Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» 9-Lab Malware Removal Tool ( ... by 9-lab.com )
Sab Dez 31, 2016 4:24 am por joram

» SFCFix ( ... de niemiro )
Sab Dez 24, 2016 9:29 am por joram

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

Março 2017

SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
2728293031  

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Google Chrome travando, log para analise.

    Compartilhe
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Google Chrome travando, log para analise.

    Mensagem por Edvan em Qua Jul 24, 2013 2:26 pm

    Aqui o povo não tem noção das coisas, tanto que eu aviso, mais o pessoal infectada as maquinas quase que semanalmente, baixando porcaria da net, termina botando vírus.

    Log para analise [Você precisa estar registrado e conectado para ver este link.]

    Log combofix [Você precisa estar registrado e conectado para ver este link.]


    Ferramentas executadas:

    1º AdwCleaner
    2º JRT
    3º combofix
    4º RogueKiller

    # AdwCleaner v2.306 - Relatório criado em 24/07/2013 às 09:58:57
    # Atualizado em 19/07/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : f001699 - FUN0069
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\f001699\Meus documentos\Downloads\AdwCleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****


    ***** [Arquivos/Pastas] *****

    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\eSafe

    ***** [Registro] *****

    Chave Removida : HKLM\Software\eSafeSecControl
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
    Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
    Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9

    ***** [Navegadores] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registro está limpo.

    -\\ Mozilla Firefox v21.0 (en-US)

    Arquivo : C:\Documents and Settings\f001699\Dados de aplicativos\Mozilla\Firefox\Profiles\ug98df3l.default\prefs.js

    [OK] Arquivo está limpo.

    -\\ Google Chrome v28.0.1500.72

    Arquivo : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

    [OK] Arquivo está limpo.

    *************************

    AdwCleaner[S1].txt - [1823 octets] - [24/07/2013 09:58:57]

    ########## EOF - C:\AdwCleaner[S1].txt - [1883 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.9 (04.22.2013:1)
    OS: Microsoft Windows XP x86
    Ran by f001699 on 24/07/2013 at 10:03:01,82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/07/2013 at 10:05:27,56
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    RogueKiller V8.6.3 [Jul 17 2013] Por Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : [Você precisa estar registrado e conectado para ver este link.]
    Site : [Você precisa estar registrado e conectado para ver este link.]
    Blog : [Você precisa estar registrado e conectado para ver este link.]

    Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Iniciado em : Modo Normal
    Usuario : f001699 [Privilegios de Admnistrador]
    Modo : Verificar -- Data : 07/24/2013 10:33:19
    | ARK || FAK || MBR |

    ¤¤¤ Entradas ruins : 0 ¤¤¤

    ¤¤¤ Entradas do Registro : 2 ¤¤¤
    [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

    ¤¤¤ As tarefas agendadas : 0 ¤¤¤

    ¤¤¤ entradas de inicialização : 0 ¤¤¤

    ¤¤¤ Os navegadores da Web : 0 ¤¤¤

    ¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

    ¤¤¤ Driver : [Carregado] ¤¤¤

    ¤¤¤ Hives externas: ¤¤¤

    ¤¤¤ Infecção :  ¤¤¤

    ¤¤¤ Arquivo de Hosts: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1       localhost


    ¤¤¤ Verificaçao do MBR: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1600AABS-00PRA0 +++++
    --- User ---
    [MBR] 80a6657b42825ac6810859005066bc2c
    [BSP] 180240fed3f22cbe38d3518245a1e1e9 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Concluido : << RKreport[0]_S_07242013_103319.txt >>
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Google Chrome travando, log para analise.

    Mensagem por joram em Qua Jul 24, 2013 3:17 pm

    Boa Tarde! Edvan

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver esta imagem.][Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    startupall;
    chromelook; 
    autoclean; 
    filesrcm; 
    emptyalltemp;
     

    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script". 

    Zoek.exe is running now. 
    Do not start any browser windows, they will be closed automatically. 
    Please wait! This window will close when finished. 
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
    |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt << 

    A+
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Google Chrome travando, log para analise.

    Mensagem por Edvan em Qua Jul 24, 2013 3:36 pm

    Zoek.exe Version 4.0.0.4 Updated 21-07-2013
    Tool run by f001699 on 24/07/2013 at 16:28:24,93.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Documents and Settings\f001699\Desktop\zoek.exe [Script inserted] 

    ==== System Restore Info ======================

    24/07/2013 16:28:44 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== Deleting Files \ Folders ======================

    "C:\WINDOWS\002749_.tmp" deleted

    ==== Files Recently Created / Modified ======================

    ====== C:\WINDOWS ====
    2013-07-24 13:10:22 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
    2013-07-24 13:10:22 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
    2013-07-24 13:10:22 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
    2013-07-24 13:10:22 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
    2013-07-24 13:10:22 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
    2013-07-10 17:39:29 25848558468BC46555D0230A82C7079E 32866 ------w- C:\WINDOWS\slrundll.exe
    ====== C:\DOCUME~1\f001699\CONFIG~1\Temp ====
    ====== C:\WINDOWS\system32 =====
    2013-07-15 13:41:54 4A6293B5AF0D482DCC22C38F42E590A5 3072 ------w- C:\WINDOWS\System32\iacenc.dll
    ====== C:\WINDOWS\system32\drivers =====
    2013-07-16 13:43:36 8F866DF9A974BFFDCB2001D303BC0695 49536 ----a-w- C:\WINDOWS\System32\drivers\gbpkm.sys
    2013-07-16 13:42:54 B7CC2AF3D5604EFDC5F82AF7A5B21FB1 31088 ----a-w- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
    2013-07-10 17:39:47 B43B36B382AEA10861F7C7A37F9D4AE2 46592 ------w- C:\WINDOWS\System32\drivers\irbus.sys
    2013-07-10 17:32:50 BA0430DC1E3B4F6F430054CBEE0AD58D 3615 ------w- C:\WINDOWS\System32\drivers\adv05nt5.dll
    2013-07-10 17:32:50 82BA64F157A505F34AC7029A4E017A85 3967 ------w- C:\WINDOWS\System32\drivers\adv02nt5.dll
    2013-07-10 17:32:50 1DB7E555D740ED57FB97957394528864 4255 ------w- C:\WINDOWS\System32\drivers\adv01nt5.dll
    2013-07-10 17:32:49 E0E2D4BC9432911215B5BA091B4936A8 3775 ------w- C:\WINDOWS\System32\drivers\adv11nt5.dll
    2013-07-10 17:32:49 D649C57DA6FA762C64013747E5D7D2D6 56623 ------w- C:\WINDOWS\System32\drivers\ati1btxx.sys
    2013-07-10 17:32:49 CB08AED0DE2DD889A8A820CD8082D83C 42752 ------w- C:\WINDOWS\System32\drivers\alim1541.sys
    2013-07-10 17:32:49 99937B99DD0405CA322CDED013F95F47 3135 ------w- C:\WINDOWS\System32\drivers\adv08nt5.dll
    2013-07-10 17:32:49 95B4FB835E28AA1336CEEB07FD5B9398 43008 ------w- C:\WINDOWS\System32\drivers\amdagp.sys
    2013-07-10 17:32:49 6FDC61E8E8E17F6ECC2D9A10FA8DF347 12047 ------w- C:\WINDOWS\System32\drivers\ati1pdxx.sys
    2013-07-10 17:32:49 60B6AA2DC1521DA343F781B70EB7895A 11615 ------w- C:\WINDOWS\System32\drivers\ati1mdxx.sys
    2013-07-10 17:32:49 3E444E8A9A5196255643745F99E6596C 3711 ------w- C:\WINDOWS\System32\drivers\adv09nt5.dll
    2013-07-10 17:32:49 31F789D7C168D6BE07275359AB6DE6DD 3647 ------w- C:\WINDOWS\System32\drivers\adv07nt5.dll
    2013-07-10 17:32:49 08FD04AA961BDC77FB983F328334E3D7 42368 ------w- C:\WINDOWS\System32\drivers\agp440.sys
    2013-07-10 17:32:49 03A7E0922ACFE1B07D5DB2EEB0773063 44928 ------w- C:\WINDOWS\System32\drivers\agpcpq.sys
    2013-07-10 17:32:48 F7706DAE7D101F1B19CE552D772EBFCE 21343 ------w- C:\WINDOWS\System32\drivers\ati1ttxx.sys
    2013-07-10 17:32:48 ED4C2BF8403F4437987C0BA09CF48716 13824 ------w- C:\WINDOWS\System32\drivers\atinmdxx.sys
    2013-07-10 17:32:48 DAC7D785CF62F5BD41441E9D6F5A6EFE 26367 ------w- C:\WINDOWS\System32\drivers\ati1snxx.sys
    2013-07-10 17:32:48 BCAF267B10620F8C93F6E87AB726E145 63663 ------w- C:\WINDOWS\System32\drivers\ati1rvxx.sys
    2013-07-10 17:32:48 9D318099BF3876A4AF4BC75966D27603 30671 ------w- C:\WINDOWS\System32\drivers\ati1raxx.sys
    2013-07-10 17:32:48 993E7BD6438FE989E328C6B4BCA246A9 57856 ------w- C:\WINDOWS\System32\drivers\atinbtxx.sys
    2013-07-10 17:32:48 6F714B4720DD80FFA9F8D2731594EA4C 36463 ------w- C:\WINDOWS\System32\drivers\ati1tuxx.sys
    2013-07-10 17:32:48 69FDBE3DD108C70D9695ECF9C9B3839D 701440 ------w- C:\WINDOWS\System32\drivers\ati2mtag.sys
    2013-07-10 17:32:48 67FFBC158DD4D27BA3FC92C6ACD87F73 29455 ------w- C:\WINDOWS\System32\drivers\ati1xbxx.sys
    2013-07-10 17:32:48 0D8CAB1F08F7D3C4DE228B49E12E596A 34735 ------w- C:\WINDOWS\System32\drivers\ati1xsxx.sys
    2013-07-10 17:32:48 06F2BF2209FA04EFD587A3B72E3E4B64 327040 ------w- C:\WINDOWS\System32\drivers\ati2mtaa.sys
    2013-07-10 17:32:47 FE6C177E89767CD3704661E4AEDE7556 25471 ------w- C:\WINDOWS\System32\drivers\atv04nt5.dll
    2013-07-10 17:32:47 EDD66332608D27F4FD5069BCD0BC5164 73216 ------w- C:\WINDOWS\System32\drivers\atintuxx.sys
    2013-07-10 17:32:47 E90AC2B14E98F1A4372E5891B4278784 14336 ------w- C:\WINDOWS\System32\drivers\atinpdxx.sys
    2013-07-10 17:32:47 DA36687D701C833430605A298731410B 52224 ------w- C:\WINDOWS\System32\drivers\atinraxx.sys
    2013-07-10 17:32:47 D80A8F6C0A717446496C3A06D33B0D9C 13824 ------w- C:\WINDOWS\System32\drivers\atinttxx.sys
    2013-07-10 17:32:47 CEDDEE2E0591894D19654D458FD3B9BE 28672 ------w- C:\WINDOWS\System32\drivers\atinsnxx.sys
    2013-07-10 17:32:47 C1F4B3AC664FA34D4B6239AAAF7705FA 21183 ------w- C:\WINDOWS\System32\drivers\atv01nt5.dll
    2013-07-10 17:32:47 ADFC31F9EED0E62EF5DCC8053103E0DF 14143 ------w- C:\WINDOWS\System32\drivers\atv06nt5.dll
    2013-07-10 17:32:47 A7A01B907DB63898D40B0A14248FF9A2 104960 ------w- C:\WINDOWS\System32\drivers\atinrvxx.sys
    2013-07-10 17:32:47 8E59F9BE251C8AE32A1CEB068B3F96B1 64352 ------w- C:\WINDOWS\System32\drivers\ativmc20.cod
    2013-07-10 17:32:47 8AB101B8C07918919FD694DD9107BE24 11359 ------w- C:\WINDOWS\System32\drivers\atv02nt5.dll
    2013-07-10 17:32:47 77B575D7AAB35D5908AE6CE681608D62 63488 ------w- C:\WINDOWS\System32\drivers\atinxsxx.sys
    2013-07-10 17:32:47 3E7D485CBD0B0D9F6EA2AD9442411831 31744 ------w- C:\WINDOWS\System32\drivers\atinxbxx.sys
    2013-07-10 17:32:46 FCA6F069597B62D42495191ACE3FC6C1 37888 ------w- C:\WINDOWS\System32\drivers\bthmodem.sys
    2013-07-10 17:32:46 EB5082A905507D3265FAA17F1F236AA4 272384 ------w- C:\WINDOWS\System32\drivers\bthport.sys
    2013-07-10 17:32:46 BB68CEBFFD181E18A26112D1B9F90F3D 36480 ------w- C:\WINDOWS\System32\drivers\bthprint.sys
    2013-07-10 17:32:46 B279426E3C0C344893ED78A613A73BDE 17024 ------w- C:\WINDOWS\System32\drivers\bthenum.sys
    2013-07-10 17:32:46 80602B8746D3738F5886CE3D67EF06B6 101120 ------w- C:\WINDOWS\System32\drivers\bthpan.sys
    2013-07-10 17:32:46 71190C96F2678AB0F671C3DEACCB5DD4 15423 ------w- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
    2013-07-10 17:32:46 61364CD71EF63B0F038B7E9DF00F1EFA 18944 ------w- C:\WINDOWS\System32\drivers\bthusb.sys
    2013-07-10 17:32:46 4027E1B22D2A1EB4213394F2948FEB3D 17279 ------w- C:\WINDOWS\System32\drivers\atv10nt5.dll
    2013-07-10 17:32:46 3194C32E8A2403073B812183355E25C6 129045 ------w- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    2013-07-10 17:32:45 EBB354438A4C5A3327FB97306260714A 1041536 ------w- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
    2013-07-10 17:32:45 BB1A6FB7D35A91E599973FA74A619056 19200 ------w- C:\WINDOWS\System32\drivers\hidir.sys
    2013-07-10 17:32:45 970178E8E003EB1481293830069624B9 220032 ------w- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
    2013-07-10 17:32:45 670B33A60C4113160488CE439A11190A 25728 ------w- C:\WINDOWS\System32\drivers\hidbth.sys
    2013-07-10 17:32:45 3A74C423CF6BCCA6982715878F450A3B 46464 ------w- C:\WINDOWS\System32\drivers\gagp30kx.sys
    2013-07-10 17:32:45 1225EBEA76AAC3C84DF6C54FE5E5D8BE 685056 ------w- C:\WINDOWS\System32\drivers\hsfcxts2.sys
    2013-07-10 17:32:44 C53775780148884AC87C455489A0C070 126686 ------w- C:\WINDOWS\System32\drivers\mtlmnt5.sys
    2013-07-10 17:32:44 B538DCD9816EA35FA4F637CFC261AAA8 12672 ------w- C:\WINDOWS\System32\drivers\mutohpen.sys
    2013-07-10 17:32:44 905CB655E93D39C97E078A3C4C884F31 67866 ------w- C:\WINDOWS\System32\drivers\netwlan5.img
    2013-07-10 17:32:44 6DDA78A0BE692B61B668FAB860F276CF 452736 ------w- C:\WINDOWS\System32\drivers\mtxparhm.sys
    2013-07-10 17:32:44 576B34CEAE5B7E5D9FD2775E93B3DB53 180360 ------w- C:\WINDOWS\System32\drivers\ntmtlfax.sys
    2013-07-10 17:32:44 54886A652BF5685192141DF304E923FD 1309184 ------w- C:\WINDOWS\System32\drivers\mtlstrm.sys
    2013-07-10 17:32:44 195741AEE20369980796B557358CD774 11868 ------w- C:\WINDOWS\System32\drivers\mdmxsdk.sys
    2013-07-10 17:32:43 2B298519EDBFCF451D43E0F1E8F1006D 1897408 ------w- C:\WINDOWS\System32\drivers\nv4_mini.sys
    2013-07-10 17:32:42 E9AAA0092D74A9D371659C4C38882E12 13776 ------w- C:\WINDOWS\System32\drivers\recagent.sys
    2013-07-10 17:32:41 851C30DF2807FCFA21E4C681A7D6440E 59136 ------w- C:\WINDOWS\System32\drivers\rfcomm.sys
    2013-07-10 17:32:41 726548542AFECA56257FF01EB13BB6D7 30592 ------w- C:\WINDOWS\System32\drivers\rndismpx.sys
    2013-07-10 17:32:41 0DBCC071A268E0340A2BA6BDD98BACE4 166912 ------w- C:\WINDOWS\System32\drivers\s3gnbm.sys
    2013-07-10 17:32:39 D66D22D76878BF3483A6BE30183FB648 10240 ------w- C:\WINDOWS\System32\drivers\sffp_mmc.sys
    2013-07-10 17:32:39 95190C6BF4B5F24CAA155648F71863EA 3901 ------w- C:\WINDOWS\System32\drivers\siint5.dll
    2013-07-10 17:32:39 6B33D0EBD30DB32E27D1D78FE946A754 40960 ------w- C:\WINDOWS\System32\drivers\sisagp.sys
    2013-07-10 17:32:38 F9B8E30E82EE95CF3E1D3E495599B99C 95424 ------w- C:\WINDOWS\System32\drivers\slnthal.sys
    2013-07-10 17:32:38 DB56BB2C55723815CF549D7FC50CFCEB 13240 ------w- C:\WINDOWS\System32\drivers\slwdmsup.sys
    2013-07-10 17:32:38 D9673011648A71ED1E1F77B831BC85E6 129535 ------w- C:\WINDOWS\System32\drivers\slnt7554.sys
    2013-07-10 17:32:38 D85938F272D1BCF3DB3A31FC0A048928 44672 ------w- C:\WINDOWS\System32\drivers\uagp35.sys
    2013-07-10 17:32:38 895BE38A993B9BD5ABBE570D63D88A2E 5888 ------w- C:\WINDOWS\System32\drivers\smbali.sys
    2013-07-10 17:32:38 2C1779C0FEB1F4A6033600305EBA623A 404990 ------w- C:\WINDOWS\System32\drivers\slntamr.sys
    2013-07-10 17:32:37 E32047035D19D1F6916AD75456A4FC10 11325 ------w- C:\WINDOWS\System32\drivers\vchnt5.dll
    2013-07-10 17:32:37 B4D7B7AD8A9F7C063C5CC3E2C1A0724E 12928 ------w- C:\WINDOWS\System32\drivers\usb8023x.sys
    2013-07-10 17:32:37 ACED8C149B30F8496C237BCBA3727B48 14208 ------w- C:\WINDOWS\System32\drivers\wacompen.sys
    2013-07-10 17:32:37 754292CE5848B3738281B4F3607EAEF4 42240 ------w- C:\WINDOWS\System32\drivers\viaagp.sys
    2013-07-10 17:32:37 63BBFCA7F390F4C49ED4B96BFB1633E0 121984 ------w- C:\WINDOWS\System32\drivers\usbvideo.sys
    2013-07-10 17:32:36 7BB3AA595E4507A788DE1CDC63F4C8C4 11871 ------w- C:\WINDOWS\System32\drivers\wadv09nt.sys
    2013-07-10 17:32:36 791CC45DE6E50445BE72E8AD6401FF45 25471 ------w- C:\WINDOWS\System32\drivers\watv10nt.sys
    2013-07-10 17:32:36 714038A8AA5DE08E12062202CD7EAEB5 11295 ------w- C:\WINDOWS\System32\drivers\wadv08nt.sys
    2013-07-10 17:32:36 36E6C405B6143D09687F4056FD9A0D10 11935 ------w- C:\WINDOWS\System32\drivers\wadv11nt.sys
    2013-07-10 17:32:36 352FA0E98BC461CE1CE5D41F64DB558D 22271 ------w- C:\WINDOWS\System32\drivers\watv06nt.sys
    2013-07-10 17:32:36 0308AEF61941E4AF478FA1A0F83812F5 11807 ------w- C:\WINDOWS\System32\drivers\wadv07nt.sys
    2013-06-28 11:03:54 22EA82FFE8CA4965C1994F24C35DC202 175 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    2013-06-26 17:35:50 FAF091AA45A6A6CF3CF94FE065950956 175 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    2013-06-26 17:35:48 3FFBEE694566CADB0A64D8A1ACD7DBCE 175 ----a-w- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    ====== C:\WINDOWS\Tasks ======
    2013-07-16 11:13:37 294A37A2CA1E4B3ABE8DEB18CCF1E549 260 ----a-w- C:\WINDOWS\Tasks\WGASetup.job
    2013-07-10 18:13:18 948E8285DC3A948F2ED6BC8DAC3077BA 458 ---ha-w- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9EF3CD9D-FF4D-41DD-B756-ABF343C41E1D}.job
    ====== C:\WINDOWS\Temp ======
    ======= C:\Arquivos de programas =====
    2013-07-24 13:37:29 -------- d-----w- C:\Arquivos de programas\ZHPDiag
    2013-07-16 13:42:40 -------- d-----w- C:\Arquivos de programas\GbPlugin
    ======= C: =====
    2013-07-24 13:39:47 80A6657B42825AC6810859005066BC2C 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-07-24 12:58:57 D29AB2EAFC057FA7A0F65399585C0D68 1952 ----a-w- C:\AdwCleaner[S1].txt
    2013-07-10 17:01:33 016455C58F3A936894B3C75C70399CEB 4069 ----a-w- C:\DelFix.txt
    2013-07-10 14:06:56 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
    2013-07-10 14:06:53 C51A881398F29071239741AE16D07C1C 261856 --sha-r- C:\cmldr
    ====== C:\Documents and Settings\f001699\Dados de aplicativos ======
    2013-07-24 13:06:01 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
    2013-07-16 13:42:40 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
    2013-07-16 13:41:48 0E3C88DBC9FB91A937E2CDC090AA2347 14190 ----a-w- C:\Documents and Settings\f001699\Dados de aplicativos\unins000.dat
    2013-07-10 18:12:20 -------- d-----w- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema
    2013-07-10 14:03:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Ferramentas administrativas
    2013-07-05 19:22:09 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\eUpdate
    ====== C:\Documents and Settings\f001699 ======
    2013-07-24 15:22:14 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
    2013-07-10 18:13:21 -------- d-sh--w- C:\Documents and Settings\f001699\IECompatCache
    2013-07-10 18:13:06 -------- d-sh--w- C:\Documents and Settings\f001699\PrivacIE
    2013-07-10 18:11:48 -------- d-sh--w- C:\Documents and Settings\f001699\IETldCache
    2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\NetworkService\Configuraþ§es locais
    2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\LocalService\Configuraþ§es locais
    2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\f001699\Configuraþ§es locais
    2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\Default User\Configuraþ§es locais

    ====== C: exe-files ==
    2013-07-24 13:37:34 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
    2013-07-24 13:37:34 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
    2013-07-24 13:37:34 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
    2013-07-24 13:37:33 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
    2013-07-24 13:37:33 A3F7B76494E5F3D32B05824241E82AD0 2726912 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPFix.exe
    2013-07-24 13:37:33 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
    2013-07-24 13:37:33 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
    2013-07-24 13:37:33 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
    2013-07-24 13:37:33 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
    2013-07-24 13:37:33 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
    2013-07-24 13:37:33 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
    2013-07-24 13:37:32 864F3E37BCF2F9BB998414673F1C215A 7711232 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
    2013-07-24 13:37:31 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
    2013-07-24 13:37:30 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
    2013-07-24 13:37:30 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
    2013-07-24 13:37:18 6276219441AFA20AE900104DF712DD29 5003740 ----a-w- C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21022\Dc1.exe
    2013-07-24 13:31:32 FCA8974A8A7499A0966A38EF2CD8938E 915968 ----a-w- C:\Documents and Settings\f001699\Desktop\Andrey remoção de virus\RogueKiller.exe
    2013-07-24 13:10:22 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
    2013-07-24 13:10:22 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
    2013-07-24 13:10:22 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
    2013-07-24 13:10:22 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
    2013-07-24 13:10:22 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
    2013-07-24 13:02:52 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\JRT\erunt\ERUNT.EXE
    2013-07-24 13:02:38 2C2F20747085946DE79A713879E09C4E 535764 ----a-w- C:\Documents and Settings\f001699\Desktop\Andrey remoção de virus\JRT.exe
    2013-07-24 12:58:34 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Documents and Settings\f001699\Meus documentos\Downloads\AdwCleaner.exe
    === C: other files ==
    2013-07-24 13:11:23 3D6F8678AB52105329B3FD72D7C4F524 7450 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
    2013-07-24 13:02:52 F79A3991927C7B1005E0DE627034002E 11837 ----a-w- C:\JRT\JRT.bat
    2013-07-24 13:02:52 E81B41BEDB4EFDE2BC2C6863E7ABE25A 78772 ----a-w- C:\JRT\misc.bat
    2013-07-24 13:02:52 E4B95882FB080670179EA3605395889B 29803 ----a-w- C:\JRT\iexplore.bat
    2013-07-24 13:02:52 C0C9EBB0F67894B294057F8DFD982FB7 224236 ----a-w- C:\JRT\firefox.bat
    2013-07-24 13:02:52 BC6829679AE4DF51BA5F2B6DF9C0BAFC 14243 ----a-w- C:\JRT\medfos.bat
    2013-07-24 13:02:52 892B8347BAF133646A19D3B90928AE86 15542 ----a-w- C:\JRT\chrome.bat
    2013-07-24 13:02:52 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\JRT\ev_clear.bat
    2013-07-24 13:02:52 6AFF3EA276AA312EFBB29BA0D5D2A85A 9763 ----a-w- C:\JRT\modules.bat
    2013-07-24 13:02:52 63FEB4EAF9E8C709C3B3470BC40E3EF8 37373 ----a-w- C:\JRT\ask.bat
    2013-07-24 13:02:52 620AD0970CC18D799A357D5B9C797F31 5379 ----a-w- C:\JRT\runvalues.bat
    2013-07-24 13:02:52 4C021963204579942B72781B032315A0 29023 ----a-w- C:\JRT\prelim.bat
    2013-07-24 13:02:52 357F4F46BA2ADE86E2084DE3EC219A18 13025 ----a-w- C:\JRT\searchlnk.bat
    2013-07-24 13:02:52 33A0F7BBDF15B84FB01A361D09F54DFE 1825 ----a-w- C:\JRT\delfolders.bat
    2013-07-24 13:02:52 31D9F977B48014E79CC35A98D324B16A 1256 ----a-w- C:\JRT\FWPolicy.bat
    2013-07-24 13:02:52 1EE55AF77826E0E6F89A0ED6278E2C35 1040 ----a-w- C:\JRT\TDL4.bat
    2013-07-24 13:02:52 04BA8405091707D31A526A4689E6F5A8 14028 ----a-w- C:\JRT\get.bat

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe /nogui"
    "SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AdobeARM"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Reader_sl"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hkcmd"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hkcmd.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxtray.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxpers"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxpers.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sttray"
    "hkey"="HKLM"
    "command"="%ProgramFiles%\\IDT\\WDM\\sttray.exe"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^f001699^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
    "path"="C:\\Documents and Settings\\f001699\\Menu Iniciar\\Programas\\Inicializar\\Recorte de tela e Iniciador do OneNote 2007.lnk"
    "backup"="C:\\WINDOWS\\pss\\Recorte de tela e Iniciador do OneNote 2007.lnkStartup"
    "command"="C:\\ARQUIV~1\\MICROS~2\\Office12\\ONENOTEM.EXE /tsr"
    "item"="Recorte de tela e Iniciador do OneNote 2007"


    ==== Task Scheduler Jobs ======================

    C:\WINDOWS\tasks\avast\Undetermined Task.exe []
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/06/2013 10:18]
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/06/2013 10:18]
    C:\WINDOWS\tasks\User_Feed_Synchronization-{9EF3CD9D-FF4D-41DD-B756-ABF343C41E1D}.job --ah----- C:\WINDOWS\system32\msfeedssynC:.exe []
    C:\WINDOWS\tasks\WGASetup.job --a------ C:\WINDOWS\system32\KB905474\wgasetup.exe [10/03/2009 22:18]

    ==== Firefox Extensions ======================

    ==== Firefox Plugins ======================


    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]
    pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[21/11/2012 15:32]

    GBBD Banco do Brasil - f001699 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

    ==== Empty IE Cache ======================

    C:\Documents and Settings\Default User\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f001699\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configuraþ§es locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\NetworkService\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f001699\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

    ==== Empty FireFox Cache ======================

    No FireFox Cache found

    ==== Empty Chrome Cache ======================

    C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\DOCUME~1\f001699\CONFIG~1\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\RECYCLER successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\Documents and Settings\f001699\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
    "C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted

    ==== EOF on 24/07/2013 at 16:34:50,57 ======================
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Google Chrome travando, log para analise.

    Mensagem por joram em Qua Jul 24, 2013 4:11 pm

    Boa Tarde! Edvan

    |- Abra,novamente,a ferramenta Zoek.

    pflphaooapbgpeakohlggbpidpppgdff;chr
    silentrunners;

    |- Cole,no campo,estas informações,em vermelho.
    |- Clique "Run Script". 
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt <<

    A+
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Google Chrome travando, log para analise.

    Mensagem por Edvan em Qua Jul 24, 2013 4:23 pm

     Aqui amigo, dessa vez nao pediu para reiniciar.

    Ha!! na unidade "C" criou esse monte de pastas, nao consigo excluir, sabe do que se trata?  

    Imagem:
    [Você precisa estar registrado e conectado para ver esta imagem.]

    Zoek.exe Version 4.0.0.4 Updated 21-07-2013
    Tool run by Administrador on qua 24/07/2013 at 17:20:27,45.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Script inserted] 

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]

    Docs - Administrador - Default\Extensions\aohghmighlieiainnegkcijnfilokake
    Google Drive - Administrador - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
    YouTube - Administrador - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    Google Search - Administrador - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    Newtab - Administrador - Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Gmail - Administrador - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    GBBD Banco do Brasil - f001699 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

    ==== Chrome Fix ======================

    C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx deleted successfully
    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully

    ==== Silent Runners ======================

    "Silent Runners.vbs", revision 69.2, [Você precisa estar registrado e conectado para ver este link.]
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    avast = "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
    SunJavaUpdateSched = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [Oracle Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\ssv.dll [Oracle Corporation]

    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
      -> {HKLM...CLSID} = avast! Online Security
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

    {C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = G-Buster Browser Defense
      -> {HKLM...CLSID} = GbIehObj Class
                       \InProcServer32\(Default) = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [Banco do Brasil]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {88895560-9AA2-1069-930E-00AA0030EBC8} = Extensão de ícone do HyperTerminal
      -> {HKLM...CLSID} = HyperTerminal Icon Ext
                       \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]

    {472083B0-C522-11CF-8763-00608CC02F24} = avast
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
      -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                       \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\ONFILTER.DLL [MS]

    {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll [MS]

    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
      -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
      -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} = Sorcerer Shell Extension
      -> {HKLM...CLSID} = Sorcerer Shell Extension
                       \InProcServer32\(Default) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006SX.DLL [Software 2000 Limited]

    {E37CB5F0-51F5-4395-A808-5FA49E399F83} = GbPlugin ShlObj
      -> {HKLM...CLSID} = GbPluginObj Class
                       \InProcServer32\(Default) = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [Banco do Brasil]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    <<!>> {E37CB5F0-51F5-4395-A808-5FA49E399F83} = GbPlugin ShlObj
      -> {HKLM...CLSID} = GbPluginObj Class
                       \InProcServer32\(Default) = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [Banco do Brasil]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>>  GbPluginBb\DLLName = C:\Arquivos de programas\GbPlugin\gbieh.dll [Banco do Brasil]
    <<!>> igfxcui\DLLName = igfxdev.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
      -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
      -> {HKLM...CLSID} = HxProtocol Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
      -> {HKLM...CLSID} = GraphicsShellExt Class
                       \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
      -> {HKLM...CLSID} = PDF Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    NoDrives = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    DisableRegistryTools = (REG_DWORD) dword:0x00000000
    {unrecognized setting}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    Wallpaper = C:\WINDOWS\web\wallpaper\Alegria.bmp

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\WINDOWS\web\wallpaper\Alegria.bmp


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr [MS]


    Enabled Scheduled Tasks: {++}
    ------------------------

    avast! Emergency Update -> launches: C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
    GoogleUpdateTaskMachineCore -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskMachineUA -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    User_Feed_Synchronization-{9EF3CD9D-FF4D-41DD-B756-ABF343C41E1D} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
    WGASetup -> launches: C:\WINDOWS\system32\KB905474\wgasetup.exe /autoauto [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
      -> {HKLM...CLSID} = avast! Online Security
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

    Explorer Bars

    HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Pesquisar
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {2670000A-7350-4F3C-8081-5663EE0C6C49}\
    ButtonText = Enviar para o OneNote
    MenuText = &Enviar para o OneNote
    CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
      -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                       \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll [MS]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    ButtonText = Research
    BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      -> {HKLM...CLSID} = &Pesquisar
                       \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    MenuText = @xpsp3res.dll,-20001
    Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    ButtonText = Messenger
    MenuText = Windows Messenger
    Exec = C:\Arquivos de programas\Messenger\msmsgs.exe [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Audio Service, STacSV, c:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe [IDT, Inc.]
    avast! Antivirus, avast! Antivirus, "C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
    Gbp Service, GbpSv, C:\ARQUIV~1\GbPlugin\GbpSv.exe [GAS Tecnologia]
    Java Quick Starter, JavaQuickStarterService, "C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
    Machine Debug Manager, MDM, "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe" [MS]
    TeamViewer 8, TeamViewer8, "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH]


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS]
    Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS]




    ==== EOF on qua 24/07/2013 at 17:21:22,50 ======================
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Google Chrome travando, log para analise.

    Mensagem por Edvan em Qui Jul 25, 2013 8:21 am

    Detalhe, a primeira execução do Zoek, foi direto com o usuário dele. 


    Zoek.exe Version 4.0.0.4 Updated 21-07-2013
    Tool run by f001699 on 24/07/2013 at 16:28:24,93.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Documents and Settings\f001699\Desktop\zoek.exe [Script inserted] 


    Já a segunda vez que executei foi como Administrador, veja:


    Zoek.exe Version 4.0.0.4 Updated 21-07-2013
    Tool run by Administrador on qua 24/07/2013 at 17:20:27,45.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Script inserted] 


    OBS: Como o rapaz nao estava na sala e nao tinha a senha dele, então entrei como Administrador, executei o procedimento... Algum problema?
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 610
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Google Chrome travando, log para analise.

    Mensagem por joram em Qui Jul 25, 2013 9:07 am

    Bom Dia! Edvan

    Edvan escreveu:OBS: Como o rapaz nao estava na sala e nao tinha a senha dele, então entrei como Administrador, executei o procedimento... Algum problema?
    |- Na primeira oportunidade,execute como usuário ( f001699 ),mas cole este novo script na ferramenta.

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System];r
    "DisableRegistryTools"=-;r
    pflphaooapbgpeakohlggbpidpppgdff;chr
    autoclean; 
    filesrcm; 
    emptyalltemp;


    |- Poste o relatório! 

    Edvan escreveu:Ha!! na unidade "C" criou esse monte de pastas, nao consigo excluir, sabe do que se trata?  
    |- Consegue abri-las,pelo menos? São pastas vazias?

    -/-

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... de Pierre13 )
    |- Salve-o no desktop!
    |- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Execute-o e clique "Go".
    |- Aguarde seu término,que é rápido.
    |- Poste o relatório! ( SFT.txt )
    |- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
    |- Acesse,para essa tarefa! < [Você precisa estar registrado e conectado para ver este link.]>

    A+

    Conteúdo patrocinado

    Re: Google Chrome travando, log para analise.

    Mensagem por Conteúdo patrocinado


      Data/hora atual: Qua Mar 29, 2017 9:17 am