Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by marleen on di 19/05/2015 at 13:52:17,08. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\marleen\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 19/05/2015 13:53:47 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\Users\marleen\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73204B8A-87A8-49C8-A91A-FFCDE788A9ED} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{903C3322-6CEF-4CA5-BD37-4F056155FC08} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12830B30-5F6C-4D3F-862E-7074F9CD8D9F} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1783F0CD-8D88-4B27-B173-347E425EE1E} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41CA06AB-6E6B-45DD-B044-ADFE6AE4A6} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F10F818-6A4C-4474-AE37-E34326AE9087} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5345222A-28B3-42F1-BE94-72633587F1C} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EA49FC-737B-4737-B1D6-33E4A1789E6E} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86FF516C-9BF9-48E1-9AFB-F09AE1684FC4} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{898B55D-309D-4987-B99E-3FA0D6E2C7C9} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93291449-D8D4-4E61-9DA-696C464AB5A} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECB81308-FCC8-49A3-9061-A0508C39E468} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F40165B1-2E37-494E-9950-92559333FDA} deleted successfully HKEY_USERS\S-1-5-21-3574955231-1429911895-3831399447-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7BEEA03-DFD0-4A91-80EB-B58CB8767A0} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~3\APN deleted C:\PROGRA~3\Package Cache deleted C:\Users\marleen\AppData\Roaming\Mozilla\Firefox\Profiles\RbRqinRD.default\extensions\abs@avira.com deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\marleen\AppData\Roaming\Mozilla\Firefox\Profiles\pr6fdkyq.default-1431678854187 user_pref("browser.startup.homepage", "http://www.google.be/"); user_pref("browser.search.selectedEngine", ""); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\marleen\AppData\Roaming\Mozilla\Firefox\Profiles\pr6fdkyq.default-1431678854187 9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\marleen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin 1CDD28B47D8198F868349BDFBCD1281B - C:\Users\marleen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin Profilepath: C:\Users\marleen\AppData\Roaming\Mozilla\Firefox\Profiles\sq9ky3bc.default-1415452047738 D2B5242013356AF422A42B9FAA4056C2 - C:\Users\marleen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin FD63DE29FE0A7E738BD81CA0EDDD8020 - C:\Users\marleen\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] ==== Chromium Startpages ====================== C:\Users\marleen\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.com/" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\marleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\marleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\marleen\AppData\Local\Mozilla\Firefox\Profiles\pr6fdkyq.default-1431678854187\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\marleen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=126 folders=30 7453898 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\marleen\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\marleen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 19/05/2015 at 14:15:07,11 ======================