Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by rossi on di 07-02-2017 at 13:19:38,95. Microsoft Windows 10 Home 10.0.14393 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\rossi\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2017-02-05-121710.log 52908 bytes C:\zoek-results2017-02-05-124446.log 71614 bytes C:\zoek-results2017-02-06-110454.log 8929 bytes ==== Empty Folders Check ====================== C:\Users\rossi\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\rossi\AppData\Roaming\Profiles\Zusotainlujeght.default\prefs.js: user_pref("browser.startup.homepage", "http://www.youndoo.com/?z=406cbd47d4b0baa238d5532g9z2b7q9obz3t3q8qbw&from=bcn&uid=HGSTXHTS721010A9E630_JR10044M0EH99N0EH99NX&type=hp"); user_pref("browser.newtab.url", "http://www.youndoo.com/?z=406cbd47d4b0baa238d5532g9z2b7q9obz3t3q8qbw&from=bcn&uid=HGSTXHTS721010A9E630_JR10044M0EH99N0EH99NX&type=hp"); user_pref("browser.search.defaultenginename", "youndoo"); user_pref("browser.search.selectedEngine", "youndoo"); Added to C:\Users\rossi\AppData\Roaming\Profiles\Zusotainlujeght.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\prefs.js: user_pref("browser.startup.homepage", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H24ztrmbl10AU,eb4d6126-b5b0-4b74-9d11-36ba594b1fb7,"); user_pref("browser.newtab.url", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H24ztrmbl10AU,eb4d6126-b5b0-4b74-9d11-36ba594b1fb7,"); user_pref("browser.search.selectedEngine", ""); user_pref("keyword.URL", "http://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H24ztrmbl10AU,eb4d6126-b5b0-4b74-9d11-36ba594b1fb7,"); Added to C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\9zl721p2.default\prefs.js: user_pref("browser.startup.homepage", "C:\ProgramData\Hotfreshs\ff.HP"); user_pref("browser.newtab.url", "C:\ProgramData\Hotfreshs\ff.NT"); Added to C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\9zl721p2.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "userinit"=- ==== Deleting Files \ Folders ====================== "C:\Windows\run.vbs" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\rossi\AppData\Roaming\Profiles\Zusotainlujeght.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\Profiles\9zl721p2.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\rossi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\9zl721p2.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [02-02-2017 15:05] ==== Firefox Extensions ====================== ProfilePath: C:\Users\rossi\AppData\Roaming\Profiles\Zusotainlujeght.default - Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] UC浏览器活动 - rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\acbckhilidhkcoenjgmejpgnnmcbhjhi Adobe Acrobat - rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj UC Image Previewer - rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc UC Resource Hunter - rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm Generate QR code of this webpage - rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\pbnmnlipmkfkadfcdocgblonoccmolpe UC Nexus - rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi ==== Chromium Fix ====================== C:\Users\rossi\AppData\Local\UCBrowser\User Data\Default\Extensions\acbckhilidhkcoenjgmejpgnnmcbhjhi deleted successfully C:\Users\rossi\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_acbckhilidhkcoenjgmejpgnnmcbhjhi_0.localstorage deleted successfully C:\Users\rossi\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_acbckhilidhkcoenjgmejpgnnmcbhjhi_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131307240233226372&GUID=DD403D68-AD6F-409F-9FD4-BA0819408E59" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131307240233226372&GUID=DD403D68-AD6F-409F-9FD4-BA0819408E59" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox" {ielnksrch} Search the web Url="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zAaD6FDDoG3E77bpNChke1eGNaLnCkGUCWBdBkSRwbaRXX5jqgylGDgzJhg3cT8G1cNWw7prirxfgffQVzEwIcpPvNL4bAQ-4P1ACu7tTwNFThgSECm0kFPVtcGscBnwVc22yhfOPkhA_czsVRK9OUU63Zvw,,&q={searchTerms}" ==== shortcuts on Users Desktops ====================== C:\Users\rossi\Desktop\Around the World in 80 Days.lnk - C:\Program Files (x86)\GameTop.com\Around the World in 80 Days\game.exe C:\Users\rossi\Desktop\AVS Video Converter.lnk - C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe C:\Users\rossi\Desktop\Dacia Media Nav Toolbox.lnk - C:\Program Files (x86)\Dacia Media Nav\Toolbox\toolbox.exe C:\Users\rossi\Desktop\Deze pc.lnk - C:\Users\rossi\Desktop\GrabIt.lnk - C:\Program Files (x86)\GrabIt\GrabIt.exe C:\Users\rossi\Desktop\Mail.lnk - C:\Users\rossi\Desktop\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe C:\Users\rossi\Desktop\Spotnet.lnk - C:\Users\rossi\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\AVG Protection.lnk - C:\Program Files (x86)\AVG\Av\avgui.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Evernote.lnk - C:\Windows\Installer\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}\Evernote.ico C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://fanli90.cn/ C:\Users\Public\Desktop\ROG Gaming Center.lnk - C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe C:\Users\Public\Desktop\ROG MacroKey.lnk - C:\Windows\Installer\{1101D2B9-7E8C-4361-88D5-AB0A2EB705EC}\_0ACE9DE19D214E6CBE406D.exe C:\Users\Public\Desktop\Spotnet.lnk - C:\Program Files (x86)\Spotnet\Spotnet.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe ==== shortcuts in Users Start Menu ====================== C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\rossi\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU\De-installeren.lnk - C:\Program Files (x86)\AVS4YOU\Uninstall.exe C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Gameroom.lnk - C:\Users\rossi\AppData\Local\Facebook\Games\FacebookGameroom.exe C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\rossi\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk - C:\Users\rossi\AppData\Local\Facebook\Games\FacebookGameroom.exe fbgames://windows_startup/ C:\Users\rossi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???\??UC???.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://fanli90.cn/ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG Protection.lnk - C:\Program Files (x86)\AVG\Av\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Activering.lnk - C:\Program Files (x86)\AVS4YOU\Registration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Help.lnk - C:\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Licentieovereenkomst.lnk - C:\Program Files (x86)\AVS4YOU\License Agreement.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS Video Converter.lnk - C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoutlooksnc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Presentation.lnk - C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe /wpp /w /fromksolaunch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Spreadsheets.lnk - C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe /et /fromksolaunch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Writer.lnk - C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe /wps /w /fromksolaunch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Office Tools\Check for WPS Office Updates.lnk - C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe /from:manual C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Office Tools\Uninstall WPS Office.lnk - C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\utility\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office\WPS Office Tools\WPS Office Configuration Tools.lnk - C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ksomisc.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=ChromeDefaultData C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk - C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook Gameroom.lnk - C:\Users\rossi\AppData\Local\Facebook\Games\FacebookGameroom.exe C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iexplore.exe - Snelkoppeling.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://fanli90.cn/ C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\rossi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iexplore.exe - Snelkoppeling.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\rossi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\rossi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\rossi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\rossi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\rossi\AppData\Local\Mozilla\Firefox\Profiles\9zl721p2.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\rossi\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\rossi\AppData\Local\UCBrowser\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=829 folders=236 361299604 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== EOF on di 07-02-2017 at 13:40:19,02 ======================