
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jack on 27/04/2016 at 16:42:11,38.
Microsoft® Windows Vista Édition Familiale Basique  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jack\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

27/04/2016 16:43:25 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\BELOTE2000 deleted successfully
C:\Program Files\Garmin GPS Plugin deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\VS Revo Group deleted successfully
C:\PROGRA~2\Yahoo! deleted successfully
C:\Users\Jack\AppData\Roaming\BRT deleted successfully
C:\Users\Jack\AppData\Roaming\DiskDefrag deleted successfully
C:\Users\Jack\AppData\Roaming\FreeCall deleted successfully
C:\Users\Jack\AppData\Roaming\GlarySoft deleted successfully
C:\Users\Jack\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jack\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Jack\AppData\Roaming\Yahoo! deleted successfully
C:\Users\Jack\AppData\Local\ArtifactGesticulate deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FTRTSVC deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FTRTSVC deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FTRTSVC deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FTRTSVC deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default

user.js not found
---- Lines SaltarSmart removed from prefs.js ----
user_pref("extensions.SaltarSmart.aul", "1413978260268");
user_pref("extensions.SaltarSmart.irl", true);
user_pref("extensions.SaltarSmart.is", "tg4stfr");
user_pref("extensions.SaltarSmart.ug", "15F4C088-75F4-4E66-8D16-E132E53E48AE");
---- Lines nspdl removed from prefs.js ----
user_pref("extensions.nspdl.data.aliveDate", "20131012");
user_pref("extensions.nspdl.data.instlDate", "20131012");
user_pref("extensions.nspdl.general.firstRun", false);
user_pref("extensions.nspdl.general.guid", "33403488-c70d-4279-9482-c494b6cf3080");
user_pref("extensions.nspdl.general.version", "9.5.3");
---- Lines yahoo removed from prefs.js ----
user_pref("distribution.yahoofr.bookmarksProcessed", true);
---- Lines Lyric removed from prefs.js ----
user_pref("extensions.a62073e4f1fc64849894946690b9524ef69ed285a4f5a47669a6e3b77a27fe618com43906.43906.description", "LyricsSay will allow you to displ
---- Lines browser.startup.page removed from prefs.js ----
user_pref("backup.old.browser.startup.page", 1);
---- Lines a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868 removed from prefs.js ----
user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.41868.iframe", false);
user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.41868.setnewtab", false);
user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.41868.thankyou", "");
user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.41868.updateinterval", 360);
user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.firstrun", false);
user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.hadappinstalled", true);
---- FireFox user.js and prefs.js backups ---- 

prefs_042016_1708_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\BELOTE2000 not found
C:\Program Files\Garmin GPS Plugin not found
C:\Program Files\VS Revo Group not found
"C:\Windows\Installer\14b94.msi" not found
C:\Program Files\Fichiers communs deleted
C:\Program Files\Micro Application deleted
C:\Program Files\Mozilla Firefox\.autoreg deleted
C:\Program Files\Yahoo! deleted
C:\MININT deleted
C:\F3DSetup.exe deleted
C:\setupfreecall.exe deleted
C:\Users\Jack\AppData\Roaming\WB.CFG deleted
C:\Users\Jack\AppData\Roaming\icsw_0p1f1e1t0j1t1ctj1v0p1c1l1r1p0f1f2y1g2z1t1l1g1v0n1f0a1q1h1l1g.txt deleted
C:\Users\Jack\AppData\Roaming\stats.txt deleted
C:\PROGRA~2\OEM Links deleted
C:\PROGRA~2\Micro Application deleted
C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\Users\Jack\AppData\Local\{49027F5E-6DAA-13E6-0032-360E245ACA96} deleted
C:\Users\Public\AlexaNSISPlugin.21404.dll deleted
C:\Users\Public\AlexaNSISPlugin.7508.dll deleted
C:\Users\Jack\AppData\LocalLow\Yahoo deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default\nspdl deleted
C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default\Yahoo! Inc deleted
C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted
"C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default\extensions\pdfforge@mybrowserbar.com" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml" deleted
"C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-france.xml" deleted

==== Orphaned Tasks deleted from Registry ======================

ArtifactGesticulateV2 deleted
avast Emergency Update deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default
user_pref("browser.search.defaulturl", "");
user_pref("keyword.URL", "http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default
user_pref("network.proxy.type", 5);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/04/2016 02:29]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{81b13b5d-fba1-49fd-9a6b-189483ac548a}"="C:\Program Files\Pass-Widget\134.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default
- Xmarks - %ProfilePath%\extensions\foxmarks@kei.com
- Menu contextuel Orange - %ProfilePath%\extensions\menu_contextuel_orange@orange.fr
- barre doutils Orange - %ProfilePath%\extensions\toolbar@Orange.fr
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- SaltarSmart 1.0.1 - %ProfilePath%\extensions\{f4c0f677-49eb-423a-a3fd-c0d064073ef8}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\xbgvb7w1.default
FC5D7AF1FC3A63782E19B375E2312D1C	- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
F169116C1BA501AB4D0D66D41FF496B5	- C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
5B92CB0A3EEE50F6B9AE036B4F9B0F0C	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
52CE0DBFD9738AE528CF525A0367EBEB	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
AC421A44DE902F2627F1E63793ED89CD	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live? Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation


==== Chromium Look ======================

Google Chrome Version: 47.0.2526.58

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25/04/2016 02:26]


==== Chromium Startpages ======================

C:\Users\Jack\AppData\Roaming\Opera Software\Opera Stable\Preferences
"homepage": "http://fr.4yendex.com/?utm_source=sdks&utm_medium=fr01&utm_campaign=0095add677f716336c07b103b63add72",
"urls_to_restore_on_startup": [ "http://fr.4yendex.com/?utm_source=sdks&utm_medium=fr01&utm_campaign=0095add677f716336c07b103b63add72" ]


==== Chromium Fix ======================

C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/"
"Search Bar"="http://search.ke.voila.fr/S/voila?kw="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.fr/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes "Backup.Old.DefaultScope"="{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}"
HKLM\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
HKCU\SearchScopes "DefaultScope"="{43861A1A-4B0B-443B-AAAA-EAFC625DA82B}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{43861A1A-4B0B-443B-AAAA-EAFC625DA82B} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1975632500-1474631056-2399262937-1000\Software\Mozilla\Firefox\Extensions\{81b13b5d-fba1-49fd-9a6b-189483ac548a} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\69F57756D019F8A46959B58A19786930 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jack\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Jack\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=53 folders=16 14793207 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\FMDK7412\AppData\Local\Temp emptied successfully
C:\Users\Jack\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jack\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 27/04/2016 at 17:17:09,10 ======================