Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Ihsane on wo 17-06-2015 at 18:57:51,87. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ihsane\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-16-201120.log 48681 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\0061411434483979mcinstcleanup deleted successfully ==== Deleting Files \ Folders ====================== "C:\windows\SysNative\drivers\mnweaqh.sys" not found C:\PROGRA~2\iExplorer deleted C:\PROGRA~2\SynciOS Data Transfer deleted C:\PROGRA~3\10344102745902178365 deleted C:\Users\Ihsane\.android deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [17-06-2015 19:01] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [17-06-2015 19:01] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[13-05-2015 11:03] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01-05-2015 11:17] SiteAdvisor - Ihsane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Salesforce - Ihsane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdomiplhgolgpibfdjjhgbcbkdcfkmk Avast SafePrice - Rachid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - Rachid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Skype Click to Call - Rachid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Avast SafePrice - Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki Skype Click to Call - Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Startpages ====================== C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Preferences C11C692772B881598E3A274D9C4EF7F7CD65ADE6"},"default_search_provider_data":{"template_url_data":"9332DF770F1348FC70793EF19EB1188222908DDE6079AB7CC31720BF3359FD0B"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"629B308E1E2956E6EF6E188D776408534CB9E2288901F69D17128D3210236E9F","bepbmhgboaologfdajaanbcjmnhjmhfn":"CD8A641BFF571CC63CC8102548A279F3641C66FCF0329C441B85495128AD704F","cfhdojbkjhnklbpkdaibdccddilifddb":"91927D60C90F3E484083E5AC1B1A075C606B913D35D48A8A339581B49D9BE778","eemcgdkfndhakfknompkggombfjjjeno":"D7E9E84CCDF2EF00080FA5859BA04A768319D3DB88F56B1432807147871C131E","ennkphjdgehloodpbhlhldgbnhmacadg":"6FEAF95517D87FF582B109FC64179B4F9F4268094835391E038E9CA46C7914A2","fheoggkfdfchfphceeifdbepaooicaho":"A1E7975023108E833DBB952F0FC03A07F9E97FE2696946F7E68B7EF3EC6D485D","fmdomiplhgolgpibfdjjhgbcbkdcfkmk":"0342A755A97335D1211F2DB55117A3B35F6F71CCC8396421E4BA2AD41707A740","gfdkimpbcpahaombhbimeihdjnejgicl":"2327115E85B7D09F5FB27424849808AC2A090635F6E024E0C9176692DC07C61C","gkojfkhlekighikafcpjkiklfbnlmeio":"55DCFEDC46BA504C5D5D162DD21E679C85CBEBD30BBD032214386E0370F013D2","kmendfapggjehodndflmmgagdbamhnfd":"E24876F7C0EFE6A67B42574D817D8B1D243C485F9A32344F6F098FEB282494FD","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"B05424E04E94A36B82B149C26D6E36CCCA5342401534707C6C497B17497B7152","mfehgcgbbipciphmccgaenjidiccnmng":"C692A260A1C0B0A288A4434C202422331F339D57335C28837CB153AB9907B610","mgndgikekgjfcpckkfioiadnlibdjbkf":"C3ABE039A56E2D47BBDDE658E4AF9C120DE62CEDCE9BE04EFBC33A0DFA788909","mhjfbmdgcfjbbpaeojofohoefgiehjai":"572249C34BBBAD66009F05AA515D929556E33ED7B7100B6D92CF8C5A3AC66EEE","neajdppkdcdipfabeoofebfddakdcjhd":"D8AAE6106E5FBE29598AE339A50B3C2D2161DE898914BC2DD8B6C969504972BA","nkeimhogjdpnpccoofpliimaahmaaome":"55B8DEBEC725A2A1D0CA72B76A639B75E0103C587B519D1109F5ADF75A317621","nmmhkkegccagdldgiimedpiccmgmieda":"5F65C8162B2F6003FB1F65159DD7379ECA2BC7B1FB0828C1F747DC2726E6C751","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"4E09FFBE2F0D5BAA47C7BA2FF2CD657EC35561707AF049DCDC469D47CC821055"}},"google":{"services":{"last_username":"295322790D7B73FEBCBEF896AF7F3C9033A6617F0C993B92E392554C7FB47887","username":"5E12D8D99B967D029A5D718661DC2E38596063F95E18ACC2B07C667B0FDBEA53"}},"homepage":"8A3105712CA4A5B1798BBEFBF451C3594B29B048821EF4143F1D8CE458F29E68","homepage_is_newtabpage":"6B17DB2C03FBACDEAE44728613C9974281B038E8A2FFC5EC1CE291C55C3B68EA","pinned_tabs":"136FF0CDF65C6581CC94CB0496A1445265B2262406CB4C900829316AAE4B9854","prefs":{"preference_reset_time":"E28D301CCD8DA3FB991134A606DD0935BCE279F31643F42F7140BDC6836AB24A"},"profile":{"reset_prompt_memento":"BFFC69699D0750B1433BF3BDF515E200BE5882AA971730F8ECD0348562AA5137"},"safebrowsing":{"incidents_sent":"0AD04D6CEF9161BC2594A8138AEDA1ABEE5F16B65215828083125A8DD8B6939C"},"search_provider_overrides":"ECD89EB6B7AA4D807CA56453E5403CB3BCE0079DB7E2158B7FEAE88DDC32B9C7","session":{"restore_on_startup":"CDCDBC755B795F77DA3AABC1561071F0F0077F9164767FBD00004E9B7F483672","startup_urls":"2C9674D720FCACACD5578ECB76EBDEB3E015809E75C143B1A3F6F3FACA2FD266"},"software_reporter":{"prompt_reason":"325285DED331A81ACDFDF33A30EB96AFBAD89BD26DE5C31B3F99F899FFA53F31","prompt_seed":"28AD8F1F0EB89B4C64EF6B8B87930557F81ADA802D290E19B17C4196B0D67993","prompt_version":"9C6FBAC5E903C1A2D9230A65B84A5AEB23752C0C43DDB5397ED0956E03943619"},"sync":{"remaining_rollback_tries":"D27217222C60D38A674799EAC4EC33313F1183874184A4FE51A1D0CA3C62AA5B"}},"super_mac":"52B59639AF6E37FDDF8E22CB422131F9B2AAD3EE45C2A6F78F0EC4E372F01C5C"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/","http://www.google.com/","http://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M63A31351-1DF7-4841-8EF6-B57DEDC0BF53&SearchSource=55&CUI=&UM=6&UP=SP0FE1C85B-AC3A-4B36-B2B8-0761B597D541&SSPV="]},"sync":{"remaining_rollback_tries":0}} C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Preferences "homepage": "http://www.google.nl/", "startup_urls": [ "http://google.nl/", "https://www.google.nl/" ] ==== Chromium Fix ====================== C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_klyrics.net_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_klyrics.net_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.nl_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vacatures.trovit.nl_0.localstorage-journal deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully C:\Users\Rachid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully C:\Users\Rachid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_nl.ask.com_0.localstorage deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_nl.ask.com_0.localstorage-journal deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_vertalen.babylon.com_0.localstorage deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_vertalen.babylon.com_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_audacity.nl.softonic.com_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_audacity.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_spybot-search-destroy.nl.softonic.com_0.localstorage deleted successfully C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_spybot-search-destroy.nl.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ihsane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ihsane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Rachid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rachid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Ihsane\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Rachid\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Thuis\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=45 folders=8 1750881 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Ihsane\AppData\Local\Temp will be emptied at reboot C:\Users\Rachid\AppData\Local\Temp emptied successfully C:\Users\Thuis\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ihsane\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 17-06-2015 at 19:15:56,32 ======================