Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Nathalie on ma 18/07/2016 at 9:27:34,27. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Nathalie\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-07-17-145533.log 46673 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QQRepair167d deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QQRepair167d deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDefenseBt deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TSDefenseBt deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TFsFlt deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TFsFlt deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] " QQPCTray"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "AVG-Secure-Search-Update_0913b"=- ==== Deleting Files \ Folders ====================== C:\Users\Nathalie\AppData\Roaming\AVG 0913b Campaign not found C:\Program Files (x86)\Tencent not found C:\PROGRA~3\TXQMPC deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4wwiona8.default-1393590751205 user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.newtab.url", "http://www.google.com"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [16/03/2016 20:48] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [16/03/2016 20:48] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4wwiona8.default-1393590751205 - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Nathalie\AppData\Roaming\Thunderbird\Profiles\sa4qsifo.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} ProfilePath: C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\ue1m91jg.default - Undetermined - %ProfilePath%\extensions\searchads@instair.net ==== Firefox Plugins ====================== Profilepath: C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\4wwiona8.default-1393590751205 424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhhejlifdlcgcmogbggeomfodgklfaem - No path found[] Google Slides - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Bitdefender Wallet - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem Google Sheets - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}" HKLM\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms} HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}" HKLM\Wow6432Node\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms} ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nathalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nathalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Nathalie\AppData\Local\Mozilla\Firefox\Profiles\4wwiona8.default-1393590751205\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=484 folders=142 138903082 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Nathalie\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Nathalie\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 18/07/2016 at 9:49:22,60 ======================