Re: Dostal se mi do PC malware - Adaware Secure Search
Napsal: 03 led 2020 22:19
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by DarkWerewolf on p 03.01.2020 at 20:15:06,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Download Firefox\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
3.1.2020 20:18:48 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\7-Zip deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\IrfanView deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\CanonIJScan deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\IrfanView deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\Opera deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\ts3overlay_hook_win64 deleted successfully
C:\Users\DarkWerewolf\AppData\Local\Opera deleted successfully
C:\Users\DarkWerewolf\AppData\Local\WarThunder deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3689603141-1990402863-4256546215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3689603141-1990402863-4256546215-1000\Software\Mozilla\Firefox\Extensions\acewebextension_unlisted@acestream.org deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.search.defaultenginename", "Default Search Engine");
user_pref("browser.search.selectedEngine", "Default Search Engine");
Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.newtab.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__191220");
user_pref("browser.search.defaultenginename", "Default Search Engine");
user_pref("browser.search.selectedEngine", "Default Search Engine");
user_pref("browser.search.suggest.enabled", true);
Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/");
Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----
prefs_03.01.2020_2041_.backup
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
user.js not found
---- Lines securedsearch removed from prefs.js ----
user_pref("browser.newtabpage.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__191220");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----
prefs_03.01.2020_2041_.backup
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs_03.01.2020_2041_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\7-Zip not found
C:\Users\DarkWerewolf\AppData\Roaming\7DaysToDie deleted
C:\Users\DarkWerewolf\AppData\LocalLow\{590AEAB8-AFF4-FB62-85F7-D4270A615E77} deleted
C:\Users\DarkWerewolf\AppData\LocalLow\{99B80A54-2B29-1BD1-3401-A9E97CF3C478} deleted
C:\Users\DarkWerewolf\AppData\Local\Packages\windows_ie_ac_001\AC\{99B80A54-2B29-1BD1-3401-A9E97CF3C478} deleted
C:\Users\DarkWerewolf\AppData\Roaming\bitlord_log.txt deleted
C:\Users\DarkWerewolf\AppData\Roaming\BitLord deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\DarkWerewolf\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64} deleted
C:\Users\DarkWerewolf\AppData\Local\cache deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\DarkWerewolf\Documents\BitLord deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\searchplugins\yahoo.xml" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
- NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi
- __MSG_avastAppShortName__ - %ProfilePath%\extensions\sp@avast.com.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi
- theme: images: theme_frame: Brushed_black_o.jpg colors: frame: 808080 tab_background_text: ffffff version: 2.0 Brushed Black manifest_version: 2 description: brushed black white krazer verkrazt schwarz nice modern abstract persona firefox bayern bavaria weiss wei\u00c3\u0178 omg lol wtf - %ProfilePath%\extensions\{a2df062f-8b7e-43ba-a943-bbe8671517fb}.xpi
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
- ChatZilla - C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll - [?]
- C:\Users\DarkWerewolf\AppData\Roaming\ACEStream\player\npace_plugin.dll - [?]
784DBD845E2E2897C9609657CAB74F1D - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
F393B78929B97D9AFBE5A1781B715BC3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
Profilepath: C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll - [?]
784DBD845E2E2897C9609657CAB74F1D - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
F393B78929B97D9AFBE5A1781B715BC3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\DarkWerewolf\AppData\Local\Google\Chrome SxS deleted
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]
==== Chromium Startpages ======================
C:\Users\DarkWerewolf\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.com/" ]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
==== Reset Google Chrome ======================
C:\Users\DarkWerewolf\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF640D9A-FDEE-24B1-3A56-D124133BF244} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\99ec5e62-9d5e-41e0-9a2e-d7a61d723f05 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VICTORY Gaming Keyboard deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\DarkWerewolf\AppData\Local\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\cache2 emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3408 folders=117 474860148 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Oliwka\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DARKWE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
==== EOF on p 03.01.2020 at 22:13:37,09 ======================
Tool run by DarkWerewolf on p 03.01.2020 at 20:15:06,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Download Firefox\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
3.1.2020 20:18:48 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\7-Zip deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\IrfanView deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\CanonIJScan deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\IrfanView deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\Opera deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\ts3overlay_hook_win64 deleted successfully
C:\Users\DarkWerewolf\AppData\Local\Opera deleted successfully
C:\Users\DarkWerewolf\AppData\Local\WarThunder deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3689603141-1990402863-4256546215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3689603141-1990402863-4256546215-1000\Software\Mozilla\Firefox\Extensions\acewebextension_unlisted@acestream.org deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.search.defaultenginename", "Default Search Engine");
user_pref("browser.search.selectedEngine", "Default Search Engine");
Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.newtab.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__191220");
user_pref("browser.search.defaultenginename", "Default Search Engine");
user_pref("browser.search.selectedEngine", "Default Search Engine");
user_pref("browser.search.suggest.enabled", true);
Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/");
Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----
prefs_03.01.2020_2041_.backup
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
user.js not found
---- Lines securedsearch removed from prefs.js ----
user_pref("browser.newtabpage.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__191220");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----
prefs_03.01.2020_2041_.backup
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs_03.01.2020_2041_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\7-Zip not found
C:\Users\DarkWerewolf\AppData\Roaming\7DaysToDie deleted
C:\Users\DarkWerewolf\AppData\LocalLow\{590AEAB8-AFF4-FB62-85F7-D4270A615E77} deleted
C:\Users\DarkWerewolf\AppData\LocalLow\{99B80A54-2B29-1BD1-3401-A9E97CF3C478} deleted
C:\Users\DarkWerewolf\AppData\Local\Packages\windows_ie_ac_001\AC\{99B80A54-2B29-1BD1-3401-A9E97CF3C478} deleted
C:\Users\DarkWerewolf\AppData\Roaming\bitlord_log.txt deleted
C:\Users\DarkWerewolf\AppData\Roaming\BitLord deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\DarkWerewolf\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64} deleted
C:\Users\DarkWerewolf\AppData\Local\cache deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\DarkWerewolf\Documents\BitLord deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\searchplugins\yahoo.xml" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
- NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi
- __MSG_avastAppShortName__ - %ProfilePath%\extensions\sp@avast.com.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi
- theme: images: theme_frame: Brushed_black_o.jpg colors: frame: 808080 tab_background_text: ffffff version: 2.0 Brushed Black manifest_version: 2 description: brushed black white krazer verkrazt schwarz nice modern abstract persona firefox bayern bavaria weiss wei\u00c3\u0178 omg lol wtf - %ProfilePath%\extensions\{a2df062f-8b7e-43ba-a943-bbe8671517fb}.xpi
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
- ChatZilla - C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll - [?]
- C:\Users\DarkWerewolf\AppData\Roaming\ACEStream\player\npace_plugin.dll - [?]
784DBD845E2E2897C9609657CAB74F1D - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
F393B78929B97D9AFBE5A1781B715BC3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
Profilepath: C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll - [?]
784DBD845E2E2897C9609657CAB74F1D - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
F393B78929B97D9AFBE5A1781B715BC3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\DarkWerewolf\AppData\Local\Google\Chrome SxS deleted
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]
==== Chromium Startpages ======================
C:\Users\DarkWerewolf\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.com/" ]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
==== Reset Google Chrome ======================
C:\Users\DarkWerewolf\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF640D9A-FDEE-24B1-3A56-D124133BF244} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\99ec5e62-9d5e-41e0-9a2e-d7a61d723f05 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VICTORY Gaming Keyboard deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\DarkWerewolf\AppData\Local\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\cache2 emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3408 folders=117 474860148 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Oliwka\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DARKWE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
==== EOF on p 03.01.2020 at 22:13:37,09 ======================