Zoek.exe v5.0.0.0 Updated 08-December-2014 Tool run by toshiba on wo 10/12/2014 at 21:40:45,95. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\toshiba\Desktop\zoek.exe.scr [Scan all users] [Script inserted] ==== System Restore Info ====================== 10/12/2014 21:41:55 Zoek.exe System Restore Point Created Succesfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\City Interactive deleted successfully C:\PROGRA~2\GUM6A7A.tmp deleted successfully C:\PROGRA~2\GUM82D5.tmp deleted successfully C:\PROGRA~2\OXXOGames deleted successfully C:\PROGRA~2\VS Revo Group deleted successfully C:\Program Files\ATI Technologies deleted successfully C:\Program Files\Bitdefender deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\Program Files\McAfee deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\toshiba\AppData\Roaming\DendaGames deleted successfully C:\Users\toshiba\AppData\Roaming\QuickScan deleted successfully C:\Users\toshiba\AppData\Roaming\TP deleted successfully C:\Users\toshiba\AppData\Roaming\WinRAR deleted successfully C:\Users\toshiba\AppData\Local\CrashDumps deleted successfully C:\Users\toshiba\AppData\Local\Secunia PSI deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-188962704-3410596730-1811170223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{045E4757-6A06-4487-A26A-E9E182EEE0F2} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1q7yiik6.default user.js not found ---- Lines Search removed from prefs.js ---- user_pref("browser.search.selectedEngine", "Search Here"); ---- FireFox user.js and prefs.js backups ---- user_20131602_2019_.backup prefs_20131602_2019_.backup prefs_20141012_2204_.backup ProfilePath: C:\Users\toshiba\AppData\Roaming\Thunderbird\Profiles\taiale5w.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20141012_2204_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Mystery Case Files - Ontsnapping uit Ravenhearst deleted C:\Users\toshiba\AppData\Roaming\Alawar deleted C:\Users\toshiba\AppData\Roaming\Alawar Stargaze deleted C:\Users\toshiba\AppData\Roaming\AlawarEntertainment deleted C:\Users\toshiba\AppData\Roaming\YoudaGames deleted C:\PROGRA~3\Alawar Stargaze deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Ontsnapping uit Ravenhearst deleted C:\Users\Public\Documents\iWin deleted C:\Users\toshiba\Downloads\avg_free_stb_all_2013_2899_cnet.exe deleted C:\Users\toshiba\Downloads\SoftonicDownloader_voor_firefox.exe deleted C:\Users\toshiba\Downloads\SoftonicDownloader_voor_microsoft-powerpoint-viewer.exe deleted C:\Users\toshiba\Downloads\SoftonicDownloader_voor_windows-live-mail-2012.exe deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\windows\SysNative\tasks\AddLyrics update deleted C:\Windows\tasks\AddLyrics update.job deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\sho3563.tmp deleted C:\Windows\Syswow64\shoD613.tmp deleted C:\Windows\Syswow64\shoDF56.tmp deleted C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1q7yiik6.default\searchplugins\safesearch.xml deleted ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2014-09-14 11:45:35 -------- d-----w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-04 10:18:24 -------- d-----w- C:\PROGRA~3\Canon_Inc_IC 2014-10-19 14:04:49 -------- d-----w- C:\PROGRA~3\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-19 14:33:02 -------- d-----w- C:\PROGRA~3\BigFishGamesCache 2014-10-23 22:29:29 -------- d-----w- C:\PROGRA~3\Conexant ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "addlyrics@addlyrics.net"="C:\Program Files (x86)\AddLyrics\FF" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1q7yiik6.default - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn - Undetermined - {000F1EA4-5E08-4564-A29B-29076F63A37A} - Undetermined - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - SOE Web Installer - %ProfilePath%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1q7yiik6.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash D2B5242013356AF422A42B9FAA4056C2 - C:\Users\toshiba\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director FD63DE29FE0A7E738BD81CA0EDDD8020 - C:\Users\toshiba\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20/09/2014 09:52] Skype Click to Call - toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Fix ====================== C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-188962704-3410596730-1811170223-1000\Software\Mozilla\Firefox\Extensions\addlyrics@addlyrics.net deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\toshiba\AppData\Local\Mozilla\Firefox\Profiles\1q7yiik6.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=752 folders=176 1301704401 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\toshiba\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\toshiba\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 10/12/2014 at 22:19:08,66 ======================