Zoek.exe v5.0.0.0 Updated 08-September-2015 Tool run by hulya on vr 11/09/2015 at 21:34:58,23. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hulya\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-30-114608.log 52094 bytes C:\zoek-results2015-08-31-182439.log 69830 bytes C:\zoek-results2015-09-01-145213.log 18642 bytes C:\zoek-results2015-09-02-164745.log 10644 bytes C:\zoek-results2015-09-09-134635.log 10705 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Folders Found ====================== 2015-09-01 14:47:45 2015-09-01 14:47:45 -------- d---a-w- C:\zoek_backup\C_ProgramData_McAfee 2015-09-01 14:47:45 2015-09-01 14:47:45 -------- d---a-w- C:\zoek_backup\C_Users_All Users_McAfee 2015-09-01 14:47:45 2015-09-01 14:47:45 -------- d--ha-w- C:\zoek_backup\C_Users_hulya_AppData_Local_Microsoft_Windows_Temporary Internet Files_Virtualized_C_ProgramData_McAfee 2015-09-01 14:47:45 2015-09-01 14:47:45 -------- d---a-w- C:\zoek_backup\C_Windows_OOBEOffer_OOBEOffer_res_ThirdParty_McAfee 2015-09-01 14:47:45 2015-09-01 14:47:45 -------- d---a-w- C:\zoek_backup\C_windows_SysNative_config_systemprofile_AppData_Roaming_McAfee 2015-09-01 14:47:45 2015-09-01 14:47:46 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_McAfee ==== Files Found ====================== --- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Microsoft_Windows_Cookies_system@mcafee[1].txt.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 460 Created time: 2015-09-01 14:47:46 Modified time: 2010-02-10 17:38:00 MD5: F9CE7F3C047F96C298EC28AB6972FC3A SHA1: 6DF7D194ABE0CA38AFAD2A01876DC02904AA7FEA ==== Registry Search Results for "McAfee" ====================== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK\0000] "DeviceDesc"="McAfee Inc. mfeavfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK\0000] "DeviceDesc"="McAfee Inc. mfehidk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFESMFK\0000] "DeviceDesc"="McAfee Inc. mfesmfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK\0000] "DeviceDesc"="McAfee Inc. mfeavfk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK\0000] "DeviceDesc"="McAfee Inc. mfehidk" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFESMFK\0000] "DeviceDesc"="McAfee Inc. mfesmfk" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK\0000] "DeviceDesc"="McAfee Inc. mfeavfk" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK\0000] "DeviceDesc"="McAfee Inc. mfehidk" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEHIDK01\0000] "DeviceDesc"="McAfee Inc." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFESMFK\0000] "DeviceDesc"="McAfee Inc. mfesmfk" ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\hulya\AppData\Roaming\Mozilla\Firefox\Profiles\tzry64i7.default user_pref("browser.startup.homepage", "http://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\hulya\AppData\Roaming\Mozilla\Firefox\Profiles\tzry64i7.default - OptOn - %ProfilePath%\extensions\p@MgPFxO.edu - Noia 2.0 eXtreme - %ProfilePath%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\hulya\AppData\Roaming\Mozilla\Firefox\Profiles\tzry64i7.default 3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 3CD19649B2C3023D65E67C056457A2BC - C:\Users\hulya\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.85 ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hulya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hulya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\hulya\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=298 folders=141 26784309 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hulya\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\hulya\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 11/09/2015 at 22:28:41,70 ======================