Zoek.exe v5.0.0.0 Updated 08-September-2015 Tool run by Hendrik on zo 13/09/2015 at 17:16:55,67. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hendrik\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 13/09/2015 17:28:09 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\Mio deleted successfully C:\PROGRA~2\OpenVPN Technologies deleted successfully C:\PROGRA~2\Right Brain Interface deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Mozilla deleted successfully C:\PROGRA~3\Nalpeiron deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Default\AppData\LocalGoogle deleted successfully C:\Users\DefaultAppPool\AppData\LocalGoogle deleted successfully C:\Users\Dropbox\AppData\LocalGoogle deleted successfully C:\Users\Hendrik\AppData\LocalGoogle deleted successfully C:\Users\Dropbox\AppData\Local\VirtualStore deleted successfully C:\Users\Hendrik\AppData\Local\CrashDumps deleted successfully C:\Users\Hendrik\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Hendrik\AppData\Local\EmieSiteList deleted successfully C:\Users\Hendrik\AppData\Local\EmieUserList deleted successfully C:\Users\Hendrik\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-21-1191951822-230774151-2282679725-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-21-1191951822-230774151-2282679725-1000\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully HKEY_USERS\S-1-5-21-1191951822-230774151-2282679725-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_USERS\S-1-5-21-1191951822-230774151-2282679725-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECC81F59-D6B1-46A4-B5E8-900FB424B95D} deleted successfully HKEY_USERS\S-1-5-21-1191951822-230774151-2282679725-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4169044D-6BA4-4661-B7D6-E29274F1F458} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Mio not found C:\PROGRA~2\OpenVPN Technologies not found C:\PROGRA~2\Right Brain Interface not found C:\Users\Hendrik\AppData\Roaming\calibre deleted C:\Users\Hendrik\AppData\Roaming\pushbullet deleted C:\Users\Hendrik\.android deleted C:\PROGRA~2\GfKLSPService deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\Syswow64\RENB653.tmp deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Users\Hendrik\Documents\Add-in Express deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [19/06/2015 10:44] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [19/06/2015 10:44] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Hendrik\AppData\Roaming\Thunderbird\Profiles\w4jne6ub.default - Deutsches Wrterbuch erweitert fr sterreich - %ProfilePath%\extensions\de-AT@dictionaries.addons.mozilla.org - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ProfilePath: C:\Users\Hendrik\AppData\Roaming\TomTom\HOME\Profiles\fm233v3z.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\n1f5cekn.default-1438544483755 EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\Hendrik\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin F542B4E8DF11DCF7C974548A2D2BD624 - C:\Users\Hendrik\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll - Google Update 49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Hendrik\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 1CDD28B47D8198F868349BDFBCD1281B - C:\Users\Hendrik\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.85 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/03/2015 23:04] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[19/06/2015 10:43] Google Docs - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Open with Office Web Apps Viewer - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcknfcclbcpdeopdopomkdbjmldgdeld Sothink Flash Downloader for Chrome - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi YouTube - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo HelloFax 50 Free Fax Pages - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm Last updated at time on date - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Ecosia - The search engine that plants trees - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc Google Search - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Free Smileys & Emoticons - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm Gmail Offline - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk DoNotTrackMe Online Privacy Protection - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd Social Fixer for Facebook - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb Do Not Disturb - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia The Great Suspender - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg Google Wallet - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Belfius Smart Card Reader Chrome Extension - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi Awesome Screenshot: Screen capture Annotate - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce Flash Player\t - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopeeahhaaggbnmdifpnjcpcpfndgkkp Desmos Graphing Calculator - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko Sothink Flash Downloader for Chrome - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\biceobciobbhhkplgocbaigojbnepcoi YouTube - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo HelloFax 50 Free Fax Pages - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm selector is not a valid CSS selector - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Pushbullet - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd Ecosia - The search engine that plants trees - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc Google Search - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Tackk - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlijffcapefjlbkkjikpfckjlmamneol Free Smileys & Emoticons - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm Gmail Offline - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk Blur - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd Hangout Chat Notifications - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhnghpfjmlncfmkdcamdnomjcobgmo HTTPS Everywhere - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp Unlimited Free VPN - Hola - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio Bookmark Manager - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Avast Online Security - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Notes - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\haafigbapbpbpnmgcknnmilaaaimggpk Checker Plus for Google Calendar™ - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha Do Not Disturb - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia Disconnect - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo The Great Suspender - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg New Tab Page - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa Bookmark Checker - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec Hangouts - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd Chrome Web Store Payments - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Hover Zoom - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl Sidekick - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd dotEPUB - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm TunnelBear VPN - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa Gmail - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia RoboForm - Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob ==== Chromium Fix ====================== C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.getsidekick.com_0.localstorage deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.getsidekick.com_0.localstorage-journal deleted successfully C:\Users\Dropbox\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oiiaigjnkhngdbnoookogelabohpglmd_0.localstorage deleted successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiiaigjnkhngdbnoookogelabohpglmd deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=U218DHP&pc=U218" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=U218DHP&pc=U218" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {E653FCC0-8214-4D64-84DE-880B9B40BDC5} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== Reset Google Chrome ====================== C:\Users\Dropbox\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Dropbox\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully C:\Users\Dropbox\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\gacela2@nurago.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfK-WatchDog deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFADB1.tmp will be deleted at reboot C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFB301.tmp will be deleted at reboot C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFB331.tmp will be deleted at reboot C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFB342.tmp will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Dropbox\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Hendrik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1155 folders=185 159268841 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Hendrik\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFADB1.tmp" not found "C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFB301.tmp" not found "C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFB331.tmp" not found "C:\Users\Hendrik\AppData\Local\Microsoft\Windows\INetCache\IE\WPFB342.tmp" not found ==== EOF on zo 13/09/2015 at 23:29:34,09 ======================