Zoek.exe v5.0.0.0 Updated 13-09-2015 Tool run by User1 on ma 14/09/2015 at 11:52:38,13. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12PF7EH0\zoek[1].exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-09-11-060336.log 502 bytes C:\zoek-results2015-09-11-074626.log 25687 bytes C:\zoek-results2015-09-13-130642.log 27107 bytes ==== Empty Folders Check ====================== C:\Users\User1\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\Microsoft\Microsoft Security Client deleted C:\ProgramData\Malwarebytes deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_00e6e752 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_039ea69a deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_043ab183 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_048105ab deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0490f2c7 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0490fc29 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0498ce75 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_049d0962 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04a1054d deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04a4ce46 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04a508f5 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04a8d883 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04a8e149 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b0bedb deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b0d22c deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b16c68 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b17fd9 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b19349 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b1a69a deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b1e8f7 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b1fc77 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04b4c995 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04bce2ef deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04c49e22 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04c4c8ba deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_04c8e8d8 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_05769ebe deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0586a2e3 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_059696c2 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_05ae952d deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_061aba0b deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_07226759 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0786d077 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_08a68e1b deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_08be7b95 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_08c6a553 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_08dab7ba deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_09baae19 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0ab2aabf deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0b6295d8 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0b728ee6 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0b828ae0 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0bc2a736 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0be6ba68 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0c2eae67 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0c46c541 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0cea90aa deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0db28d31 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0e06ce55 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0e269194 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0e82a7c3 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0e8e9b64 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0ea69819 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0f768545 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0fa29d19 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0fd2b691 deleted C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_MBAMService_8c848a11c5173ff33b32a03e617e2bd9fceec85_0fdf09ee deleted C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.avast.com_0.localstorage-journal deleted "C:\Users\User1\Downloads\avast_premier_antivirus_setup_online.exe" deleted "C:\Users\User1\Downloads\mbam-setup-2.1.8.1057.exe" deleted "C:\Windows\Prefetch\MBAM.EXE-2FB6D924.pf" deleted "C:\Windows\Prefetch\MBAMSCHEDULER.EXE-E854CD0F.pf" deleted "C:\Windows\Prefetch\MBAMSERVICE.EXE-351A0DC9.pf" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\User1\AppData\Roaming\Thunderbird\Profiles\emf6cnvr.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12PF7EH0 will be deleted at reboot C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HEK5Z6G3 will be deleted at reboot C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K4CTW72R will be deleted at reboot C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\User1\AppData\Local\Mozilla\Firefox\Profiles\vbjrry1t.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=141 folders=129 32519132 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User1\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found "C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12PF7EH0" not found "C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HEK5Z6G3" not found "C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K4CTW72R" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 14/09/2015 at 12:31:24,84 ======================