Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Drak on ne 25.09.2016 at 22:10:13,87.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Drak\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
25.9.2016 22:10:42 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Adobe deleted successfully
C:\PROGRA~2\IObit deleted successfully
C:\PROGRA~2\Raptr deleted successfully
C:\Program Files\McAfee deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Users\Drak\AppData\Local\AMD deleted successfully
C:\Users\Drak\AppData\Local\NetworkTiles deleted successfully
C:\Users\Drak\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Drak\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default\prefs.js:
user_pref("browser.search.selectedEngine", "");
Added to C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Drak\AppData\Roaming\Philips-Songbird\Profiles\hxeqrza0.default\prefs.js:
Added to C:\Users\Drak\AppData\Roaming\Philips-Songbird\Profiles\hxeqrza0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("extensions.addthis.service.personal", "facebook,email,twitter,print,myspace,favorites,google,digg,delicious,stumbleupon,live,yahoomail,redd
---- FireFox user.js and prefs.js backups ----
prefs_25.09.2016_2223_.backup
ProfilePath: C:\Users\Drak\AppData\Roaming\Philips-Songbird\Profiles\hxeqrza0.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_25.09.2016_2223_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Adobe not found
C:\PROGRA~2\IObit not found
C:\PROGRA~2\Raptr not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~2\HP Universal Camera Driver deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Drak\AppData\Local\Unity deleted
C:\Users\Drak\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default\Invalidprefs.js deleted
"C:\Users\Drak\AppData\Roaming\PlaysTV\playstv.cfg" deleted
"C:\Users\Drak\AppData\Roaming\IObit" deleted
"C:\Users\Drak\AppData\Roaming\Philips" deleted
"C:\Users\Drak\AppData\Roaming\PlaysTV" deleted
"C:\Users\Drak\AppData\Roaming\Ubisoft" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Drak\AppData\Roaming\Philips-Songbird\Profiles\hxeqrza0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- Youtube MP3 Converter em:version1.9.2.3-signed em:type2 em:creator2conv@hotger.com em:descriptionGet the fastest and more convenient Converter YouTube to MP3 with our add-on em:homepageURLhttp:2conv.cominfoaddon em:iconURLchrome:yt2convmp3skinicon.png - %ProfilePath%\extensions\2conv@hotger.com.xpi
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- WhatsApp Panel - %ProfilePath%\extensions\whatsapppanel@alejandrobrizuela.com.ar.xpi
- Screengrab fix version - %ProfilePath%\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\Drak\AppData\Roaming\Philips-Songbird\Profiles\hxeqrza0.default
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-cs@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com
- Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\opa4unjt.default
8CE35D76726DFC8C3848BB26B3C79A54 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll - Shockwave for Director / Shockwave for Director
7FB1DC8C464CAFC230E7AD6392AE859B - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll - Shockwave Flash
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
daanglpcpkjjlkhcbladppjphglbigam - No path found[]
fcoadmpfijfcmokecmkgolhbaeclfage - No path found[]
Chrome Media Router - Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} -
http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
==== Reset Google Chrome ======================
C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccc.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cli.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtagent.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtlauncher.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\raptrstub.exe deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raptr deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Drak\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Drak\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Drak\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Drak\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Drak\AppData\Local\Mozilla\Firefox\Profiles\opa4unjt.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=93 folders=60 56458451 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Drak\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 25.09.2016 at 22:28:47,10 ======================