Zoek.exe v5.0.0.0 Updated 17-Januari-2014 Tool run by Brian_Pc on vr 17-01-2014 at 1:05:31,67. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Brian_Pc\Desktop\zoek.scr [Scan all users] [Script inserted] ==== System Restore Info ====================== 17-1-2014 1:08:06 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Brian_Pc\AppData\Roaming\Mozilla\Firefox\Profiles\v3rmnfky.default user.js not found ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_meta.value", "%7B%22images/ user_pref("extensions.crossrider.bic", "1430c1a1bc5dcf7812950b64771ad891"); ---- Lines a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383 removed from prefs.js ---- user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.active", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.addressbar", "NA"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.addressbarenhanced", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncdb_dbWasSet", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncinternaldb_dbWasSet", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.asyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.backgroundver", 4); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.certdomaininstaller", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.changeprevious", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.cookie.InstallationTime.expiration", "Fri Feb 01 user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.cookie.InstallationTime.value", "1387477474"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.description", "Helpt je met het downloaden met G user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.domain", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.enablesearch", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.homepage", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.iframe", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.InstallationThankYouPage", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.InstallationTime", 1387477474); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.installer.expiration", "Fri Feb 01 20 user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.installer.value", "%7B%22InstallerIde user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerIdentifiers.expiration", "Fr user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerIdentifiers.value", "%7B%22i user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerParamsCache.expiration", "Fr user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.InstallerParamsCache.value", "%7B%22s user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_appVer.expiration", "Fri Fe user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_appVer.value", "48"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_lastVersion.expiration", "F user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_lastVersion.value", "25"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_meta.expiration", "Fri Feb user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_nextCheck.expiration", "Fri user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_queue.expiration", "Fri Feb user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_remote_resources.expiration user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_remote_resources.value", "% user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_resource_441977.expiration" user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_resource_441977.value", "%2 user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.internaldb.Resources_resource_441978.expiration" user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.lastDailyReport", "1389899534655"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.lastUpdate", "1389899533628"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.manifesturl", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.name", "GemistDownloader-plugin"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.newtab", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.opensearch", ""); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.pluginsversion", 7); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.publisher", "Wietze"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.searchstatus", 0); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.setnewtab", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.thankyou", "http://www.helpdeskweb.nl/gemistdown user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.updateinterval", 360); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.30383.ver", 48); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.apps", "30383"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.bic", "1430c1a1bc5dcf7812950b64771ad891"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.cid", 30383); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.firstrun", false); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.hadappinstalled", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.installationdate", 1387477474); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.modetype", "production"); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.reportInstall", true); user_pref("extensions.a3f85ebca5ee04042935e20d7bb38c127f20b526ab82841ab9361de1cad391506com30383.statsDailyCounter", 43); ---- FireFox user.js and prefs.js backups ---- prefs_17-01-2014_0114_.backup ==== Deleting Files \ Folders ====================== C:\Users\Brian_Pc\AppData\Roaming\Mozilla\Firefox\Profiles\v3rmnfky.default\extensions\3f85ebca-5ee0-4042-935e-20d7bb38c127...1cad391506.com not found C:\Windows\Syswow64\tmp2B35.tmp deleted C:\Windows\Syswow64\tmp2B46.tmp deleted C:\Users\Brian_Pc\AppData\Roaming\Mozilla\Firefox\Profiles\v3rmnfky.default\searchplugins\safesearch.xml deleted C:\Users\Brian_Pc\AppData\Roaming\Mozilla\Firefox\Profiles\v3rmnfky.default\extensions\3f85ebca-5ee0-4042-935e-20d7bb38c127@f20b526a-b828-41ab-9361-de1cad391506.com deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn" [16-01-2014 20:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Brian_Pc\AppData\Roaming\Mozilla\Firefox\Profiles\v3rmnfky.default - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn - Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF - HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} - HTML5 Media Player - %ProfilePath%\extensions\html5player@horning.us.xpi - Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Outlook Button - %ProfilePath%\extensions\{8f7dd41a-0441-4e16-a7d0-f25deb928fb1}.xpi - Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Firefox 2 the theme reloaded - %ProfilePath%\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Brian_Pc\AppData\Roaming\Mozilla\Firefox\Profiles\v3rmnfky.default 2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash 5B4DA1113F240C3F06FFF9D52761528B - T:\Picasa\Picasa3\npPicasa3.dll - Picasa CBFE3156904AB2D1A097F5E74A6C62F3 - P:\Vlc Player\VLC\npvlc.dll - VLC Web Plugin F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director 3E0EB8CC0526CF152C80628A7EBAD7C3 - C:\Users\Brian_Pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Brian_Pc\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - P:\Norton Internet Security 2013\Engine\20.4.0.40\Exts\Chrome.crx[28-11-2013 14:56] Facebook - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm Candy Crush Saga - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibdjfeclkefkigajajioodoplfhafic Weerplaza - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakjaebiehcbcjclfgifnhipfcobpaa AdBlock - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Windows Media Player Extension for HTML5 - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak Norton Identity Protection - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Apple Thema - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpilofaiabmckmfenobkedopnhimcdd Teletekst - Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\noblnklnhglbnfomoipgcidnbpdjfbom ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{F0B91F3D-BAED-41AB-8C89-170FF4C46F57}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {F0B91F3D-BAED-41AB-8C89-170FF4C46F57} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brian_Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brian_Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Brian_Pc\AppData\Local\Mozilla\Firefox\Profiles\v3rmnfky.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Brian_Pc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=422 folders=150 35045463 bytes) ==== Empty Temp Folders ====================== C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Brian_Pc\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Brian_Pc\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 17-01-2014 at 1:18:29,58 ======================