Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Pieter on wo 06/01/2016 at 12:00:42,32. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Pieter\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-24-131246.log 95956 bytes C:\zoek-results2015-04-20-132939.log 45297 bytes C:\zoek-results2015-04-20-160106.log 51752 bytes C:\zoek-results2015-08-09-194513.log 62670 bytes C:\zoek-results2015-08-12-144531.log 43734 bytes C:\zoek-results2015-08-13-171539.log 10847 bytes C:\zoek-results2016-01-03-222118.log 547741 bytes ==== Empty Folders Check ====================== C:\PROGRA~3\NVIDIA deleted successfully C:\PROGRA~3\TXQMPC deleted successfully C:\Users\Pieter\AppData\Roaming\shoujizhushou deleted successfully C:\Users\Pieter\AppData\Roaming\sjparinfo deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QQSysMonX64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QQSysMonX64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDefenseBt deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TSDefenseBt deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TS888x64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TS888x64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSKSP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TSKSP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QQPCRTP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TFsFlt deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TFsFlt deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] " QQPCTray"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Tencent not found C:\Users\Pieter\AppData\Roaming\Tencent not found C:\ProgramData\Tencent not found C:\Program Files\Common Files\Tencent deleted C:\PROGRA~3\Kingsoft deleted "C:\windows\SysNative\drivers\TSSKX64.sys" deleted "C:\Users\Pieter\AppData\Roaming\kingsoft" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser//?type=hp&ts=1451574571&z=3f396e64b405a2a77074655g7z3w0g7wcmaz3wemcg&from=exp1&uid=st9500325as_5ve3kqj9xxxx5ve3kqj9"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "DSE"="true" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\TomTom\HOME\Profiles\f9aferhx.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Pieter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[12/10/2015 08:31] Skype - Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Fix ====================== C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.duba.com/?f=unchie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.duba.com/?f=unchie" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.duba.com/?f=unchie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.duba.com/?f=unchie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\postgres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N9FU32K will be deleted at reboot C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDBZRD86 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Pieter\AppData\Local\Mozilla\Firefox\Profiles\d54h27ht.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Pieter\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=8689 folders=1605 953990574 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Pieter\AppData\Local\Temp will be emptied at reboot C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Pieter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N9FU32K" not found "C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDBZRD86" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 06/01/2016 at 14:29:28,28 ======================