Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Pieter on do 13/08/2015 at 16:56:48,64. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Pieter\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-24-131246.log 95956 bytes C:\zoek-results2015-04-20-132939.log 45297 bytes C:\zoek-results2015-04-20-160106.log 51752 bytes C:\zoek-results2015-08-09-194513.log 62670 bytes C:\zoek-results2015-08-12-144531.log 43734 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C: WINDOWS\Sysnative\Tasks\{3D0E56A1-8760-4D35-8649-4159AFC23C2B} not found C:\programdata\78407878-6f0f-e747-7840-078786f0e1e1 not found "C: WINDOWS\Tasks\AutoMount.job" not found "C: WINDOWS\Tasks\ExtremeOrganizer.job" not found C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\dummy.htm" deleted "C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1385566621-4048086490-2743871047-1000UA.job" deleted "C:\Users\Pieter\Desktop\Popcorn Time.lnk" deleted "C:\Users\Pieter\AppData\Local\Popcorn Time" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "DSE"="true" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\TomTom\HOME\Profiles\f9aferhx.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default EF3CA2A515FEC970E22D2C424A42401E - C:\Users\Pieter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Pieter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] Skype Click to Call - Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Startpages ====================== C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Preferences ck.net:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"supports_spdy":true},"ssl.gstatic.com:443":{"supports_spdy":true},"static.doubleclick.net:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"supports_spdy":true},"syndication.twitter.com:443":{"supports_spdy":true},"theprivilegesbox.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"supports_spdy":true},"upload.wikimedia.org:443":{"supports_spdy":true},"vast.booknovel.info:443":{"supports_spdy":true},"vast.creatorserviceusa.info:443":{"supports_spdy":true},"vast.multicatusa.info:443":{"supports_spdy":true},"vast.winnering.net:443":{"supports_spdy":true},"video-ad-stats.googlesyndication.com:443":{"supports_spdy":true},"video-bru2-1.xx.fbcdn.net:443":{"supports_spdy":true},"winnerican.org:443":{"supports_spdy":true},"winnering.info:443":{"supports_spdy":true},"winnering.org:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"supports_spdy":true},"www.google.be:443":{"supports_spdy":true},"www.google.com:443":{"supports_spdy":true},"www.googleadservices.com:443":{"supports_spdy":true},"www.googleapis.com:443":{"supports_spdy":true},"www.googletagservices.com:443":{"supports_spdy":true},"www.gstatic.com:443":{"supports_spdy":true},"www.secureboom.net:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"yt3.ggpht.com:443":{"supports_spdy":true}},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.facebook.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.facebook.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"44.0.2403.130","exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Persoon 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"selectfile":{"last_directory":"C:\\"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13083866266525405"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count_for_language":{"en":1},"translate_last_denied_time_for_language":{"en":1439394076490.599},"translate_whitelists":{}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\postgres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K0T14SX will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Pieter\AppData\Local\Mozilla\Firefox\Profiles\d54h27ht.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Pieter\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5019 folders=1045 171363664 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Pieter\AppData\Local\Temp will be emptied at reboot C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Pieter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7K0T14SX" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on do 13/08/2015 at 19:15:39,45 ======================