Zoek.exe v5.0.0.1 Updated 09-November-2015 Tool run by User on ma 09-11-2015 at 12:54:57,00. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-11-04-140651.log 66082 bytes C:\zoek-results2015-11-04-165216.log 58549 bytes C:\zoek-results2015-11-04-191044.log 2974 bytes C:\zoek-results2015-11-07-141423.log 22612 bytes ==== FireFox Fix ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ngvi4rr.default-1446543442242 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_09-11-2015_1256_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB}] "AppPath"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609}] "AppPath"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\Mskoladd.MskOLAddIn] "Description"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\Mskoladd.MskOLAddIn] "FriendlyName"= [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Thunderbird\Extensions] "msktbird@mcafee.com"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10] [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10\MimeTypes] [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10\MimeTypes\application/x-mfe-ipt] [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10\Suffixes] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NaiAnn.McVsAnn] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NaiAnn.McVsAnn.1] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NaiAnn.McVsAnnAdmin] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NaiAnn.McVsAnnAdmin.1] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NaiAnn.McVSOASAlert] @=- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NaiAnn.McVSOASAlert.1] @=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\mclogevent] "EventMessageFile"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HipShieldK] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mferkdet] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mferkdet] "InstallReference.WSS11.6_OAS"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\mclogevent] "EventMessageFile"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HipShieldK] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mferkdet] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mferkdet] "InstallReference.WSS11.6_OAS"=- [-HKEY_USERS\.DEFAULT\Software\McAfee] [-HKEY_USERS\.DEFAULT\Software\McAfee\MSC] [-HKEY_USERS\.DEFAULT\Software\McAfee\MSC\Settings] [-HKEY_USERS\.DEFAULT\Software\McAfee\MSC\Settings\McProMgr] [-HKEY_USERS\.DEFAULT\Software\McAfee\RuntimeMUI] [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust] [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\Certificates] [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\CRLs] [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\CTLs] [-HKEY_USERS\S-1-5-21-2053507290-4217072742-2159287795-1002\Software\McAfee] [-HKEY_USERS\S-1-5-21-2053507290-4217072742-2159287795-1002\Software\McAfee\MSC] [-HKEY_USERS\S-1-5-21-2053507290-4217072742-2159287795-1002\Software\McAfee\MSC\Settings] [-HKEY_USERS\S-1-5-21-2053507290-4217072742-2159287795-1002\Software\McAfee\MSC\Settings\McProMgr] [-HKEY_USERS\S-1-5-21-2053507290-4217072742-2159287795-1002\Software\McAfee\RuntimeMUI] [-HKEY_USERS\S-1-5-21-2053507290-4217072742-2159287795-1002\Software\McAfee\VirusScan] [-HKEY_USERS\S-1-5-18\Software\McAfee] [-HKEY_USERS\S-1-5-18\Software\McAfee\MSC] [-HKEY_USERS\S-1-5-18\Software\McAfee\MSC\Settings] [-HKEY_USERS\S-1-5-18\Software\McAfee\MSC\Settings\McProMgr] [-HKEY_USERS\S-1-5-18\Software\McAfee\RuntimeMUI] [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust] [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\Certificates] [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\CRLs] [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\CTLs] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Popcorn Time not found C:\ProgramData\McAfee deleted "C:\Windows\Log\McAfee64_Win8.log" deleted "C:\windows\SysNative\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee HIPS Driver.cat" deleted "C:\Users\User\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Zitenop.exe.log" deleted "C:\Users\Public\Desktop\Popcorn Time.lnk" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff" [02-11-2015 16:00] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [02-11-2015 16:00] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "DSE"="true" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ngvi4rr.default-1446543442242 - Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi - Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ngvi4rr.default-1446543442242 30F232783820C8146F8A050F9E2F5D1D - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll - Shockwave for Director / Shockwave for Director 863AF0003392FEBC2667A8A790DED955 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.80 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhhejlifdlcgcmogbggeomfodgklfaem - No path found[] Google Slides - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Web Store Payments - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Battlefield Play4Free - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh Ferret - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\padcapdkhelngdelppbbjmkmkfceoikg Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem deleted successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1199 folders=195 231329349 bytes) ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\windows\SysNative\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee HIPS Driver.catsearch" deleted ==== EOF on ma 09-11-2015 at 13:10:28,36 ======================