Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by super385011 on 31/05/2015 at 19:15:28,04. Microsoft Windows 8.1 Single Language 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\super385011\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-05-31-024834.log 423031 bytes C:\zoek-results2015-05-31-220038.log 5009 bytes ==== FireFox Fix ====================== Deleted from C:\Users\SUPER3~1\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Added to C:\Users\SUPER3~1\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\oursurfingSoftware] [-HKEY_LOCAL_MACHINE\SOFTWARE\oursurfingSoftware\oursurfinghp] [-HKEY_USERS\S-1-5-21-2537286444-1251575466-2462476524-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\oursurfing.com] [HKEY_USERS\S-1-5-21-2537286444-1251575466-2462476524-1001\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" ==== Deleting Files \ Folders ====================== "C:\Windows\Prefetch\AMT_OURSURFING.EXE-945B5AA9.pf" not found ==== Folders Found ====================== 2015-05-31 02:27:54 2015-05-31 02:27:55 -------- d---a-w- C:\zoek_backup\C_Users_super385011_AppData_Roaming_oursurfing ==== Files Found ====================== --- C:\Users\super385011\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VMEY6COI\www.oursurfing[1].xml --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 13 Created time: 2015-05-30 19:26:17 Modified time: 2015-05-30 19:26:17 MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 --- C:\zoek_backup\C_Users_super385011_AppData_LocalLow_Microsoft_Internet Explorer_DOMStore_VMEY6COI_www.oursurfing[1].xml.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 13 Created time: 2015-05-31 21:52:48 Modified time: 2015-05-30 19:26:17 MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 --- C:\zoek_backup\C_Windows_Prefetch_AMT_OURSURFING.EXE-945B5AA9.pf.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 77408 Created time: 2015-05-31 21:52:48 Modified time: 2015-05-30 17:17:03 MD5: 054C8861B752A8E250F12655076B4E9D SHA1: 48FE046679F92D3DE41E8A377DE58AB643232E3E ==== Registry Search Results for "oursurfing" ====================== No instances of string "oursurfing" found. ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\SUPER3~1\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sweetsearch@gmail.com"="C:\Users\super385011\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default\extensions\sweetsearch@gmail.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\SUPER3~1\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default - Undetermined - C:\Users\super385011\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default\extensions\searchffv2@gmail.com - Undetermined - C:\Users\super385011\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Undetermined - C:\Users\super385011\AppData\Roaming\Mozilla\Firefox\Profiles\ts05rh7v.default\extensions\sweetsearch@gmail.com - Undetermined - %ProfilePath%\extensions\searchffv2@gmail.com ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 Google Slides - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Gmail - super385011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\super385011\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\sweetsearch@gmail.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\super385011\Desktop\Command Prompt.lnk - C:\Windows\system32\cmd.exe C:\Users\super385011\Desktop\gpedit.msc - Atalho.lnk - C:\Windows\SysWOW64\gpedit.msc C:\Users\super385011\Desktop\SCANUTILITY - Atalho.lnk - C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe C:\Users\super385011\Desktop\Suporte Intelbras WRN240Slim.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Fotor.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe EverimagingCo.Limited.Fotor C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Manual do Usuário.lnk - C:\Users\Public\Desktop\Movie Moments.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe Microsoft.MovieMoments C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.MundoPositivo C:\Users\Public\Desktop\Positivo 3D Incrível.lnk - C:\Users\Public\Desktop\Positivo Dicas.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoAjudante C:\Users\Public\Desktop\Positivo DJ.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 4C0D1DF4.PositivoMsicasDJ C:\Users\Public\Desktop\Positivo Horóscopo.lnk - C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos C:\Users\Public\Desktop\Positivo Mulher.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoMulher C:\Users\Public\Desktop\Positivo Mídia.lnk - C:\Users\Public\Desktop\Positivo Verde e Amarelo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoVerdeeAmarelo C:\Users\Public\Desktop\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe C:\Users\Public\Desktop\xbmc.lnk - C:\Program Files (x86)\XBMC\XBMC.exe ==== shortcuts in Users Start Menu ====================== C:\Users\super385011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\super385011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kcleaner.lnk - C:\Users\super385011\Desktop\Clean Master\kcleaner.exe C:\Users\super385011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\Users\super385011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\Users\super385011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\super385011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Premier.lnk - E:\AVAST SoftwareAvast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast SafeZone.lnk - E:\AVAST SoftwareAvast\AvastUI.exe /sfzonebrowser C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Scan Utility\IJ Scan Utility.lnk - C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool\LGMobile Support Tool.lnk - C:\ProgramData\LGMOBILEAX\LGMLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool\Uninstall.lnk - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine.lnk - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe /resident /shownow C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Uninstall Panda USB Vaccine.lnk - C:\Program Files (x86)\Panda USB Vaccine\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Help.lnk - C:\Program Files (x86)\UltraISO\ultraiso.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Readme.lnk - C:\Program Files (x86)\UltraISO\Readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Revision History.lnk - C:\Program Files (x86)\UltraISO\History.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\Uninstall UltraISO.lnk - C:\Program Files (x86)\UltraISO\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Clean Master.lnk - C:\Users\super385011\Desktop\Clean Master\kcleaner.exe -src:8 C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Clean Master.lnk - C:\Users\super385011\Desktop\Clean Master\kcleaner.exe -src:8 C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mundo Positivo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.MundoPositivo C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Panda USB Vaccine.lnk - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe /resident /shownow C:\Users\super385011\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Empty Chrome Cache ====================== C:\Users\super385011\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=57 folders=19 509023 bytes) ==== EOF on 31/05/2015 at 19:22:42,13 ======================