offline
- Pridružio: 28 Apr 2012
- Poruke: 62
|
Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Administrator on Tue 10/21/2014 at 13:51:59.03.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrator\Desktop\zoek.pif [Scan all users] [Script inserted]
==== System Restore Info ======================
10/21/2014 1:52:14 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\360 deleted successfully
C:\Program Files\SiteLookup deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\USBSecurity deleted successfully
C:\Documents and Settings\Administrator\Application Data\SimilarAddon deleted successfully
C:\Documents and Settings\Administrator\Application Data\WebExtend deleted successfully
C:\Documents and Settings\Administrator\Local Settings\Application Data\GHISLER deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Update neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Util neurowise deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Util neurowise deleted successfully
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default
---- Lines neurowise removed from prefs.js ----
user_pref("extensions.neurowise.asul", "1413849983797");
user_pref("extensions.neurowise.aul", "1413849649418");
user_pref("extensions.neurowise.irl", true);
user_pref("extensions.neurowise.is", "cbslug10");
user_pref("extensions.neurowise.ug", "64504D28-B1CC-4878-B836-1A6A2710AF1C");
---- Lines {1cdbda58-45f8-4d91-b566-8edce18f8d0a} removed from prefs.js ----
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.config_sm", "1411946848862");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.daysPassed", "{\"t2d\":true,\"t7d\":true,\"t10d\":true}");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.installtime", "1409524089.982");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.is_bundle", "true");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.isFirstRun", "false");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.last_version", "");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.lastC", "{\"sm\":392462,\"mo\":392540,\"li\":392543}");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.moEnabled", true);
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.moLastC", "1412192099031");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.remEv", "1413155856018");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.server", "https://s7921.webovernet.com");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.src", "7921");
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.toolbarButtonInstalled", true);
user_pref("{1cdbda58-45f8-4d91-b566-8edce18f8d0a}.user_id", "B1C325C2-B0DE-4D40-875C-584CF94C8568");
---- Lines {25dd52dc-89a8-469d-9e8f-8d483095d1e8} removed from prefs.js ----
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.daysPassed", "{\"t2d\":true}");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.installtime", "1412003059.161");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.is_bundle", "true");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.isFirstRun", "false");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.last_version", "");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.lastC", "{\"sm\":392223,\"li\":392323,\"mo\":392314}");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.moEnabled", true);
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.remEv", "1412363824355");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.server", "https://s7907.webovernet.com");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.src", "7907");
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.toolbarButtonInstalled", true);
user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.user_id", "46C7C2AF-BD8B-4DD6-825B-267EB8E32858");
---- Lines {aef90853-1c88-47e0-97d4-0da8f83f6c66} removed from prefs.js ----
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.daysPassed", "{\"t2d\":true,\"t7d\":true,\"t10d\":true}");
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.installtime", "1412363819.763");
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.isFirstRun", "false");
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.lastC", "{\"sm\":392660,\"mo\":392732,\"li\":392735}");
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.moEnabled", true);
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.server", "https://s99992.webovernet.com");
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.src", "99992");
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.toolbarButtonInstalled", true);
user_pref("{aef90853-1c88-47e0-97d4-0da8f83f6c66}.user_id", "95426602950244");
---- Lines {aef90853-1c88-47e0-97d4-0da8f83f6c66} modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines {bda388db-b4e9-4193-b83a-bca1947df5c3} removed from prefs.js ----
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.config_sm", "1409524093810");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.daysPassed", "{\"t2d\":true}");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.installtime", "1409524089.982");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.is_bundle", "true");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.isFirstRun", "false");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.last_version", "");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.moEnabled", true);
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.remEv", "1410103986161");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.server", "https://s7921.webovernet.com");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.src", "7921");
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.toolbarButtonInstalled", true);
user_pref("{bda388db-b4e9-4193-b83a-bca1947df5c3}.user_id", "B1C325C2-B0DE-4D40-875C-584CF94C8568");
---- Lines {cc6cc772-f121-49e0-b1f0-c26583cb0c5e} removed from prefs.js ----
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.config_sm", "1411946848862");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.daysPassed", "{\"t2d\":true,\"t7d\":true,\"t10d\":true}");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.installtime", "1409524089.982");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.is_bundle", "true");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.isFirstRun", "false");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.last_version", "");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.moEnabled", true);
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.moLastC", "1412192099031");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.remEv", "1412251262498");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.server", "https://s7921.webovernet.com");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.src", "7921");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.toolbarButtonInstalled", true);
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.user_id", "B1C325C2-B0DE-4D40-875C-584CF94C8568");
---- Lines {db615d8a-b766-4397-9ef1-0eeaf684d8da} removed from prefs.js ----
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.daysPassed", "{\"t2d\":true,\"t7d\":true}");
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.installtime", "1413155855.089");
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.isFirstRun", "false");
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.lastC", "{\"sm\":392711,\"mo\":392732}");
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.moEnabled", true);
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.server", "https://s99992.webovernet.com");
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.src", "99992");
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.toolbarButtonInstalled", true);
user_pref("{db615d8a-b766-4397-9ef1-0eeaf684d8da}.user_id", "74577527703336");
---- Lines {db615d8a-b766-4397-9ef1-0eeaf684d8da} modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines conduit removed from prefs.js ----
user_pref("smartbar.conduitHomepageList", "http://trovi.com/?UM=4&ctid=CT2431400&SearchSource=13&CUI=UN13300929532815621");
user_pref("smartbar.conduitSearchAddressUrlList", "http://trovi.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=2&CUI=UN13300929532815621&UM=4&q=");
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.storage.mam_gk_userId", "65336235636363342D373936392D343361332D396339322D666233383132326232303666");
---- Lines trovi removed from prefs.js ----
user_pref("smartbar.homepageList", "http://trovi.com/?UM=4&ctid=CT2431400&SearchSource=13&CUI=UN13300929532815621");
user_pref("smartbar.searchAddressUrlList", "http://trovi.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=2&CUI=UN13300929532815621&UM=4&q=");
---- Lines finder removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
---- Lines smartbar removed from prefs.js ----
user_pref("smartbar.addressBarOwnerCTID", "CT2431400");
user_pref("smartbar.defaultSearchOwnerCTID", "CT2431400");
user_pref("smartbar.homePageOwnerCTID", "CT2431400");
user_pref("Smartbar.keywordURLSelectedCTID", "CT2431400");
user_pref("smartbar.machineId", "LIQ7YJQBOBKYRSB9ETLVRFMEBRSONKRWKR4YUHWZ7/GWUD3LRNTR3QM0KESRVA7HB7TKTDPOZSW0D5E/SIEOBQ");
user_pref("Smartbar.TBHomepagesList", "");
user_pref("Smartbar.TBSearchEngineList", "");
user_pref("Smartbar.TBSearchUrlList", "");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----
user_20141021_0158_.backup
prefs_20141021_0158_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutorunRemover.exe"=-
==== Deleting Files \ Folders ======================
"c:\documents and settings\All Users\Application Data\USBSecurity" not found
c:\program files\AutorunRemover deleted
c:\program files\neurowise deleted
C:\Program Files\ComPlus Applications deleted
C:\Documents and Settings\Administrator\Start Menu\Programs\MyPC Backup deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\searchplugins\mb2-customized-web-search.xml deleted
C:\Documents and Settings\Administrator\Desktop\Sync Folder.lnk deleted
C:\Documents and Settings\Administrator\Desktop\MyPC Backup.lnk deleted
C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\extensions\{aef90853-1c88-47e0-97d4-0da8f83f6c66} deleted
C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\extensions\{db615d8a-b766-4397-9ef1-0eeaf684d8da} deleted
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 12:36 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default
- Undetermined - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\extensions\{aef90853-1c88-47e0-97d4-0da8f83f6c66}
- Undetermined - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\extensions\{db615d8a-b766-4397-9ef1-0eeaf684d8da}
- Undetermined - {fe651286-52a1-461b-a17a-f258b4b81968}
- Undetermined - {aef90853-1c88-47e0-97d4-0da8f83f6c66}
- Undetermined - {db615d8a-b766-4397-9ef1-0eeaf684d8da}
- neurowise - %ProfilePath%\extensions\{fe651286-52a1-461b-a17a-f258b4b81968}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
632F5B29E8C27631E7AC76E330FE2980 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U7
AB87C54CA19675880B0CAE65B8AF140C - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\pb5782zn.default\extensions\{fe651286-52a1-461b-a17a-f258b4b81968}.xpi deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=117 folders=30 7936415 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Administrator\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on Tue 10/21/2014 at 14:02:47.93 ======================
mycity.rs/must-login.png
|