offline
- Pridružio: 27 Sep 2013
- Poruke: 94
|
Zoek.exe v5.0.0.0 Updated 10-February-2014
Tool run by digital on sre 12.02.2014 at 22:10:13,15.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\digital\My Documents\Downloads\zoek.scr [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-02-12-202313.log 19140 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MgAssistService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MgAssistService deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\g2zdq4un.default-1366142093421
user.js not found
---- Lines TV removed from prefs.js ----
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.hotfix.lastVersion", "20130826.01");
user_pref("valueApps.storage.mam_gk_currentVersion", "312E31332E302E3137");
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.autoDisableScopes", -1);
user_pref("valueApps.storage./9B-0?3G@6:5;", "");
user_pref("valueApps.storage./9B-0?3G>D", "686B696E723F42417A43437A4A2077487C7B25237C23522A265653282656275C295B292E");
user_pref("valueApps.storage./9B-0?3GFA7EF", "2B2E2C3D");
user_pref("valueApps.storage./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D68
user_pref("valueApps.storage./9B/>01=9A6K6<IM;KRIE@PDAWM", "6E6A68707374757677");
user_pref("valueApps.storage./9B;45>:BI9I7IE", "2B2E2C3D");
user_pref("valueApps.storage./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("valueApps.storage./9B?B0D:8AJ62<H", "6D");
user_pref("valueApps.storage./9B+7E-x305", "2423");
user_pref("valueApps.storage./9B+7E,x305", "2423");
user_pref("valueApps.storage./9B+7E.:2z527", "2423");
user_pref("valueApps.storage./9B+7E.x305", "2423");
user_pref("valueApps.storage./9B+7E/x305", "2423");
user_pref("valueApps.storage./9B+7E:x305", "2423");
user_pref("valueApps.storage./9B+7E;x305", "2423");
user_pref("valueApps.storage./9B+7E?x305", "2423");
user_pref("valueApps.storage./9B+7E@x305", "2423");
user_pref("valueApps.storage./9B+7E+x305", "2423");
user_pref("valueApps.storage./9B+7E<x305", "2423");
user_pref("valueApps.storage./9B+7E=x305", "2423");
user_pref("valueApps.storage./9B+7E>x305", "2423");
user_pref("valueApps.storage./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E7777727A7A7B78242F4B49474F42357D5D5C3D");
user_pref("valueApps.storage./9B+7E06CG5EL8:", "6E6D6871716C74747572");
user_pref("valueApps.storage./9B+7E0x305", "2423");
user_pref("valueApps.storage./9B+7E1x305", "2423");
user_pref("valueApps.storage./9B+7E2x305", "2423");
user_pref("valueApps.storage./9B+7E3x305", "2423");
user_pref("valueApps.storage./9B+7E4x305", "2423");
user_pref("valueApps.storage./9B+7E5x305", "2423");
user_pref("valueApps.storage./9B+7E6x305", "2423");
user_pref("valueApps.storage./9B+7E7x305", "2423");
user_pref("valueApps.storage./9B+7E8x305", "2423");
user_pref("valueApps.storage./9B+7E9x305", "2423");
user_pref("valueApps.storage./9B+7EAx305", "2423");
user_pref("valueApps.storage./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
user_pref("valueApps.storage./9B+7EBx305", "2423");
user_pref("valueApps.storage./9B+7ECx305", "2423");
user_pref("valueApps.storage./9B+7EDx305", "2423");
user_pref("valueApps.storage./9B+7Etx305", "2423");
user_pref("valueApps.storage./9B<:222H64<", "393F352F3E");
user_pref("valueApps.storage./9B<:222H64<L8DAJ", "6D70706E7674737977772A7972727D7E757E7B");
user_pref("valueApps.storage./9B=+03EH8H8J?:", "4443");
user_pref("valueApps.storage./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
user_pref("valueApps.storage./9B5BA==9CJAG", "3D6E69716F3E6D6F7A7045497A787B4A4C7A792022");
user_pref("valueApps.storage./9B6B11G4C56B>F;P;ANR@P", "6E6D6871716C7474766F707377");
user_pref("valueApps.storage./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
user_pref("valueApps.storage./9B9643G3/9E", "6A");
user_pref("valueApps.storage./9BA@0<0BI6A7GN:6@L?", "6C");
user_pref("valueApps.storage._key_cl_active", "35373032373332612D653564312D343266662D396561352D393734303833386262303136");
user_pref("valueApps.storage.cbfirsttime", "5361742046656220303120323031342032303A30303A313820474D542B30313030202843656E7472616C204575726F7065616E2053
user_pref("valueApps.storage.mam_gk_appsDefaultEnabled", "6E756C6C");
user_pref("valueApps.storage.mam_gk_appState_Clarity_Active", "6F6E");
user_pref("valueApps.storage.mam_gk_appStateReportTime", "31333931333735303130383036");
user_pref("valueApps.storage.mam_gk_calledSetupService", "31");
user_pref("valueApps.storage.mam_gk_first_time", "31");
user_pref("valueApps.storage.mam_gk_lastLoginTime", "31333931333735303131373032");
user_pref("valueApps.storage.mam_gk_mamEnabled", "66616C7365");
user_pref("valueApps.storage.mam_gk_showWelcomeGadget", "66616C7365");
user_pref("valueApps.storage.mam_gk_stamp", "35345F30");
user_pref("valueApps.storage.mam_gk_user_approval_interacted", "");
user_pref("valueApps.storage.mam_gk_userId", "35336163313338312D616264622D343065332D623861642D656337636565653363306163");
user_pref("valueApps.storage.PG_ENABLE", "74727565");
user_pref("valueApps.storage.url_history0001", "687474703A2F2F61736B2E666D2F4A6F76616E6152697374696339383A3A3A636C69636B68616E646C65723A3A3A3133393133
---- Lines PlusWinks removed from prefs.js ----
user_pref("extensions.pluswinks@PlusWinks.id", "\"9e6a5197-597f-65f5-954b-b8cda1883f7a\"");
user_pref("extensions.pluswinks@PlusWinks.mzID", "63");
user_pref("extensions.pluswinks@PlusWinks.uuid", "\"f5d94b01-13ed-11e3-8099-0025901ef77c\"");
---- Lines SpeedAnalysis removed from prefs.js ----
user_pref("extensions.speedanalysis02@SpeedAnalysis.com.id", "\"4345cc23-b190-c077-56b0-538e0b05611a\"");
user_pref("extensions.speedanalysis02@SpeedAnalysis.com.mzID", "75");
user_pref("extensions.speedanalysis02@SpeedAnalysis.com.uuid", "\"f5d09643-13ed-11e3-8099-0025901ef77c\"");
---- FireFox user.js and prefs.js backups ----
prefs_12.02.2014_2246_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mobilegeni daemon"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="C:\WINDOWS\system32\rundll32.exe"
[HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="C:\WINDOWS\system32\rundll32.exe"
==== Batch Command(s) Run By Tool======================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
==== Deleting Files \ Folders ======================
"C:\Documents and Settings\digital\My Documents\??????????\PopularScreensaversSetup2.5.14.73.^ZR^fox000^YYA^.exe" not found
C:\Program Files\PopularScreensavers_7i\bar\2.bin deleted
C:\Program Files\PopularScreensavers_7i\bar\1.bin deleted
C:\Documents and Settings\digital\Application Data\newnext.me deleted
C:\Program Files\PopularScreensavers_7i deleted
C:\Documents and Settings\digital\Local Settings\Application Data\genienext deleted
C:\Documents and Settings\digital\.android deleted
C:\Program Files\GreenTree Applications deleted
C:\Program Files\Systweak Support Dock deleted
C:\Documents and Settings\digital\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk deleted
C:\Documents and Settings\digital\Application Data\freegames111 deleted
C:\Documents and Settings\digital\Application Data\speedtest4354 deleted
C:\Documents and Settings\All Users\Application Data\Datamngr deleted
C:\Documents and Settings\All Users\Application Data\Wincert deleted
C:\Documents and Settings\All Users\Application Data\Allmyapps deleted
C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign deleted
C:\Documents and Settings\digital\Local Settings\Application Data\Mobogenie deleted
C:\Documents and Settings\digital\Local Settings\Application Data\cache deleted
C:\Documents and Settings\digital\Start Menu\Programs\Mobogenie deleted
C:\WINDOWS\System32\SET8E.tmp deleted
C:\WINDOWS\System32\SET92.tmp deleted
C:\WINDOWS\System32\SET9A.tmp deleted
C:\WINDOWS\System32\SETE4.tmp deleted
C:\WINDOWS\System32\tmp11.tmp deleted
C:\WINDOWS\System32\tmp12.tmp deleted
C:\Documents and Settings\digital\My documents\Mobogenie deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml deleted
"C:\Documents and Settings\digital\daemonprocess.txt" deleted
"C:\Program Files\Mobogenie\DaemonProcess.exe" deleted
"C:\Program Files\Mobogenie\libeay32.dll" deleted
"C:\Program Files\Mobogenie\msvcp100.dll" deleted
"C:\Program Files\Mobogenie\msvcr100.dll" deleted
"C:\Program Files\Mobogenie\QtCore4.dll" deleted
"C:\Program Files\Mobogenie\QtGui4.dll" deleted
"C:\Program Files\Mobogenie\QtNetwork4.dll" deleted
"C:\Program Files\Mobogenie\QtSql4.dll" deleted
"C:\Program Files\Mobogenie\QtWebKit4.dll" deleted
"C:\Program Files\Mobogenie\ssleay32.dll" deleted
"C:\Program Files\Mobogenie\DaemonProcess.exe" deleted
"C:\Program Files\Mobogenie\libeay32.dll" deleted
"C:\Program Files\Mobogenie\msvcp100.dll" deleted
"C:\Program Files\Mobogenie\msvcr100.dll" deleted
"C:\Program Files\Mobogenie\QtCore4.dll" deleted
"C:\Program Files\Mobogenie\QtGui4.dll" deleted
"C:\Program Files\Mobogenie\QtNetwork4.dll" deleted
"C:\Program Files\Mobogenie\QtSql4.dll" deleted
"C:\Program Files\Mobogenie\QtWebKit4.dll" deleted
"C:\Program Files\Mobogenie\ssleay32.dll" deleted
"C:\Program Files\Mobogenie" deleted
"C:\Program Files\Mobogenie" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [19.04.2013 12:35]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\g2zdq4un.default-1366142093421
- Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Site Finder - %ProfilePath%\extensions\sitefinder@sitefinder.com
- New tab - %ProfilePath%\extensions\{6F977649-B06D-7809-9725-1FCFD3AC8308}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\g2zdq4un.default-1366142093421
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
2557FBC582910A71CDEB0F22886D118D - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
C2321043FA2CA4C32FF449DE6116B5D9 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director
F0DBF31A1C23D334A02FDF524701D390 - C:\Documents and Settings\digital\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
B50F45C9DCE776FCA64A3A8BD3D6A6F7 - C:\Games\GreenWebPlayer\npgreenwebplayer.dll - GreenWebPlayer
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
==== Deleted Firefox Extensions ======================
C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\g2zdq4un.default-1366142093421\extensions\{6F977649-B06D-7809-9725-1FCFD3AC8308} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jljheddigenhleadfofeccneimcmlefp - C:\Documents and Settings\digital\Application Data\speedtest4354\speedtest4354.crx[]
Street Racers - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cohkjfondhjjfehnehlpmjpljpihfhfc
Qualys BrowserCheck for Windows - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk
Run Pixie Run - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfkmokjholoinfcnlolbjfaokmoegeoh
MotorAuthority in Pictures - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iejnbmehnhkijljppacclfbmkncnaekh
Anatomy Games - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbplkkegndhkgnendpdhcffamoplajga
Viber - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lakmihnejgenmnokmckaemfmailphjpl
Value apps - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
English vocabulary - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj
WeatherBug - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco
Foto Rulez - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk
Allin1Convert - digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj
Docs - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
==== Chrome Fix ======================
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon deleted successfully
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\digital\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\digital\Local Settings\Application Data\Mozilla\Firefox\Profiles\g2zdq4un.default-1366142093421\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\digital\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3546 folders=560 286573841 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully
C:\Documents and Settings\digital\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\digital\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\digital\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on sre 12.02.2014 at 23:17:13,81 ======================
|
) i sacuvaj ga na Desktop
Preuzmi 
) sa 
dugme i 
Kopiraj sadrzaj tog loga u poruku.
Remove disinfection tools
