Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by ACER on 2017-07-02 at 14:47:08,54. Microsoft Windows 10 Famille 10.0.15063 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\ACER\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 2017-07-02 14:50:02 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Citrix deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\Evernote deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully C:\Users\ACER\AppData\Local\ActiveSync deleted successfully C:\Users\ACER\AppData\Local\DBG deleted successfully C:\Users\ACER\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\ACER\AppData\Local\EmieSiteList deleted successfully C:\Users\ACER\AppData\Local\EmieUserList deleted successfully C:\Users\ACER\AppData\Local\NetworkTiles deleted successfully C:\Users\ACER\AppData\Local\PDFCreator deleted successfully C:\Users\ACER\AppData\Local\Skype deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2395469347-72987715-2083823997-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2395469347-72987715-2083823997-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2395469347-72987715-2083823997-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully HKEY_USERS\S-1-5-21-2395469347-72987715-2083823997-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\pdf_architect_4_conv@pdfarchitect.org deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Citrix not found C:\PROGRA~2\Wise\Wise Registry Cleaner deleted C:\found.000 deleted C:\found.001 deleted C:\PROGRA~3\Package Cache deleted C:\Users\ACER\AppData\Local\Wondershare deleted C:\WINDOWS\wininit.ini deleted C:\Users\ACER\ZHPCleaner.exe deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [2016-12-21 08:46] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [2016-12-21 08:46] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "kpm_win_add_on@kaspersky"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky" [2016-06-24 12:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\ze3fulnf.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\ze3fulnf.default 57C7E359ED8D049132EED23EFA444C63 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll - Shockwave Flash 9E602A9634AC3EFA8CD5BC4CD943416B - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll - Shockwave Flash 9BF98236C009EB0A5571E9CA96847269 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll - Shockwave Flash E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\ACER\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 EA16467E3338B5003E8C4A997FD4B805 - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fhoibnponjcgjgcnfacekaijdbbplhib - https://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gebpdbfmpedcnopofelmhndhincfkhki - https://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki[] Google Docs - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky Password Manager - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki Google Docs Offline - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://acer.msn.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://acer.msn.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\ACER\Desktop\ZHPCleaner.lnk - C:\Users\ACER\ZHPCleaner.exe C:\Users\ACER\Desktop\ZHPDiag.lnk - C:\Users\ACER\AppData\Roaming\ZHP\ZHPDiag3.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Users\Public\Desktop\Acronis Sauvegarde en un seul clic..lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe /one_click_backup C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Public\Desktop\Bejeweled 2 Deluxe.lnk - C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\WinBej2.exe C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk - C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE C:\Users\Public\Desktop\Canon MX860 series Manuel en ligne.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MX860 SERIES\French\Info.egv" C:\Users\Public\Desktop\Canon My Image Garden.lnk - C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe C:\Users\Public\Desktop\Canon My Printer.lnk - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /dt C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe C:\Users\Public\Desktop\clear.fi.lnk - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe C:\Users\Public\Desktop\Exact Audio Copy.lnk - C:\Program Files (x86)\Exact Audio Copy\EAC.exe C:\Users\Public\Desktop\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Kaspersky Password Manager.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe C:\Users\Public\Desktop\Kaspersky Total Security.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe C:\Users\Public\Desktop\Kobo.lnk - C:\Program Files (x86)\Kobo\Kobo.exe C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\PDF Architect 4.lnk - C:\Program Files\PDF Architect 4\architect.exe C:\Users\Public\Desktop\PDF-Viewer.lnk - C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Protection bancaire.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe -safebanking C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe C:\Users\Public\Desktop\Sound Normalizer.lnk - C:\Program Files (x86)\Sound Normalizer\Normalizer.exe C:\Users\Public\Desktop\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp acerdt C:\Users\Public\Desktop\Wise Registry Cleaner.lnk - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe ==== shortcuts in Users Start Menu ====================== C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\ACER\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\A propos de Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurer Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rechercher les mises à jour.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games\Bejeweled 2 Deluxe\Play Bejeweled 2 Deluxe.lnk - C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\WinBej2.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games\Bejeweled 2 Deluxe\Uninstall Bejeweled 2 Deluxe.lnk - C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\Install.log" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games\Bejeweled 2 Deluxe\View Readme.lnk - C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\readme.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr\PlaysTV.lnk - C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe ==== shortcuts in Quick Launch ====================== C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\Users\ACER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ACER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\ACER\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\ACER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\ACER\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\ACER\AppData\Local\Mozilla\Firefox\Profiles\ze3fulnf.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=88 folders=29 33429369 bytes) ==== Empty Temp Folders ====================== C:\Users\ACER\AppData\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\ACER\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 2017-07-02 at 16:38:55,93 ======================