Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Felipe Cota on 30/06/2015 at 6:56:42,35.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Felipe Cota\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30/06/2015 06:58:17 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\AAALOGO deleted successfully
C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 deleted successfully
C:\PROGRA~2\Disktrix deleted successfully
C:\PROGRA~2\FreeTime deleted successfully
C:\PROGRA~2\IObit deleted successfully
C:\PROGRA~2\Kalypso Media deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Roxio deleted successfully
C:\PROGRA~2\WildTangent deleted successfully
C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Nero deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\BitTorrent Sync deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\LogoMaker deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\Roxio deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\TeamViewer deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\VIVO INTERNET deleted successfully
C:\Users\Felipe Cota\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Users\Felipe Cota\AppData\Local\calibre-cache deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BD7A7647-CE97-447F-B1A9-6C2C23EAFB5D} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AAALOGO not found
C:\PROGRA~2\Baidu-Security-2014-4.4.4.82805 not found
C:\PROGRA~2\Disktrix not found
C:\PROGRA~2\FreeTime not found
C:\PROGRA~2\IObit not found
C:\PROGRA~2\Kalypso Media not found
C:\PROGRA~2\Roxio not found
C:\PROGRA~2\WildTangent not found
C:\PROGRA~2\Wondershare not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
C:\Users\Felipe Cota\AppData\Roaming\Arduino15 deleted
C:\Users\Felipe Cota\AppData\Roaming\calibre deleted
C:\PROGRA~3\fhhpadcigcgkpmlcmgbbmbgllgmcjmcb deleted
C:\PROGRA~2\unisalees deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\install.exe deleted
C:\found.000 deleted
C:\Users\Felipe Cota\AppData\Roaming\IHlpr deleted
C:\Users\Felipe Cota\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\Wondershare Video Converter Ultimate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Felipe Cota\AppData\Local\Thinstall deleted
C:\Users\Felipe Cota\AppData\Local\Wondershare deleted
C:\Users\Felipe Cota\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\wangzhisong deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\jetpack deleted
C:\Users\Felipe Cota\AppData\Roaming\unins000.exe deleted
"C:\Windows\Installer\2e6af7.msi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"
online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\
online_banking@kaspersky.com" [24/05/2015 17:51]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\FELIPE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706
- FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
- GBBD Banco do Brasil - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\
online_banking@kaspersky.com
- NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:
www.netvideohunter.com em
ptionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\
netvideohunter@netvideohunter.com
- Ant Video Downloader - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\
anttoolbar@ant.com
- Flash and Video Download - C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\
content_blocker@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\
virtual_keyboard@kaspersky.com
- Ant Video Downloader - %ProfilePath%\extensions\
anttoolbar@ant.com
- NetVideoHunter em:version1.18.1-signed em:descriptionDownload flash videos FLV and music MP3 from any video site For example: YouTube Metacafe DailyMotion Vimeo. em:creatorNetVideoHunter em:type2 em:unpacktrue em:homepageURLhttp:
www.netvideohunter.com em
ptionsURLchrome:netvideohuntercontentoptions.xul em:iconURLchrome:netvideohunterskinnetvideohunterIcon32.png - %ProfilePath%\extensions\
netvideohunter@netvideohunter.com
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Felipe Cota\AppData\Roaming\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706
FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Felipe Cota\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
7E22425470F2072890C5747F07628846 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
D87C0639158DFC59B39E1B804F297B40 - C:\Users\Felipe Cota\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
==== Chromium Look ======================
Google Chrome Version: 43.0.2357.130
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\FELIPE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[17/02/2015 09:49]
RealDownloader - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Lingua.ly - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilcekgoelpgecpjnnoikhbleipnjdhf
Google Drive App Launcher - Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com/"
"Default_Page_URL"="
http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="
http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="
http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-963786325-3815717461-3828834076-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\
WSVCU@Wondershare.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\298F139EA89018C4D8DE0431BDE9B396 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent Sync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_VIVO INTERNET deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Felipe Cota\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Felipe Cota\AppData\Local\Mozilla\Firefox\Profiles\8o9fd4hk.default-1425141970706\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Felipe Cota\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=880 folders=242 324065504 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Felipe Cota\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\FELIPE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/06/2015 at 7:21:52,98 ======================