Zoek.exe v5.0.0.1 Updated 01-November-2015 Tool run by Ludwig on ma 02/11/2015 at 19:49:27.89. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ludwig\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 2/11/2015 19:51:01 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Citrix deleted successfully C:\Program Files\log deleted successfully C:\Users\Ludwig\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Ludwig\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Ludwig\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Ludwig\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Ludwig\AppData\Local\EmieSiteList deleted successfully C:\Users\Ludwig\AppData\Local\EmieUserList deleted successfully C:\Users\Ludwig\AppData\Local\MigWiz deleted successfully C:\Users\Ludwig\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Citrix not found C:\Windows\syswow64\appdata deleted C:\PROGRA~2\GUTB76.tmp deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\Ludwig\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\ProgramData\SamPCFax000001B00000" deleted "C:\ProgramData\SamPCFax000003600000" deleted "C:\ProgramData\SamPCFax000003D80000" deleted "C:\ProgramData\SamPCFax000004B80000" deleted "C:\ProgramData\SamPCFax000004FC0000" deleted "C:\ProgramData\SamPCFax000005280000" deleted "C:\ProgramData\SamPCFax000005800000" deleted "C:\ProgramData\SamPCFax000005F40000" deleted "C:\ProgramData\SamPCFax000008280000" deleted "C:\ProgramData\SamPCFax000008580000" deleted "C:\ProgramData\SamPCFax000009540000" deleted "C:\ProgramData\SamPCFax0000098C0000" deleted "C:\ProgramData\SamPCFax00000A1C0000" deleted "C:\ProgramData\SamPCFax00000A4C0000" deleted "C:\ProgramData\SamPCFax00000CC00000" deleted "C:\ProgramData\SamPCFax00000DF40000" deleted "C:\ProgramData\SamPCFax00000EEC0000" deleted "C:\ProgramData\SamPCFax00000F000000" deleted "C:\ProgramData\SamPCFax00000F080000" deleted "C:\ProgramData\SamPCFax00000F480000" deleted "C:\ProgramData\SamPCFax000010100000" deleted "C:\ProgramData\SamPCFax000011100000" deleted "C:\ProgramData\SamPCFax0000111C0000" deleted "C:\ProgramData\SamPCFax000011340000" deleted "C:\ProgramData\SamPCFax000012180000" deleted "C:\ProgramData\SamPCFax000012780000" deleted "C:\ProgramData\SamPCFax000013500000" deleted "C:\ProgramData\SamPCFax000013F00000" deleted "C:\ProgramData\SamPCFax0000143C0000" deleted "C:\ProgramData\SamPCFax000015C00000" deleted "C:\ProgramData\SamPCFax000015DC0000" deleted "C:\ProgramData\SamPCFax000018B80000" deleted "C:\ProgramData\SamPCFax00001A180000" deleted "C:\ProgramData\SamPCFax00001A3C0000" deleted "C:\ProgramData\SamPCFax00001C440000" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22/09/2015 07:15] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[07/08/2014 17:28] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/03/2015 18:21] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{206DCD4E-D236-4879-BC7C-B73DC40C66C1}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {206DCD4E-D236-4879-BC7C-B73DC40C66C1} Google Url="https://www.google.com/search?q={searchTerms}" {BCD3488F-37CE-4CCC-988F-72B87422BEB3} Bing Url="http://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-70288557-654467922-2263198344-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Ludwig\Desktop\4e kwartaal 2015 - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\BOEKHOUDING\boekjaar 2015\Kwartalen\4e kwartaal 2015.xls C:\Users\Ludwig\Desktop\Arts - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts C:\Users\Ludwig\Desktop\Facturen - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\BOEKHOUDING\boekjaar 2015\Facturen C:\Users\Ludwig\Desktop\FAVV - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\FAVV C:\Users\Ludwig\Desktop\hand-outs - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\allerlei\hand-outs C:\Users\Ludwig\Desktop\in aanvraag - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\aanvraag labo\in aanvraag C:\Users\Ludwig\Desktop\Kasboek 2015 - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\BOEKHOUDING\boekjaar 2015\Kasboek 2015.xlsx C:\Users\Ludwig\Desktop\KHD vaccinaties - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\allerlei\KHD vaccinaties.xls C:\Users\Ludwig\Desktop\Lijst 15€ - Snelkoppeling.lnk - C:\Users\Ludwig\Desktop\LIJST VOGELNAMEN - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\allerlei\LIJST VOGELNAMEN.xls C:\Users\Ludwig\Desktop\onbetaalde fakturen - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\BOEKHOUDING\onbetaalde fakturen\onbetaalde fakturen.xls C:\Users\Ludwig\Desktop\ontvangstenboek 2015 - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\BOEKHOUDING\boekjaar 2015\ontvangstenboek 2015.xls C:\Users\Ludwig\Desktop\Patientenfiche blanco individueel - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\Patientenfiches\Patientenfiche blanco individueel.xlsx C:\Users\Ludwig\Desktop\Patientenfiche blanco kweker - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\Patientenfiches\Patientenfiche blanco kweker.xlsx C:\Users\Ludwig\Desktop\Patientenfiches - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\Patientenfiches C:\Users\Ludwig\Desktop\prestatievergoedingen 2004 - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\Tarieven en prijsberekening\prestatievergoedingen 2004.xls C:\Users\Ludwig\Desktop\prijslijst - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\allerlei\prijslijst.xls C:\Users\Ludwig\Desktop\prijslijst klanten tauros - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\prijslijsten\prijslijst klanten tauros.xls C:\Users\Ludwig\Desktop\prijzen tauros - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\prijslijsten\prijzen tauros.xls C:\Users\Ludwig\Desktop\register in-uit2015 - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Arts\BOEKHOUDING\boekjaar 2015\register in-uit2015.xlsx C:\Users\Ludwig\Desktop\Thuis - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Thuis C:\Users\Ludwig\Desktop\Top Projects BVBA - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Top Projects BVBA C:\Users\Ludwig\Desktop\Vastgoed - Snelkoppeling.lnk - C:\Users\Ludwig\Documents\Ludwig\Thuis\Vastgoed ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging Console.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -config C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging starten.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -userstart C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging stoppen.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -shutdown ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Ludwig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ludwig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D90SDOWF will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=79 folders=19 210271522 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Ludwig\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ludwig\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ludwig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D90SDOWF" deleted ==== EOF on ma 02/11/2015 at 21:17:40.23 ======================