Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Aniek on vr 10/04/2015 at 1:03:04,45. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Aniek\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-04-09-223418.log 40894 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Aniek\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\wpwu9dhm.default user_pref("browser.startup.homepage", "resource://webapp/openvpn.html"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/03/2015 16:30] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Aniek\AppData\Roaming\Mozilla\Firefox\Profiles\rym6okx5.default-1427639199444 - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Aniek\AppData\Roaming\Mozilla\Firefox\Profiles\rym6okx5.default-1427639199444 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies 43583AB4DFD406F4C188342F41B1F91C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[26/03/2015 16:27] Google Docs - Aniek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Aniek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Aniek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Aniek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Aniek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Aniek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Bing (by Mircosoft) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" ==== Reset Google Chrome ====================== Nothing found to reset ==== shortcuts on Users Desktops ====================== C:\Users\Aniek\Desktop\Glyph.lnk - C:\Program Files (x86)\Glyph\GlyphClient.exe C:\Users\Aniek\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Aniek\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Aniek\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Macro Recorder.lnk - C:\Program Files (x86)\MacroRecorder\MacroRecorder.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Remote Control Server.lnk - C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Public\Desktop\TMAC v6.lnk - C:\Program Files (x86)\Technitium\TMACv6.0\TMAC.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - C:\Users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk - C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr C:\Users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Users\Aniek\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - C:\Users\Aniek\AppData\Local\TeamSpeak 3 Client\Uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_40\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_40\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_40\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 19.0.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE ==== shortcuts in Quick Launch ====================== C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Cheat Engine.lnk - C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Aniek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAHConsole deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aniek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Aniek\AppData\Local\Mozilla\Firefox\Profiles\rym6okx5.default-1427639199444\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Aniek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1155 folders=185 114439854 bytes) ==== Empty Temp Folders ====================== C:\Users\Aniek\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot