleted

"C:\Program Files (x86)\Delta" deleted

"C:\Program Files (x86)\smartdl" deleted

"C:\Program Files (x86)\Search Results Toolbar" deleted

"C:\Program Files (x86)\Babylon" deleted

"C:\Program Files (x86)\WebSearch" deleted

"C:\Program Files (x86)\WebCake" deleted

"C:\Program Files (x86)\PriceGong" deleted

"C:\Program Files (x86)\PricePeep" deleted

"C:\Program Files (x86)\BittorrentBar_NL" deleted

"C:\Program Files (x86)\ContinueToSave" deleted

"C:\Program Files (x86)\OApps" deleted

"C:\Program Files (x86)\Gophoto.it" deleted

"C:\Program Files (x86)\Wajam" deleted

"C:\Program Files (x86)\SweetIM" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\Users\julian\AppData\Roaming\ExpressFiles" deleted

"C:\Users\julian\AppData\Roaming\WebCake" deleted

"C:\Users\julian\AppData\Roaming\BabSolution" deleted

"C:\Users\julian\AppData\Roaming\Babylon" deleted

"C:\Users\julian\AppData\Roaming\Delta" deleted

"C:\ProgramData\Ask" deleted

"C:\ProgramData\StarApp" deleted

"C:\ProgramData\BrowserDefender" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\SweetIM" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Babylon" deleted

"C:\ProgramData\Trymedia" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiNuetaosave" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchAmong Toolbar" deleted

"C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam" deleted

"C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" deleted

"C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com" deleted

"C:\Users\julian\AppData\Local\Ilivid Player" deleted

"C:\Users\julian\AppData\Local\CRE" deleted

"C:\Users\julian\AppData\Local\Wajam" deleted

"C:\Users\julian\AppData\Local\Conduit" deleted

"C:\Users\julian\AppData\LocalLow\searchresultstb" deleted

"C:\Users\julian\AppData\LocalLow\BittorrentBar_NL" deleted

"C:\Users\julian\AppData\LocalLow\Delta" deleted

"C:\Users\julian\AppData\LocalLow\DataMngr" deleted

"C:\Users\julian\AppData\LocalLow\PriceGong" deleted

"C:\Users\julian\AppData\LocalLow\searchquband" deleted

"C:\Users\julian\AppData\LocalLow\Conduit" deleted

"C:\Windows\Syswow64\jmdp" deleted

"C:\Windows\Syswow64\ARFC" deleted

"C:\Windows\Syswow64\WNLT" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\extensions\pc0ho2@zgkjmczm.org" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\extensions\ffxtlbr@delta.com" deleted

- - - Updated - - -

dit was de verkeerde sorry hier is een nieuwe

Zoek.exe Version 4.0.0.2 Updated 25-June-2013

Tool run by julian on di 25-06-2013 at 21:06:24,89.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe

C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Expat Shield\bin\hsswd.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\hasplms.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

D:\dead island\Steam.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Users\julian\AppData\Roaming\WebCake\WebCakeDesktop.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe

C:\Program Files (x86)\Logitech\G930\G930.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\julian\AppData\Local\Temp\Rar$EXa0.437\zoek.exe

C:\Windows\system32\conhost.exe

==== Older Logs ======================

C:\zoek-results23-06-2013-2252.log 5604 bytes

C:\zoek-results25-06-2013-2105.log 373 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F5F8CEF0-2B99-4C75-8BBF-C60A817400ED} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WebCake Desktop Updater deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\prefs.js:

user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=121845&babsrc=HP_ss_gin2g&mntrId=CE9300FF472E1D57");

user_pref("browser.search.defaulturl", "http://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=1511369152&lg=EN&cc=NL&unqvl=18&l=1&q=");

user_pref("browser.newtab.url", "http://www.delta-search.com/?affID=121845&babsrc=NT_ss&mntrId=CE9300FF472E1D57");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Delta Search");

user_pref("browser.search.selectedEngine,S", "WebSearch");

user_pref("browser.search.order.1", "WebSearch");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("keyword.URL", "http://websearch.a-searchpage.info/?pid=658&r=2013/05/31&hid=1511369152&lg=EN&cc=NL&unqvl=18&l=1&q=");

user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489

---- Lines pc0ho2@zgkjmczm.org removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"pc0ho2@zgkjmczm.org\":{\"version\":\"3.9\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pc0ho2@zgkjmczm.org\"},\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"version\":\"1.0.0.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\RelevantKnowledge\\\\firefox\"}}");

---- Lines pc0ho2@zgkjmczm.org modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\RelevantKnowledge\\\\firefox\",\"mtime\":1370880295318},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\coFFPlgn\",\"mtime\":1371880871910},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\IPSFFPlgn\",\"mtime\":1371882113517}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1364139763909},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1361989143590}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\PriceGong\\\\2.6.4\\\\FF\",\"mtime\":1350112492205}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1369044100000},\"pc0ho2@zgkjmczm.org\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pc0ho2@zgkjmczm.org\",\"mtime\":1371296119823},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1370784052569},\"pricepeep@getpricepeep.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pricepeep@getpricepeep.com.xpi\",\"mtime\":1366211036000}}}]");

---- Lines pc0ho2@zgkjmczm.org removed from user.js ----

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119534&babsrc=NT_ss&mntrId=ce930259000000000000c86000ce59a3");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

---- Lines delta removed from prefs.js ----

user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119534&babsrc=HP_ss&mntrId=ce930259000000000000c86000ce59a3");

user_pref("avg.install.userSPSettings", "Delta Search");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.id", "ce93025900000000000000ff472e1d57");

user_pref("extensions.delta.instlDay", "15865");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.21.5");

user_pref("extensions.delta.vrsni", "1.8.21.5");

user_pref("extensions.delta.vrsnTs", "1.8.21.515:21:03");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=121845");

user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\RelevantKnowledge\\\\firefox\",\"mtime\":1370880295318},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\coFFPlgn\",\"mtime\":1371880871910},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_20.1.0.24\\\\IPSFFPlgn\",\"mtime\":1371882113517}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1364139763909},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1361989143590}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\PriceGong\\\\2.6.4\\\\FF\",\"mtime\":1350112492205}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1369044100000},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\disabled\",\"mtime\":1371296119823},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1370784052569},\"pricepeep@getpricepeep.com\":{\"descriptor\":\"C:\\\\Users\\\\julian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\z2sg51zl.default-1355409544489\\\\extensions\\\\pricepeep@getpricepeep.com.xpi\",\"mtime\":1366211036000}}}]");

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "ce93025900000000000000ff472e1d57");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15865");

user_pref("extensions.delta.vrsn", "1.8.21.5");

user_pref("extensions.delta.vrsni", "1.8.21.5");

user_pref("extensions.delta.vrsnTs", "1.8.21.515:21:03");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta_i.babTrack", "affID=121845");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.srcExt", "ss");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- Lines WebSearch removed from prefs.js ----

---- Lines WebSearch modified from prefs.js ----

---- Lines WebSearch removed from user.js ----

---- Lines search.com removed from prefs.js ----

---- Lines search.com modified from prefs.js ----

---- Lines search.com removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_25-06-2013_2110_.backup

prefs_25-06-2013_2110_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\delta.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\WebSearch.xml" deleted

"C:\Users\julian\Battlefield 2\BF2VoipServer.dll" deleted

"C:\Users\julian\Battlefield 2\BF2VoipServer_w32ded.dll" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml" deleted

"C:\Users\julian\Downloads\SoftonicDownloader_voor_gadwin-printscreen.exe" deleted

"C:\Users\julian\Downloads\SoftonicDownloader_voor_peggle-deluxe.exe" deleted

"C:\Users\julian\Downloads\SoftonicDownloader_voor_vlc-media-player.exe" deleted

"C:\Users\julian\update-bf2.bat" deleted

"C:\windows\SysNative\dmwu.exe" deleted

"C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted

"C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\windows\SysNative\Tasks\Express FilesUpdate" deleted

"C:\windows\SysNative\Tasks\EPUpdater" deleted

"C:\END" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\babylon.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\askcom.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\searchplugins\WebSearch.xml" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\bProtector_extensions.sqlite" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\bprotector_prefs.js" deleted

"C:\Users\julian\Desktop\Oude Firefox-gegevens\ilividtoolbarguid\search\ilividtoolbarguid-search-history.xml" deleted

"C:\Users\julian\AppData\Roaming\WebCake\WebCakeDesktop.exe" deleted

"C:\Program Files (x86)\TornTV.com" deleted

"C:\ProgramData\cOOntiNuetaosave" deleted

"C:\Program Files (x86)\SearchAmong Toolbar" deleted

"C:\Program Files (x86)\Delta" deleted

"C:\Program Files (x86)\smartdl" deleted

"C:\Program Files (x86)\Search Results Toolbar" deleted

"C:\Program Files (x86)\Babylon" deleted

"C:\Program Files (x86)\WebSearch" deleted

"C:\Program Files (x86)\WebCake" deleted

"C:\Program Files (x86)\PriceGong" deleted

"C:\Program Files (x86)\PricePeep" deleted

"C:\Program Files (x86)\BittorrentBar_NL" deleted

"C:\Program Files (x86)\ContinueToSave" deleted

"C:\Program Files (x86)\OApps" deleted

"C:\Program Files (x86)\Gophoto.it" deleted

"C:\Program Files (x86)\Wajam" deleted

"C:\Program Files (x86)\SweetIM" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\Users\julian\AppData\Roaming\ExpressFiles" deleted

"C:\Users\julian\AppData\Roaming\WebCake" deleted

"C:\Users\julian\AppData\Roaming\BabSolution" deleted

"C:\Users\julian\AppData\Roaming\Babylon" deleted

"C:\Users\julian\AppData\Roaming\Delta" deleted

"C:\ProgramData\Ask" deleted

"C:\ProgramData\StarApp" deleted

"C:\ProgramData\BrowserDefender" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\SweetIM" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Babylon" deleted

"C:\ProgramData\Trymedia" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiNuetaosave" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchAmong Toolbar" deleted

"C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam" deleted

"C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" deleted

"C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com" deleted

"C:\Users\julian\AppData\Local\Ilivid Player" deleted

"C:\Users\julian\AppData\Local\CRE" deleted

"C:\Users\julian\AppData\Local\Wajam" deleted

"C:\Users\julian\AppData\Local\Conduit" deleted

"C:\Users\julian\AppData\LocalLow\searchresultstb" deleted

"C:\Users\julian\AppData\LocalLow\BittorrentBar_NL" deleted

"C:\Users\julian\AppData\LocalLow\Delta" deleted

"C:\Users\julian\AppData\LocalLow\DataMngr" deleted

"C:\Users\julian\AppData\LocalLow\PriceGong" deleted

"C:\Users\julian\AppData\LocalLow\searchquband" deleted

"C:\Users\julian\AppData\LocalLow\Conduit" deleted

"C:\Windows\Syswow64\jmdp" deleted

"C:\Windows\Syswow64\ARFC" deleted

"C:\Windows\Syswow64\WNLT" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\extensions\pc0ho2@zgkjmczm.org" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\extensions\ffxtlbr@delta.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\julian\AppData\Local\Temp ====

2013-06-22 13:20:15 06D5E5E952C61923C9D24C83E7FE1F45 22937227 ----a-w- C:\Users\julian\AppData\Local\Temp\vlc-2.0.7-win32.exe

2013-06-22 01:58:27 B1957B038895642DF9F662326E7D4DDC 903080 ----a-w- C:\Users\julian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

2013-06-15 18:05:19 F10E9620F1D0EDEC56C0C1E1790CEAB9 31668328 ----a-w- C:\Users\julian\AppData\Local\Temp\SkypeSetup.exe

====== C:\Windows\SysWOW64 =====

2013-06-22 06:06:50 351D111CD5C5479946EB724DBBB1275E 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-14 16:57:52 F2ABFA6DFA985C9CF581B2F544AE47E7 234536 ----a-w- C:\Windows\SysWOW64\PnkBstrB.xtr

2013-06-14 16:55:50 F2ABFA6DFA985C9CF581B2F544AE47E7 234536 ----a-w- C:\Windows\SysWOW64\PnkBstrB.exe

2013-06-14 16:55:50 D90E8EC1E5F0A7C95DEEEED776864231 282296 ----a-w- C:\Windows\SysWOW64\PnkBstrB.ex0

2013-06-14 16:55:49 205E1B699FD3F2F9B036EEA2EC30C620 76888 ----a-w- C:\Windows\SysWOW64\PnkBstrA.exe

2013-06-13 01:01:34 756D0A65C1FB5528DBD04A44F773E608 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-06-13 01:01:34 56DF028F2EE4A2C2972E06907815C822 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2013-06-13 01:01:34 43697D7CDAEAE3EBBADE2C05107418FF 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2013-06-13 01:01:33 DBA747919344CD1353F8107134A20D62 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2013-06-13 01:01:33 C2CDBB424CF2461199322D6825F7B426 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-06-13 01:01:33 A1400CCB4D99E0B9E76EB45782D5C7FC 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-06-13 01:01:33 977176C4A8F4039F17F9BA939AA857A0 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-06-13 01:01:33 84C8AFD609A3DE18F40AA64CDEB40194 231936 ----a-w- C:\Windows\SysWOW64\url.dll

2013-06-13 01:01:33 71D8D1FD4989932674CD1F5743191286 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-06-13 01:01:33 6A25377A76479A0C0BF3DB6FC42FE09A 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-06-13 01:01:32 B49CEF589D47D9D3F602E118B1F5F3B5 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-06-13 01:01:32 A6F5B25905CD01AE714990E02C7205A5 12329984 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-06-13 01:01:32 6057AA7FDF03309A18FAE4E9FCFE7D8F 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-06-13 01:01:32 57E68AE0BCEB0F70C8AA1C4A6D5C2050 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-06-13 01:01:32 45194B4B2280B7745AC6C483C32385A8 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-06-13 01:01:30 B81388E9FE895065FD5CEAF3C11FDC3F 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-06-12 10:15:22 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\SysWOW64\win32spl.dll

2013-06-12 10:15:22 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\SysWOW64\cryptdlg.dll

2013-06-12 10:15:21 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-12 10:15:20 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\SysWOW64\certenc.dll

2013-06-12 10:15:20 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\SysWOW64\crypt32.dll

2013-06-12 10:15:20 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll

2013-06-12 10:15:20 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\SysWOW64\d3d11.dll

2013-06-12 10:15:20 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll

2013-06-12 10:15:20 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe

====== C:\Windows\SysWOW64\drivers =====

2013-06-22 06:26:11 1ED08A6264C5C92099D6D1DAE5E8F530 21712 ----a-w- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS

====== C:\Windows\Sysnative =====

2013-06-13 01:01:34 5239CFF7EA2207665E387AA0BAAA50C4 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-06-13 01:01:34 47DA92AB70D910D018B11FA86A7808E4 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2013-06-13 01:01:33 F7737C8F19ED1525B171ED4BA3F5EEC0 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-06-13 01:01:33 B7AB4EDBAC1DD6680DE7E3E2A82B31F9 237056 ----a-w- C:\Windows\Sysnative\url.dll

2013-06-13 01:01:33 AB32F17AAC815660530F50E688234DAA 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-06-13 01:01:33 9F7E78EE2A213023AC5CF20FFFF66575 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2013-06-13 01:01:33 6542163C675E19A1F1A638734662F0AA 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-06-13 01:01:33 4FBE96D97A1E070A06F76F67255C756D 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-06-13 01:01:33 43BBAF4696BF995143EA57DC304CC05B 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2013-06-13 01:01:33 043A615B2E8C15AEA6BC5709ED140D80 248320 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-06-13 01:01:32 DE3DC975F1A9F82BAB9812A272018810 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-06-13 01:01:32 92C534EAD395871614F5A0A556139033 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-06-13 01:01:32 3360345F0084EE8405E6C60B4D9CD7F7 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll

2013-06-13 01:01:32 0C4C70A05734A684B0183C1B68DAE881 816640 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-06-13 01:01:31 A820869140978CCAF33CF7770EEE19F5 17824768 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-06-13 01:01:31 64A3B1E55FBB7E36AE856FD1A8A4E00C 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-06-12 10:15:22 C06FAAF13E37CE482F612AFF2D2331F3 30720 ----a-w- C:\Windows\Sysnative\cryptdlg.dll

2013-06-12 10:15:22 67CF11E00D026A5C0C88EA5F84D501E5 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll

2013-06-12 10:15:21 3D7BB6DD7A87B3E36E44CA94444247A8 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll

2013-06-12 10:15:20 D8129C49798CBBFB2E4351D4B7B8EF9C 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll

2013-06-12 10:15:20 A96D5ECA5742603E0E345C4F6B801F5E 1464320 ----a-w- C:\Windows\Sysnative\crypt32.dll

2013-06-12 10:15:20 4C92EB7535CAA1681A77D928FBF9771F 1887232 ----a-w- C:\Windows\Sysnative\d3d11.dll

2013-06-12 10:15:20 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\Sysnative\certutil.exe

2013-06-12 10:15:20 2C4C22EA1735F21F355EB1A39832F7DF 139776 ----a-w- C:\Windows\Sysnative\cryptnet.dll

2013-06-12 10:15:20 189B0BAE1B0EDD51CEF1CD3F4CDEE02E 52224 ----a-w- C:\Windows\Sysnative\certenc.dll

====== C:\Windows\Sysnative\drivers =====

2013-06-23 20:15:42 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-06-17 18:03:13 F19E5E37ED8134B9E5F6287F2D3A75D7 177312 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS

2013-06-17 18:03:13 9D9C047446821A064AE1A5C4AED636FA 854 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF

2013-06-17 18:03:13 3DA43F1C05B62945A33EC3153327EE77 7631 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT

2013-06-12 10:15:22 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-06-04 23:09:44 454451A6A699C07040F406E44C457A50 11833856 ----a-w- C:\Windows\Sysnative\drivers\atikmdag.sys

2013-06-04 21:35:04 61FBDA851233587CE9C9B7020146359E 608768 ----a-w- C:\Windows\Sysnative\drivers\atikmpag.sys

2013-06-04 21:31:40 DBBDAF523A78C79FE98F1C10F77DD6FE 43520 ----a-w- C:\Windows\Sysnative\drivers\ati2erec.dll

====== C:\Windows\Tasks ======

2013-06-14 18:31:42 3B249AF8802523242BD25DFB4F2B81EC 3380 ----a-w- C:\Windows\Sysnative\Tasks\{3EFAA257-95C3-4ABC-A74A-F3514B5A6B08}

2013-06-10 16:25:05 577B2B0FD2EC46B45E501B239D77AFBA 2964 ----a-w- C:\Windows\Sysnative\Tasks\{B0293800-DF23-472A-A108-6EC4906342CE}

2013-06-08 10:17:33 8BD7E11BC3152AC20249E5E992478891 3104 ----a-w- C:\Windows\Sysnative\Tasks\{02D9861F-4892-49B6-959D-D1818889C73F}

2013-06-07 14:17:13 3467D0CE30F41EFF277824952F96D12F 3144 ----a-w- C:\Windows\Sysnative\Tasks\{F13B5C83-4367-4944-B256-D3D004BB4F7E}

2013-06-06 18:02:10 06257C6A2403709D98F141F6E7C04514 2956 ----a-w- C:\Windows\Sysnative\Tasks\{5D4E1B59-06CF-4374-8EFE-7D5FC482D592}

2013-06-06 18:01:13 06257C6A2403709D98F141F6E7C04514 2956 ----a-w- C:\Windows\Sysnative\Tasks\{83A96BC4-1DE2-4C38-9E48-C4243152416B}

2013-06-02 07:50:30 7419738B2F41DCF522A329F241C19597 3044 ----a-w- C:\Windows\Sysnative\Tasks\{A0CAF408-DF20-410F-B641-76B0FED8F827}

2013-06-01 15:07:10 7419738B2F41DCF522A329F241C19597 3044 ----a-w- C:\Windows\Sysnative\Tasks\{1C415C97-203F-4C70-8D38-644F068AEAF4}

2013-06-01 11:07:04 7419738B2F41DCF522A329F241C19597 3044 ----a-w- C:\Windows\Sysnative\Tasks\{029673D1-7AD4-4F1E-A4B9-EF9ACE288557}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

2013-06-23 15:42:04 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-06-22 06:24:29 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2013-06-18 15:21:41 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-06-14 16:51:53 -------- d-----w- C:\Program Files (x86)\EA Games

2013-06-13 14:10:01 -------- d-----w- C:\Program Files (x86)\ElcomSoft

2013-06-09 13:21:44 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-06-06 16:52:42 -------- d-----w- C:\Program Files (x86)\BFG

======= C: =====

====== C:\Users\julian\AppData\Roaming ======

2013-06-22 06:26:11 -------- d-----w- C:\users\julian\AppData\Local\eSupport.com

2013-06-15 12:24:35 -------- d-----w- C:\users\julian\AppData\Roaming\.minecraft

2013-06-13 14:09:04 -------- d-----w- C:\users\julian\AppData\Local\Programs

2013-06-09 13:56:25 -------- d-----w- C:\users\julian\AppData\Roaming\LolClient

2013-06-09 13:21:49 -------- d-----w- C:\users\julian\AppData\Local\PMB Files

2013-06-09 13:20:51 -------- d-----w- C:\users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX

2013-06-08 11:38:34 -------- d-----w- C:\users\julian\AppData\Roaming\dvdcss

2013-06-01 11:07:09 -------- d-----w- C:\users\julian\AppData\Roaming\Sony Online Entertainment

2013-05-31 22:18:58 9BF6B8D9E3A59750CC16CAA24E346074 20480000 ----a-w- C:\users\julian\AppData\Locallow\store-pp.jbs

2013-05-28 18:15:33 -------- d-----w- C:\users\julian\AppData\Locallow\Sony Online Entertainment

2013-05-28 18:15:33 -------- d-----w- C:\users\julian\AppData\Local\SCE

====== C:\Users\julian ======

2013-06-23 20:15:24 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\julian\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-22 13:20:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2013-06-22 06:26:22 35AE5FA5E91E644A2405301A667D58B0 41472 ----a-w- C:\Users\julian\Downloads\launcher64.dll

2013-06-22 06:26:07 139E26F4B1497C4F870111FDF275CF7E 627784 ----a-w- C:\Users\julian\Downloads\driveragent-987.exe

2013-06-18 15:23:00 -------- d-----w- C:\ProgramData\ATI

2013-06-18 15:21:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2013-06-18 15:20:29 -------- d-----w- C:\ProgramData\Package Cache

2013-06-18 15:18:57 1A6772E132C09D940F6C2717F061DF22 1684592 ----a-w- C:\Users\julian\Downloads\AMD_Catalyst_13.5_CAP1.05212013.exe

2013-06-18 15:17:31 FCFDF043FEF6F94F1A945D04DAF74D79 187682976 ----a-w- C:\Users\julian\Downloads\AMD_Catalyst_13.6_Beta2.exe

2013-06-18 15:12:28 D1B49918236FDCA8388F15E471608E79 141110624 ----a-w- C:\Users\julian\Downloads\13-4_win7_win8_64_dd_ccc_whql.exe

2013-06-17 18:00:42 F8EC08D5771C22CA55C7AE136EA77EEA 153633520 ----a-w- C:\Users\julian\Downloads\NIS_20.1.0.24_SYMTB_PROMO_4_MRFTT_373_7607_NL1.exe

2013-06-15 12:24:32 B63CCB43F2779CBEA5D8D3CE2E3D90FB 263186 ----a-w- C:\Users\julian\Desktop\Minecraft.exe

2013-06-15 12:24:23 A67016DD1020895185C81774C4950764 2542151 ----a-w- C:\Users\julian\Downloads\Minecraft_Server.exe

2013-06-14 18:31:20 DC97F872AE2D94C95B49F007A9486EF9 3174 ----a-w- C:\Users\julian\bf2reg.reg

2013-06-14 18:31:20 C57374648823A8E9730AAB7C372C30FD 3186 ----a-w- C:\Users\julian\update-bf2.html

2013-06-14 18:31:20 B4EF39939007A555F23829824C021E35 1036288 ----a-w- C:\Users\julian\Battlefield 2\SwiffPlayer.dll

2013-06-14 18:31:20 A7103908C2AA35FB6BBD7D8224E4AADB 98304 ----a-w- C:\Users\julian\Battlefield 2\zlib122.dll

2013-06-14 18:31:20 122DAE458F40E8328D62F63F8602E6A5 97792 ----a-w- C:\Users\julian\Battlefield 2\key-generator.exe

2013-06-14 18:31:20 1132A012CB6188A309824EF9153CB268 270336 ----a-w- C:\Users\julian\Battlefield 2\TextureAtlasBuilder.dll

2013-06-14 18:31:12 E383AEF908C4CDABCBC96C6720A10F68 3584 ----a-w- C:\Users\julian\Battlefield 2\SD0412.dll

2013-06-14 18:31:12 C26EBA8592F0C005CAB4C04C3E065EFE 4608 ----a-w- C:\Users\julian\Battlefield 2\SD040e.dll

2013-06-14 18:31:12 B646200A2AC124DF4F07B4F415DE7121 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0414.dll

2013-06-14 18:31:12 AAF43741C3E1504F8D1498D366F9F4FA 2555392 ----a-w- C:\Users\julian\Battlefield 2\RendDX9.dll

2013-06-14 18:31:12 A6172E91D5C0D36C95D5B6ABBDEC47F5 4096 ----a-w- C:\Users\julian\Battlefield 2\SD041d.dll

2013-06-14 18:31:12 A31F77FE2D953B88C766C67222042CD3 5120 ----a-w- C:\Users\julian\Battlefield 2\SD040c.dll

2013-06-14 18:31:12 9A437A56A6E9137D6E95A2B2A9FFDDA4 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0410.dll

2013-06-14 18:31:12 8472382414C51DC1B354050ED42D3C76 77824 ----a-w- C:\Users\julian\Battlefield 2\PCRegExp.dll

2013-06-14 18:31:12 7AB0DF1C88444DA4B3FA7E61DAC98E6C 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0809.dll

2013-06-14 18:31:12 7038E50AC41CAFE317798F2765C984B6 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0416.dll

2013-06-14 18:31:12 6EB704E488FCB2BC0EA59D17D16D7352 4608 ----a-w- C:\Users\julian\Battlefield 2\SD041e.dll

2013-06-14 18:31:12 6A2E0F32C2366A79F7AF546F89DCF9DD 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0c0a.dll

2013-06-14 18:31:12 670224330A0AB969855032A39E500E95 5120 ----a-w- C:\Users\julian\Battlefield 2\SD0407.dll

2013-06-14 18:31:12 586B1C086848B93B5E258F4C8A132CF4 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0415.dll

2013-06-14 18:31:12 39AA404E2B16ED616CBE1CC5FF5509C6 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0816.dll

2013-06-14 18:31:12 2E0DD34F0B2EAF3D6E3CFAAABC5DC667 3072 ----a-w- C:\Users\julian\Battlefield 2\SD0804.dll

2013-06-14 18:31:12 2D533E1654920B95942E3018DA17AB41 2115072 ----a-w- C:\Users\julian\Battlefield 2\RendDX9x2.dll

2013-06-14 18:31:12 2CCCAF4B2D70CF7D85248BF0A30A9A2E 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0405.dll

2013-06-14 18:31:12 225761FEE6F67D2BD61F26A10C8EAD73 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0413.dll

2013-06-14 18:31:12 1ED52CE1821F4685C4808DBA0A823070 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0409.dll

2013-06-14 18:31:12 184FF00B0B815FC05736835496DD1A4B 4608 ----a-w- C:\Users\julian\Battlefield 2\SD0406.dll

2013-06-14 18:31:12 155B4566C3F529181EBA89B7F9CEDDB2 3584 ----a-w- C:\Users\julian\Battlefield 2\SD0411.dll

2013-06-14 18:31:12 0DB52597CE44BB1277827170155BD28C 3072 ----a-w- C:\Users\julian\Battlefield 2\SD0404.dll

2013-06-14 18:31:12 0789F4DBF08AD534479CED9F1D0B0A54 4608 ----a-w- C:\Users\julian\Battlefield 2\SD040b.dll

2013-06-14 18:31:11 D04F7AACA2319A3BCDB2C5D5DD6F6026 487424 ----a-w- C:\Users\julian\Battlefield 2\msvcp70.dll

2013-06-14 18:31:11 CA3A59D92F479A17E5CA6A0E13896846 54784 ----a-w- C:\Users\julian\Battlefield 2\msvci70.dll

2013-06-14 18:31:11 B90BEC0DF65B91840916C6F03905E80A 226304 ----a-w- C:\Users\julian\Battlefield 2\NovintHFX.dll

2013-06-14 18:31:11 9972A6ED4F2388DBFA8E0A96F6F3FDF1 344064 ----a-w- C:\Users\julian\Battlefield 2\msvcr70.dll

2013-06-14 18:31:11 86F1895AE8C5E8B17D99ECE768A70732 348160 ----a-w- C:\Users\julian\Battlefield 2\msvcr71.dll

2013-06-14 18:31:11 561FA2ABB31DFA8FAB762145F81667C2 499712 ----a-w- C:\Users\julian\Battlefield 2\msvcp71.dll

2013-06-14 18:30:12 F35A584E947A5B401FEB0FE01DB4A0D7 1060864 ----a-w- C:\Users\julian\Battlefield 2\MFC71.dll

2013-06-14 18:30:12 E58A20C9E7B342D5CA1F5BA75F1D1108 358963 ----a-w- C:\Users\julian\Battlefield 2\binkw32.dll

2013-06-14 18:30:12 DF5D05D4322A2442C4F58D244555C77A 894464 ----a-w- C:\Users\julian\Battlefield 2\dbghelp.dll

2013-06-14 18:30:12 D7CE65481FBCBE30B6BEE9A5F06EED76 49152 ----a-r- C:\Users\julian\Battlefield 2\FireWallDLL.dll

2013-06-14 18:30:12 BC831661963763AC4D504C5CABB1FDD9 2222800 ----a-w- C:\Users\julian\Battlefield 2\d3dx9_24.dll

2013-06-14 18:30:12 B5EC891A8B9C562336AA375E148F681D 3584 ----a-w- C:\Users\julian\Battlefield 2\CoreDLL.dll

2013-06-14 18:30:12 AE3844CDED71D93206F594C14AB156B6 307200 ----a-w- C:\Users\julian\Battlefield 2\BF2Audio.dll

2013-06-14 18:30:12 A9A3E14F8547E6A7904FBD0DF0C924D9 1581056 ----a-w- C:\Users\julian\Battlefield 2\dice_py.dll

2013-06-14 18:30:12 A3E30D7D91AE7002E61F251CA038E620 40960 ----a-w- C:\Users\julian\Battlefield 2\Memory_w32ded.dll

2013-06-14 18:30:12 9FFB15934631863E82F1EF75128E519E 1052672 ----a-w- C:\Users\julian\Battlefield 2\BFMFC.DLL

2013-06-14 18:30:12 9C24ED831DDFA8319382B2BFD9691AA9 413696 ----a-w- C:\Users\julian\Battlefield 2\BF2OpenAL.dll

2013-06-14 18:30:12 972D2128C77939F09E97943DAA2341A0 1255853 ----a-w- C:\Users\julian\Battlefield 2\DIAG.EXE

2013-06-14 18:30:12 95967D5480D4D12C4705F4B61380046D 1507328 ----a-w- C:\Users\julian\Battlefield 2\AIDLL.dll

2013-06-14 18:30:12 90E3FEBE17E21ABA348B32964446988D 196608 ----a-w- C:\Users\julian\Battlefield 2\BF2VoipServer.exe

2013-06-14 18:30:12 8DD2A9D25EEE18BF295EF796CBD1562C 9216 ----a-w- C:\Users\julian\Battlefield 2\ihdl.dll

2013-06-14 18:30:12 7E42D1506087B227AC048864F5743C67 2977792 ----a-w- C:\Users\julian\Battlefield 2\AIDLL_w32ded.dll

2013-06-14 18:30:12 7D72BA67C8AB5A616473709476DB4661 40960 ----a-w- C:\Users\julian\Battlefield 2\Memory.dll

2013-06-14 18:30:12 694D388DF50BE1E370713C59003126A4 196608 ----a-w- C:\Users\julian\Battlefield 2\BF2VoiceSetup.exe

2013-06-14 18:30:12 5B48FE9D6686F0D54B26A005ACE24D1D 2337488 ----a-w- C:\Users\julian\Battlefield 2\d3dx9_25.dll

2013-06-14 18:30:12 4C8BE829901194FE5EA4CC6EC39FBB19 618496 ----a-w- C:\Users\julian\Battlefield 2\BF2VoipServer_w32ded.exe

2013-06-14 18:30:12 4C843DCEE79388341F72C3A7ADB1ACE6 6556160 ----a-w- C:\Users\julian\Battlefield 2\BF2.exe

2013-06-14 18:30:12 2A00CF875D2B046FA8B655F747097B48 4980736 ----a-w- C:\Users\julian\Battlefield 2\bf2_w32ded.exe

2013-06-14 18:30:12 09AEF167EB1531E965053D0DCF6CC573 974848 ----a-w- C:\Users\julian\Battlefield 2\mfc70.dll

2013-06-14 18:30:12 -------- d-----w- C:\Users\julian\Battlefield 2

2013-06-10 17:22:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1

2013-06-09 13:21:49 -------- d-----w- C:\ProgramData\PMB Files

2013-06-09 13:21:20 -------- d-----w- C:\Users\julian\.swt

2013-06-09 13:20:51 -------- d-----w- C:\Users\julian\Qtrax

2013-06-06 16:53:53 -------- d-----w- C:\ProgramData\Big Fish Games

2013-06-02 18:05:09 -------- d-----w- C:\ProgramData\YTD Video Downloader

2013-05-31 20:29:52 -------- d-sh--w- C:\ProgramData\Realtek0

2013-05-28 18:15:09 -------- d-----w- C:\Users\Public\Sony Online Entertainment

====== C: exe-files ==

2013-06-23 20:15:24 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\julian\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-23 16:07:16 A9ADBB9CF5EB800CA3D3A7D08136269A 69784 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\wajam_updateCAB9T4TH.exe

2013-06-22 16:07:14 A9ADBB9CF5EB800CA3D3A7D08136269A 69784 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\wajam_updateCASTJ157.exe

2013-06-22 13:20:15 06D5E5E952C61923C9D24C83E7FE1F45 22937227 ----a-w- C:\Users\julian\AppData\Local\Temp\vlc-2.0.7-win32.exe

2013-06-22 06:26:07 139E26F4B1497C4F870111FDF275CF7E 627784 ----a-w- C:\Users\julian\Downloads\driveragent-987.exe

2013-06-22 01:58:27 B1957B038895642DF9F662326E7D4DDC 903080 ----a-w- C:\Users\julian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

2013-06-21 16:07:14 A9ADBB9CF5EB800CA3D3A7D08136269A 69784 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_updateCAKVK61B.exe

2013-06-20 18:00:47 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe

2013-06-20 16:07:13 A9ADBB9CF5EB800CA3D3A7D08136269A 69784 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\wajam_updateCA99GL3Q.exe

2013-06-19 16:07:01 A9ADBB9CF5EB800CA3D3A7D08136269A 69784 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\wajam_updateCARN1WV2.exe

=== C: other files ==

2013-06-23 20:15:42 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-22 06:32:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\julian\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\index\res2.windows.microsoft.com

2013-06-22 06:26:11 1ED08A6264C5C92099D6D1DAE5E8F530 21712 ----a-w- C:\Windows\Temp\DriverAgent\DrvAgent64.sys

2013-06-22 06:26:11 1ED08A6264C5C92099D6D1DAE5E8F530 21712 ----a-w- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS

==== Firefox Extensions ======================

ProfilePath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489

- WebCake - %ProfilePath%\extensions\plugin@getwebcake.com

- PricePeep - %ProfilePath%\extensions\pricepeep@getpricepeep.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Expat Shield Helper Please allow this installation - %AppDir%\extensions\afurladvisor@anchorfree.com

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

8F0B95B3AC17DAE9E138E7BBE2429B6C - C:\Users\julian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Deleting Files \ Folders ======================

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\extensions\pricepeep@getpricepeep.com.xpi" deleted

"C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\extensions\plugin@getwebcake.com" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.4\pricegong.crx[]

eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\julian\AppData\Roaming\BabSolution\CR\Delta.crx[]

fjoijdanhaiflhibkljeklcghcmmfffh - C:\Program Files (x86)\WebCake\WebCakeLayers.crx[]

jbpkiefagocgkmemidfngdkamloieekf - No path found[]

jcdgjdiieiljkfkdcloehkohchhpekkn - No path found[]

jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\julian\AppData\Local\Wajam\Chrome\wajam.crx[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[31-05-2013 03:49]

mkndcbhcgphcfkkddanakjiepeknbgle - C:\Program Files (x86)\RelevantKnowledge\rlcm.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\julian\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx[31-05-2013 03:49]

ogccgbmabaphcakpiclgcnmcnimhokcj - No path found[]

pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\julian\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

cOOntiNuetaosave - julian - Default\Extensions\bfgggnbjollgggilpnbgmknchfmefafk

PriceGong - julian - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Battlefield Heroes - julian - Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh

Delta Toolbar - julian - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

WebCake - julian - Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh

Wajam - julian - Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

PricePeep - julian - Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb

Norton Identity Protection - julian - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

BittorrentBar_NL - julian - Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

Norton Identity Protection - julian - Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob

GoPhoto.it - julian - Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

==== Chrome Fix ======================

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgggnbjollgggilpnbgmknchfmefafk deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bfgggnbjollgggilpnbgmknchfmefafk_0.localstorage deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bfgggnbjollgggilpnbgmknchfmefafk_0.localstorage-journal deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.babylon.com/?affID=121845&babsrc=HP_ss_gin2g&mntrId=CE9300FF472E1D57"

"Use Search Asst"="yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Use Search Asst"="no"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="https://isearch.avg.com/search?cid={AF53778E-845E-46A3-8290-0A5AD3C5987B}&mid=440a2429c79c47d0a3b31929462ab050-571c1ccf3ab1d3391e42b1126e5a835d476d1854〈=nl&ds=st011&pr=sa&d=2012-07-19"

==== Reset Google Chrome ======================

C:\users\julian\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\julian\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\julian\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\julian\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H03FDAM will be deleted at reboot

C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PVA574A will be deleted at reboot

C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF6ZACT6 will be deleted at reboot

C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MI4DRWWM will be deleted at reboot

C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\julian\AppData\Local\Mozilla\Firefox\Profiles\z2sg51zl.default-1355409544489\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\julian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\julian\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\julian\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H03FDAM" not found

"C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PVA574A" not found

"C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF6ZACT6" not found

"C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MI4DRWWM" not found

==== EOF on di 25-06-2013 at 21:14:41,64 ======================

Link naar reactie
Delen op andere sites

Wat de malware betreft mag je eerst zoek.exe verwijderen van het bureaublad en CCleaner uitvoeren.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Voor je vragen over het "gamen" zou ik een nieuw topic openen in onze "gaming"-rubriek. Daar zal je sneller antwoord krijgen van de "kenners" dan hier.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.