
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Gilles on 15/05/2016 at  7:41:57,76.
Microsoft Windows 7 Édition Familiale Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gilles\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

15/05/2016 07:43:08 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\DSP-worx deleted successfully
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\hpmonitor deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\Users\Gilles\AppData\Roaming\ARISTON LS 244 user guide deleted successfully
C:\Users\Gilles\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Gilles\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Gilles\AppData\Roaming\Samsung deleted successfully
C:\Users\Gilles\AppData\Roaming\Yahoo! deleted successfully
C:\Users\Gilles\AppData\Roaming\__TMPZipFolder deleted successfully
C:\Users\Gilles\AppData\Local\CrashDumps deleted successfully
C:\Users\Gilles\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Gilles\AppData\Local\EmieSiteList deleted successfully
C:\Users\Gilles\AppData\Local\EmieUserList deleted successfully
C:\Users\Gilles\AppData\Local\PDFCreator deleted successfully
C:\Users\Gilles\AppData\Local\Secunia PSI deleted successfully
C:\Users\Gilles\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2812756817-2013019344-563408239-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\pdf_architect_4_conv@pdfarchitect.org deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== Running Processes ======================

C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Users\Gilles\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\DSP-worx not found
C:\PROGRA~2\Freemake not found
C:\PROGRA~2\hpmonitor not found
C:\PROGRA~2\Cheat Engine 6.1 deleted
C:\Users\Gilles\AppData\Roaming\VideoConverterPackages deleted
C:\PROGRA~3\DivX deleted
C:\PROGRA~2\Yahoo! deleted
C:\install.exe deleted
C:\Users\Gilles\AppData\Roaming\FreeVideoConverter deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Software deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Gilles\ZHPCleaner.exe deleted
C:\Users\Gilles\ZHPDiag3.exe deleted
"C:\ProgramData\2f203f382a2154382a_c" deleted
"C:\Users\Gilles\AppData\Roaming\driver\driver.html" deleted
"C:\Users\Gilles\AppData\Roaming\driver" deleted

==== Orphaned Tasks deleted from Registry ======================

Tches de l'Observateur d'vnements deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"
"RealDownloader"="C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMBVolumeWatcher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sony\\PlayMemories Home\\PMBVolumeWatcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Shockwave Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="Shockwave Updater"
"hkey"="HKCU"
"command"="\"C:\\Windows\\SysWOW64\\Adobe\\Shockwave 12\\SwHelper_1220162.exe\" -Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\RealPlayer Cloud Service UI.lnk"
"backup"="C:\\Windows\\pss\\RealPlayer Cloud Service UI.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Real\\REALPL~1\\RPDS\\Bin64\\RPSYST~1.EXE "
"item"="RealPlayer Cloud Service UI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gilles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
"path"="C:\\Users\\Gilles\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gilles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
"path"="C:\\Users\\Gilles\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.4"


==== Startup Folders ======================

2012-06-11 13:48:54	270336	----a-w-	C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
2014-10-16 12:51:30	2099	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2014-12-15 15:30:26	1248	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
2016-03-04 06:19:28	1236	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/05/2016 08:36]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 14:44]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 14:44]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Motorola Device Manager Engine" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2812756817-2013019344-563408239-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2812756817-2013019344-563408239-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2812756817-2013019344-563408239-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2812756817-2013019344-563408239-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2812756817-2013019344-563408239-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2812756817-2013019344-563408239-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\{D4750148-73A9-4C40-9ADF-5C523581BF77}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.18.0.106/fr/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\{F9E26E47-7589-4BC1-A906-BC81D28DDE99}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.16.0.105/fr/abandoninstall?source=lightinstaller&amp;page=tsPlugin]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16/10/2014 14:53]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16/10/2014 14:53]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86



==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.fr/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Gilles\Desktop\ZHPCleaner.lnk - C:\Users\Gilles\ZHPCleaner.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPFix\ZHPhep.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk - C:\Users\Gilles\AppData\Local\Ankama\Dofus\Dofus.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Image Extractor\Open Install Location.lnk - C:\Program Files (x86)\PDF Image Extractor 
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Image Extractor\PDF Image Extractor Website.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Image Extractor\PDF Image Extractor.lnk - C:\Program Files (x86)\PDF Image Extractor\PDFImageExtractorStarter.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Image Extractor\Uninstall PDF Image Extractor.lnk - C:\Windows\System32\msiexec.exe /x {DDA48298-6C7E-47B3-B2FB-873483846EBA}
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 6\Acheter PhotoZoom Pro 6.lnk - C:\Program Files\PhotoZoom Pro 6\Order.txt 
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 6\Lisez moi.lnk - C:\Program Files\PhotoZoom Pro 6\Read me.txt 
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 6\PhotoZoom Pro 6 Aide.lnk - C:\Program Files\PhotoZoom Pro 6\Help\index.html 
C:\Users\Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 6\PhotoZoom Pro 6.lnk - C:\Program Files\PhotoZoom Pro 6\PhotoZoom Pro 6.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk - C:\Windows\Installer\{9085040C-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\A propos de Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurer Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rechercher les mises à jour.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Désinstaller Malwarebytes Anti-Malware.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Base.lnk - C:\Program Files (x86)\OpenOffice 4\program\sbase.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Draw.lnk - C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Impress.lnk - C:\Program Files (x86)\OpenOffice 4\program\simpress.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Math.lnk - C:\Program Files (x86)\OpenOffice 4\program\smath.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice Writer.lnk - C:\Program Files (x86)\OpenOffice 4\program\swriter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 4\PDF Architect 4.lnk - C:\Program Files\PDF Architect 4\architect.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 4\Uninstall or Modify PDF Architect 4.lnk - C:\ProgramData\PDF Architect 4\Installation\PDFArchitect4Installer.exe /uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Faire un don.lnk - C:\Program Files\PDFCreator\Faire un don.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Page d'accueil de PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Aide.lnk - C:\Program Files\PDFCreator\PDFCreator_english.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk - C:\Program Files\PDFCreator\AFPL License.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk - C:\Program Files\PDFCreator\FairPlay License.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk - C:\Program Files\PDFCreator\GNU License.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\Outil de découpage RealPlayer.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealDownloader.lnk - C:\Windows\Installer\{48D18738-099C-4FAA-AFD9-80B592A25478}\recordingmanager.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer (RealTimes).lnk - C:\program files (x86)\real\realplayer\realplay.exe /launch:start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPFix\ZHPhep.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Command Prompt.lnk - C:\Windows\system32\cmd.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Event Viewer.lnk - C:\Windows\system32\eventvwr.msc /s
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\OpenOffice Calc.lnk - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\XnView.lnk - C:\Program Files (x86)\XnView\xnview.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -  
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Gilles\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{19E5E729-519D-1541-3107-BDE4A99704FD} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D14143D5782BEE842A45208B63A8E465 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QO7144H will be deleted at reboot
C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KP2F22EJ will be deleted at reboot
C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2B6ZH7B will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Gilles\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21 folders=27 20275905 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gilles\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Gilles\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-32-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QO7144H" deleted
"C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KP2F22EJ" deleted
"C:\Users\Gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2B6ZH7B" deleted

==== EOF on 15/05/2016 at  8:28:03,08 ======================