Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Fam van Dalen on wo 03-06-2015 at 21:22:25,86. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Fam van Dalen\Downloads\zoek (1) (1).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-03-093610.log 104410 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\FAMVAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_03-06-2015_2137_.backup ProfilePath: C:\Users\FAMVAN~1\AppData\Roaming\Philips-Songbird\Profiles\qk605rks.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_03-06-2015_2137_.backup ==== Deleting Files \ Folders ====================== C:\Users\Fam van Dalen\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default\extensions\bbrs_002@blabbers.com not found C:\Users\Fam van Dalen\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default\extensions\bbrs_002@blabbers.com not found C:\Users\Fam van Dalen\AppData\Local\ClickPotatoLiteSA deleted ==== Registry Search Results for "{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64] "CLSID"="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome] "CLSID"="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox] "CLSID"="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tdataprotocol.CTData\CLSID] @="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tdataprotocol.CTData.1\CLSID] @="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\PROTOCOLS\Handler\base64] "CLSID"="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\PROTOCOLS\Handler\chrome] "CLSID"="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\PROTOCOLS\Handler\prox] "CLSID"="{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}" ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\FAMVAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default user_pref("browser.search.defaultengine", "Ask Search"); user_pref("browser.search.defaultenginename", "Ask Search"); user_pref("browser.search.selectedEngine", "Ask Search"); user_pref("extensions.APN_TB.first-previous-keyword-url", "http://www.plusnetwork.com/?sp=addr&q="); user_pref("extensions.FWV6.my-keyword-url", "\"\""); user_pref("extensions.FWV6.previous-keyword-url", "\"http://www.plusnetwork.com/?sp=addr&q=\""); user_pref("keyword.URL", "http://www.plusnetwork.com/?sp=addr&q="); ProfilePath: C:\Users\FAMVAN~1\AppData\Roaming\Philips-Songbird\Profiles\qk605rks.default user_pref("browser.search.selectedEngine", "7digital"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension" [31-05-2011 23:01] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "ClickPotatoLite@ClickPotatoLite.com"="C:\Users\Fam van Dalen\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\FAMVAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default - Undetermined - C:\Users\Fam van Dalen\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default\extensions\bbrs_002@blabbers.com - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\FAMVAN~1\AppData\Roaming\Philips-Songbird\Profiles\qk605rks.default - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\7digital@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-nl@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com ==== Firefox Plugins ====================== Profilepath: C:\Users\Fam van Dalen\AppData\Roaming\Mozilla\Firefox\Profiles\4jy1trob.default 31DA97B4682187C6639BBE2215814FDA - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 Bookmark Manager - Fam van Dalen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik ==== Chromium Startpages ====================== C:\Users\Fam van Dalen\AppData\Local\Google\Chrome\User Data\Default\Preferences p4-cp32nmh74mmew-y3eex6qxxdki7fv3-773681-s1-v6exp3-v4.metric.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"p4-cp32nmh74mmew-y3eex6qxxdki7fv3-if-v6exp3-v4.metric.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":54216}},"pagead2.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":48087}},"pagead2.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46569}},"partner.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"pubads.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"s0.2mdn.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"s0.2mdn.net:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":290639}},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46872}},"t0.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t1.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t2.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t3.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"tpc.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":67221}},"tpc.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":62020}},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.nl:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":308950}},"www.google.nl:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":50025}}},"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":3}},"ntp":{"most_visited_blacklist":{"617cdf658cca45354268e51a19fda802":null,"8cc886e0de858b67f23d34eed3820db9":null}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://secure.webcamsex.nl:443,*":{"last_used":1433325227.81667,"setting":1}},"media_stream_mic":{"https://secure.webcamsex.nl:443,*":{"last_used":1433325227.816643,"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"created_by_version":"43.0.2357.81","exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Persoon 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Fam van Dalen\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\Fam van Dalen\\Documents"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13077797996674662"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":1},"translate_last_denied_time":1433326179821.965,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="http://www.bing.com/search?q={searchTerms}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" {9AD5C8EE-544D-4ADA-AF4D-8F04BDB588C9} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {A586237E-C1B2-476B-A3EC-9FA2B2521B1D} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3773947598-2971562229-1871698840-1001\Software\Mozilla\Firefox\Extensions\ClickPotatoLite@ClickPotatoLite.com deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LM50HII will be deleted at reboot C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5W0Z6XVK will be deleted at reboot C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLZ5OX7E will be deleted at reboot C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0D59DBK will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Fam van Dalen\AppData\Local\Mozilla\Firefox\Profiles\4jy1trob.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Fam van Dalen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1851 folders=157 154682036 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Fam van Dalen\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\FAMVAN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LM50HII" not found "C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5W0Z6XVK" not found "C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLZ5OX7E" not found "C:\Users\Fam van Dalen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0D59DBK" not found ==== EOF on wo 03-06-2015 at 21:44:58,28 ======================