Zoek.exe v5.0.0.1 Updated 08-October-2015 Tool run by eigenaar on 11/10/2015 at 17:32:48.49. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-01-13-212304.log 38008 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\eigenaar\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\VideoLAN deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\eMule deleted successfully C:\Users\eigenaar\AppData\Roaming\TP deleted successfully C:\Users\eigenaar\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\eigenaar\AppData\Local\EmieSiteList deleted successfully C:\Users\eigenaar\AppData\Local\EmieUserList deleted successfully C:\Users\eigenaar\AppData\Local\WMTools Downloaded Files deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2898839394-1353463057-2658360971-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\VideoLAN not found C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted C:\PROGRA~3\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2} deleted C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield deleted C:\windows\SysNative\Tasks\avastBCLRestart_chrome.exe deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Windows\Installer\708926.msi" deleted ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-06-07 21:52:12 -------- d--h--w- C:\PROGRA~3\CanonBJ 2015-06-07 21:56:33 -------- d-----w- C:\PROGRA~3\CanonIJWSpt 2015-06-07 21:56:46 -------- d-----w- C:\PROGRA~3\SetupTemp 2015-06-08 13:31:37 -------- d--h--w- C:\PROGRA~3\CanonIJScan 2015-06-08 13:32:55 -------- d--h--w- C:\PROGRA~3\CanonIJMIG 2015-06-17 15:45:19 -------- d-----w- C:\PROGRA~3\Dropbox 2015-09-15 12:09:46 -------- d-----w- C:\PROGRA~3\Malwarebytes ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/05/2015 14:40] nhfpefkeidlhbjljfdojcnngjbddgein - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[17/11/2010 08:36] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07/02/2013 08:47] YouTube - eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Website Logon - eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein Chrome Web Store Payments - eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm avast Online Security - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Website Logon - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein Google Wallet - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo> - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Website Logon - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.com" ] C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com", "urls_to_restore_on_startup": [ "http://www.google.com" ] ==== Chromium Fix ====================== C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_daire.trovit.com.tr_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_daire.trovit.com.tr_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.sehirfirsati.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.sehirfirsati.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tosavealife.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tosavealife.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static-135-131-92-77.sadecehosting.net_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static-135-131-92-77.sadecehosting.net_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3tpuxked45kzt.cloudfront.net_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3tpuxked45kzt.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Default_Page_URL"="http://www.google.com" "Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{A0C034F1-349D-4894-8F38-17F8C16C6BFC}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {A0C034F1-349D-4894-8F38-17F8C16C6BFC} Google Url="http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-5/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}" {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8086A3D08B281BB4EBA5EA7DB5F3C620 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8086A3D08B281BB4EBA5EA7DB5F3C620 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=173 folders=31 125088965 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\eigenaar\AppData\Local\Temp will be emptied at reboot C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\eigenaar\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QFPB2P5X\nieuws.vtm.be" not found "C:\Users\eigenaar\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QFPB2P5X\static.issuu.com" not found "C:\Users\eigenaar\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QFPB2P5X\syndication.vmma.be" not found "C:\Users\eigenaar\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QFPB2P5X\www.bbc.co.uk" not found "C:\Users\eigenaar\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QFPB2P5X\www.vidivodo.com" not found ==== EOF on 11/10/2015 at 18:26:29.33 ======================