Google Chrome travando, log para analise.

Aqui o povo não tem noção das coisas, tanto que eu aviso, mais o pessoal infectada as maquinas quase que semanalmente, baixando porcaria da net, termina botando vírus.

Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Log combofix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Ferramentas executadas:

1º AdwCleaner
2º JRT
3º combofix
4º RogueKiller

# AdwCleaner v2.306 - Relatório criado em 24/07/2013 às 09:58:57
# Atualizado em 19/07/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f001699 - FUN0069
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f001699\Meus documentos\Downloads\AdwCleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\eSafe

***** [Registro] *****

Chave Removida : HKLM\Software\eSafeSecControl
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro está limpo.

-\\ Mozilla Firefox v21.0 (en-US)

Arquivo : C:\Documents and Settings\f001699\Dados de aplicativos\Mozilla\Firefox\Profiles\ug98df3l.default\prefs.js

[OK] Arquivo está limpo.

-\\ Google Chrome v28.0.1500.72

Arquivo : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [1823 octets] - [24/07/2013 09:58:57]

########## EOF - C:\AdwCleaner[S1].txt - [1883 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by f001699 on 24/07/2013 at 10:03:01,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/07/2013 at 10:05:27,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



RogueKiller V8.6.3 [Jul 17 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario : f001699 [Privilegios de Admnistrador]
Modo : Verificar -- Data : 07/24/2013 10:33:19
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 0 ¤¤¤

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção :  ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AABS-00PRA0 +++++
--- User ---
[MBR] 80a6657b42825ac6810859005066bc2c
[BSP] 180240fed3f22cbe38d3518245a1e1e9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_S_07242013_103319.txt >>

Boa Tarde! Edvan

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

|- Ou aqui! < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

startupall;
chromelook; 
autoclean; 
filesrcm; 
emptyalltemp; 

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt << 

A+

Zoek.exe Version 4.0.0.4 Updated 21-07-2013
Tool run by f001699 on 24/07/2013 at 16:28:24,93.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\f001699\Desktop\zoek.exe [Script inserted] 

==== System Restore Info ======================

24/07/2013 16:28:44 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\WINDOWS\002749_.tmp" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2013-07-24 13:10:22 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-07-24 13:10:22 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-07-24 13:10:22 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-07-24 13:10:22 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2013-07-24 13:10:22 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
2013-07-10 17:39:29 25848558468BC46555D0230A82C7079E 32866 ------w- C:\WINDOWS\slrundll.exe
====== C:\DOCUME~1\f001699\CONFIG~1\Temp ====
====== C:\WINDOWS\system32 =====
2013-07-15 13:41:54 4A6293B5AF0D482DCC22C38F42E590A5 3072 ------w- C:\WINDOWS\System32\iacenc.dll
====== C:\WINDOWS\system32\drivers =====
2013-07-16 13:43:36 8F866DF9A974BFFDCB2001D303BC0695 49536 ----a-w- C:\WINDOWS\System32\drivers\gbpkm.sys
2013-07-16 13:42:54 B7CC2AF3D5604EFDC5F82AF7A5B21FB1 31088 ----a-w- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
2013-07-10 17:39:47 B43B36B382AEA10861F7C7A37F9D4AE2 46592 ------w- C:\WINDOWS\System32\drivers\irbus.sys
2013-07-10 17:32:50 BA0430DC1E3B4F6F430054CBEE0AD58D 3615 ------w- C:\WINDOWS\System32\drivers\adv05nt5.dll
2013-07-10 17:32:50 82BA64F157A505F34AC7029A4E017A85 3967 ------w- C:\WINDOWS\System32\drivers\adv02nt5.dll
2013-07-10 17:32:50 1DB7E555D740ED57FB97957394528864 4255 ------w- C:\WINDOWS\System32\drivers\adv01nt5.dll
2013-07-10 17:32:49 E0E2D4BC9432911215B5BA091B4936A8 3775 ------w- C:\WINDOWS\System32\drivers\adv11nt5.dll
2013-07-10 17:32:49 D649C57DA6FA762C64013747E5D7D2D6 56623 ------w- C:\WINDOWS\System32\drivers\ati1btxx.sys
2013-07-10 17:32:49 CB08AED0DE2DD889A8A820CD8082D83C 42752 ------w- C:\WINDOWS\System32\drivers\alim1541.sys
2013-07-10 17:32:49 99937B99DD0405CA322CDED013F95F47 3135 ------w- C:\WINDOWS\System32\drivers\adv08nt5.dll
2013-07-10 17:32:49 95B4FB835E28AA1336CEEB07FD5B9398 43008 ------w- C:\WINDOWS\System32\drivers\amdagp.sys
2013-07-10 17:32:49 6FDC61E8E8E17F6ECC2D9A10FA8DF347 12047 ------w- C:\WINDOWS\System32\drivers\ati1pdxx.sys
2013-07-10 17:32:49 60B6AA2DC1521DA343F781B70EB7895A 11615 ------w- C:\WINDOWS\System32\drivers\ati1mdxx.sys
2013-07-10 17:32:49 3E444E8A9A5196255643745F99E6596C 3711 ------w- C:\WINDOWS\System32\drivers\adv09nt5.dll
2013-07-10 17:32:49 31F789D7C168D6BE07275359AB6DE6DD 3647 ------w- C:\WINDOWS\System32\drivers\adv07nt5.dll
2013-07-10 17:32:49 08FD04AA961BDC77FB983F328334E3D7 42368 ------w- C:\WINDOWS\System32\drivers\agp440.sys
2013-07-10 17:32:49 03A7E0922ACFE1B07D5DB2EEB0773063 44928 ------w- C:\WINDOWS\System32\drivers\agpcpq.sys
2013-07-10 17:32:48 F7706DAE7D101F1B19CE552D772EBFCE 21343 ------w- C:\WINDOWS\System32\drivers\ati1ttxx.sys
2013-07-10 17:32:48 ED4C2BF8403F4437987C0BA09CF48716 13824 ------w- C:\WINDOWS\System32\drivers\atinmdxx.sys
2013-07-10 17:32:48 DAC7D785CF62F5BD41441E9D6F5A6EFE 26367 ------w- C:\WINDOWS\System32\drivers\ati1snxx.sys
2013-07-10 17:32:48 BCAF267B10620F8C93F6E87AB726E145 63663 ------w- C:\WINDOWS\System32\drivers\ati1rvxx.sys
2013-07-10 17:32:48 9D318099BF3876A4AF4BC75966D27603 30671 ------w- C:\WINDOWS\System32\drivers\ati1raxx.sys
2013-07-10 17:32:48 993E7BD6438FE989E328C6B4BCA246A9 57856 ------w- C:\WINDOWS\System32\drivers\atinbtxx.sys
2013-07-10 17:32:48 6F714B4720DD80FFA9F8D2731594EA4C 36463 ------w- C:\WINDOWS\System32\drivers\ati1tuxx.sys
2013-07-10 17:32:48 69FDBE3DD108C70D9695ECF9C9B3839D 701440 ------w- C:\WINDOWS\System32\drivers\ati2mtag.sys
2013-07-10 17:32:48 67FFBC158DD4D27BA3FC92C6ACD87F73 29455 ------w- C:\WINDOWS\System32\drivers\ati1xbxx.sys
2013-07-10 17:32:48 0D8CAB1F08F7D3C4DE228B49E12E596A 34735 ------w- C:\WINDOWS\System32\drivers\ati1xsxx.sys
2013-07-10 17:32:48 06F2BF2209FA04EFD587A3B72E3E4B64 327040 ------w- C:\WINDOWS\System32\drivers\ati2mtaa.sys
2013-07-10 17:32:47 FE6C177E89767CD3704661E4AEDE7556 25471 ------w- C:\WINDOWS\System32\drivers\atv04nt5.dll
2013-07-10 17:32:47 EDD66332608D27F4FD5069BCD0BC5164 73216 ------w- C:\WINDOWS\System32\drivers\atintuxx.sys
2013-07-10 17:32:47 E90AC2B14E98F1A4372E5891B4278784 14336 ------w- C:\WINDOWS\System32\drivers\atinpdxx.sys
2013-07-10 17:32:47 DA36687D701C833430605A298731410B 52224 ------w- C:\WINDOWS\System32\drivers\atinraxx.sys
2013-07-10 17:32:47 D80A8F6C0A717446496C3A06D33B0D9C 13824 ------w- C:\WINDOWS\System32\drivers\atinttxx.sys
2013-07-10 17:32:47 CEDDEE2E0591894D19654D458FD3B9BE 28672 ------w- C:\WINDOWS\System32\drivers\atinsnxx.sys
2013-07-10 17:32:47 C1F4B3AC664FA34D4B6239AAAF7705FA 21183 ------w- C:\WINDOWS\System32\drivers\atv01nt5.dll
2013-07-10 17:32:47 ADFC31F9EED0E62EF5DCC8053103E0DF 14143 ------w- C:\WINDOWS\System32\drivers\atv06nt5.dll
2013-07-10 17:32:47 A7A01B907DB63898D40B0A14248FF9A2 104960 ------w- C:\WINDOWS\System32\drivers\atinrvxx.sys
2013-07-10 17:32:47 8E59F9BE251C8AE32A1CEB068B3F96B1 64352 ------w- C:\WINDOWS\System32\drivers\ativmc20.cod
2013-07-10 17:32:47 8AB101B8C07918919FD694DD9107BE24 11359 ------w- C:\WINDOWS\System32\drivers\atv02nt5.dll
2013-07-10 17:32:47 77B575D7AAB35D5908AE6CE681608D62 63488 ------w- C:\WINDOWS\System32\drivers\atinxsxx.sys
2013-07-10 17:32:47 3E7D485CBD0B0D9F6EA2AD9442411831 31744 ------w- C:\WINDOWS\System32\drivers\atinxbxx.sys
2013-07-10 17:32:46 FCA6F069597B62D42495191ACE3FC6C1 37888 ------w- C:\WINDOWS\System32\drivers\bthmodem.sys
2013-07-10 17:32:46 EB5082A905507D3265FAA17F1F236AA4 272384 ------w- C:\WINDOWS\System32\drivers\bthport.sys
2013-07-10 17:32:46 BB68CEBFFD181E18A26112D1B9F90F3D 36480 ------w- C:\WINDOWS\System32\drivers\bthprint.sys
2013-07-10 17:32:46 B279426E3C0C344893ED78A613A73BDE 17024 ------w- C:\WINDOWS\System32\drivers\bthenum.sys
2013-07-10 17:32:46 80602B8746D3738F5886CE3D67EF06B6 101120 ------w- C:\WINDOWS\System32\drivers\bthpan.sys
2013-07-10 17:32:46 71190C96F2678AB0F671C3DEACCB5DD4 15423 ------w- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
2013-07-10 17:32:46 61364CD71EF63B0F038B7E9DF00F1EFA 18944 ------w- C:\WINDOWS\System32\drivers\bthusb.sys
2013-07-10 17:32:46 4027E1B22D2A1EB4213394F2948FEB3D 17279 ------w- C:\WINDOWS\System32\drivers\atv10nt5.dll
2013-07-10 17:32:46 3194C32E8A2403073B812183355E25C6 129045 ------w- C:\WINDOWS\System32\drivers\cxthsfs2.cty
2013-07-10 17:32:45 EBB354438A4C5A3327FB97306260714A 1041536 ------w- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
2013-07-10 17:32:45 BB1A6FB7D35A91E599973FA74A619056 19200 ------w- C:\WINDOWS\System32\drivers\hidir.sys
2013-07-10 17:32:45 970178E8E003EB1481293830069624B9 220032 ------w- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
2013-07-10 17:32:45 670B33A60C4113160488CE439A11190A 25728 ------w- C:\WINDOWS\System32\drivers\hidbth.sys
2013-07-10 17:32:45 3A74C423CF6BCCA6982715878F450A3B 46464 ------w- C:\WINDOWS\System32\drivers\gagp30kx.sys
2013-07-10 17:32:45 1225EBEA76AAC3C84DF6C54FE5E5D8BE 685056 ------w- C:\WINDOWS\System32\drivers\hsfcxts2.sys
2013-07-10 17:32:44 C53775780148884AC87C455489A0C070 126686 ------w- C:\WINDOWS\System32\drivers\mtlmnt5.sys
2013-07-10 17:32:44 B538DCD9816EA35FA4F637CFC261AAA8 12672 ------w- C:\WINDOWS\System32\drivers\mutohpen.sys
2013-07-10 17:32:44 905CB655E93D39C97E078A3C4C884F31 67866 ------w- C:\WINDOWS\System32\drivers\netwlan5.img
2013-07-10 17:32:44 6DDA78A0BE692B61B668FAB860F276CF 452736 ------w- C:\WINDOWS\System32\drivers\mtxparhm.sys
2013-07-10 17:32:44 576B34CEAE5B7E5D9FD2775E93B3DB53 180360 ------w- C:\WINDOWS\System32\drivers\ntmtlfax.sys
2013-07-10 17:32:44 54886A652BF5685192141DF304E923FD 1309184 ------w- C:\WINDOWS\System32\drivers\mtlstrm.sys
2013-07-10 17:32:44 195741AEE20369980796B557358CD774 11868 ------w- C:\WINDOWS\System32\drivers\mdmxsdk.sys
2013-07-10 17:32:43 2B298519EDBFCF451D43E0F1E8F1006D 1897408 ------w- C:\WINDOWS\System32\drivers\nv4_mini.sys
2013-07-10 17:32:42 E9AAA0092D74A9D371659C4C38882E12 13776 ------w- C:\WINDOWS\System32\drivers\recagent.sys
2013-07-10 17:32:41 851C30DF2807FCFA21E4C681A7D6440E 59136 ------w- C:\WINDOWS\System32\drivers\rfcomm.sys
2013-07-10 17:32:41 726548542AFECA56257FF01EB13BB6D7 30592 ------w- C:\WINDOWS\System32\drivers\rndismpx.sys
2013-07-10 17:32:41 0DBCC071A268E0340A2BA6BDD98BACE4 166912 ------w- C:\WINDOWS\System32\drivers\s3gnbm.sys
2013-07-10 17:32:39 D66D22D76878BF3483A6BE30183FB648 10240 ------w- C:\WINDOWS\System32\drivers\sffp_mmc.sys
2013-07-10 17:32:39 95190C6BF4B5F24CAA155648F71863EA 3901 ------w- C:\WINDOWS\System32\drivers\siint5.dll
2013-07-10 17:32:39 6B33D0EBD30DB32E27D1D78FE946A754 40960 ------w- C:\WINDOWS\System32\drivers\sisagp.sys
2013-07-10 17:32:38 F9B8E30E82EE95CF3E1D3E495599B99C 95424 ------w- C:\WINDOWS\System32\drivers\slnthal.sys
2013-07-10 17:32:38 DB56BB2C55723815CF549D7FC50CFCEB 13240 ------w- C:\WINDOWS\System32\drivers\slwdmsup.sys
2013-07-10 17:32:38 D9673011648A71ED1E1F77B831BC85E6 129535 ------w- C:\WINDOWS\System32\drivers\slnt7554.sys
2013-07-10 17:32:38 D85938F272D1BCF3DB3A31FC0A048928 44672 ------w- C:\WINDOWS\System32\drivers\uagp35.sys
2013-07-10 17:32:38 895BE38A993B9BD5ABBE570D63D88A2E 5888 ------w- C:\WINDOWS\System32\drivers\smbali.sys
2013-07-10 17:32:38 2C1779C0FEB1F4A6033600305EBA623A 404990 ------w- C:\WINDOWS\System32\drivers\slntamr.sys
2013-07-10 17:32:37 E32047035D19D1F6916AD75456A4FC10 11325 ------w- C:\WINDOWS\System32\drivers\vchnt5.dll
2013-07-10 17:32:37 B4D7B7AD8A9F7C063C5CC3E2C1A0724E 12928 ------w- C:\WINDOWS\System32\drivers\usb8023x.sys
2013-07-10 17:32:37 ACED8C149B30F8496C237BCBA3727B48 14208 ------w- C:\WINDOWS\System32\drivers\wacompen.sys
2013-07-10 17:32:37 754292CE5848B3738281B4F3607EAEF4 42240 ------w- C:\WINDOWS\System32\drivers\viaagp.sys
2013-07-10 17:32:37 63BBFCA7F390F4C49ED4B96BFB1633E0 121984 ------w- C:\WINDOWS\System32\drivers\usbvideo.sys
2013-07-10 17:32:36 7BB3AA595E4507A788DE1CDC63F4C8C4 11871 ------w- C:\WINDOWS\System32\drivers\wadv09nt.sys
2013-07-10 17:32:36 791CC45DE6E50445BE72E8AD6401FF45 25471 ------w- C:\WINDOWS\System32\drivers\watv10nt.sys
2013-07-10 17:32:36 714038A8AA5DE08E12062202CD7EAEB5 11295 ------w- C:\WINDOWS\System32\drivers\wadv08nt.sys
2013-07-10 17:32:36 36E6C405B6143D09687F4056FD9A0D10 11935 ------w- C:\WINDOWS\System32\drivers\wadv11nt.sys
2013-07-10 17:32:36 352FA0E98BC461CE1CE5D41F64DB558D 22271 ------w- C:\WINDOWS\System32\drivers\watv06nt.sys
2013-07-10 17:32:36 0308AEF61941E4AF478FA1A0F83812F5 11807 ------w- C:\WINDOWS\System32\drivers\wadv07nt.sys
2013-06-28 11:03:54 22EA82FFE8CA4965C1994F24C35DC202 175 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
2013-06-26 17:35:50 FAF091AA45A6A6CF3CF94FE065950956 175 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
2013-06-26 17:35:48 3FFBEE694566CADB0A64D8A1ACD7DBCE 175 ----a-w- C:\WINDOWS\System32\drivers\aswSP.sys.sum
====== C:\WINDOWS\Tasks ======
2013-07-16 11:13:37 294A37A2CA1E4B3ABE8DEB18CCF1E549 260 ----a-w- C:\WINDOWS\Tasks\WGASetup.job
2013-07-10 18:13:18 948E8285DC3A948F2ED6BC8DAC3077BA 458 ---ha-w- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9EF3CD9D-FF4D-41DD-B756-ABF343C41E1D}.job
====== C:\WINDOWS\Temp ======
======= C:\Arquivos de programas =====
2013-07-24 13:37:29 -------- d-----w- C:\Arquivos de programas\ZHPDiag
2013-07-16 13:42:40 -------- d-----w- C:\Arquivos de programas\GbPlugin
======= C: =====
2013-07-24 13:39:47 80A6657B42825AC6810859005066BC2C 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-07-24 12:58:57 D29AB2EAFC057FA7A0F65399585C0D68 1952 ----a-w- C:\AdwCleaner[S1].txt
2013-07-10 17:01:33 016455C58F3A936894B3C75C70399CEB 4069 ----a-w- C:\DelFix.txt
2013-07-10 14:06:56 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
2013-07-10 14:06:53 C51A881398F29071239741AE16D07C1C 261856 --sha-r- C:\cmldr
====== C:\Documents and Settings\f001699\Dados de aplicativos ======
2013-07-24 13:06:01 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
2013-07-16 13:42:40 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2013-07-16 13:41:48 0E3C88DBC9FB91A937E2CDC090AA2347 14190 ----a-w- C:\Documents and Settings\f001699\Dados de aplicativos\unins000.dat
2013-07-10 18:12:20 -------- d-----w- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema
2013-07-10 14:03:53 -------- d-----r- C:\Documents and Settings\f001699\Menu Iniciar\Programas\Ferramentas administrativas
2013-07-05 19:22:09 -------- d-----w- C:\Documents and Settings\f001699\Dados de aplicativos\eUpdate
====== C:\Documents and Settings\f001699 ======
2013-07-24 15:22:14 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
2013-07-10 18:13:21 -------- d-sh--w- C:\Documents and Settings\f001699\IECompatCache
2013-07-10 18:13:06 -------- d-sh--w- C:\Documents and Settings\f001699\PrivacIE
2013-07-10 18:11:48 -------- d-sh--w- C:\Documents and Settings\f001699\IETldCache
2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\NetworkService\Configuraþ§es locais
2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\LocalService\Configuraþ§es locais
2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\f001699\Configuraþ§es locais
2013-07-10 14:42:26 -------- d-----w- C:\Documents and Settings\Default User\Configuraþ§es locais

====== C: exe-files ==
2013-07-24 13:37:34 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
2013-07-24 13:37:34 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
2013-07-24 13:37:34 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
2013-07-24 13:37:33 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
2013-07-24 13:37:33 A3F7B76494E5F3D32B05824241E82AD0 2726912 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPFix.exe
2013-07-24 13:37:33 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
2013-07-24 13:37:33 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
2013-07-24 13:37:33 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
2013-07-24 13:37:33 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
2013-07-24 13:37:33 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
2013-07-24 13:37:33 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
2013-07-24 13:37:32 864F3E37BCF2F9BB998414673F1C215A 7711232 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
2013-07-24 13:37:31 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
2013-07-24 13:37:30 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
2013-07-24 13:37:30 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
2013-07-24 13:37:18 6276219441AFA20AE900104DF712DD29 5003740 ----a-w- C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21022\Dc1.exe
2013-07-24 13:31:32 FCA8974A8A7499A0966A38EF2CD8938E 915968 ----a-w- C:\Documents and Settings\f001699\Desktop\Andrey remoção de virus\RogueKiller.exe
2013-07-24 13:10:22 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-07-24 13:10:22 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-07-24 13:10:22 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-07-24 13:10:22 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2013-07-24 13:10:22 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
2013-07-24 13:02:52 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\JRT\erunt\ERUNT.EXE
2013-07-24 13:02:38 2C2F20747085946DE79A713879E09C4E 535764 ----a-w- C:\Documents and Settings\f001699\Desktop\Andrey remoção de virus\JRT.exe
2013-07-24 12:58:34 4C47469F47FD9F8437B62A86F6E0874F 666633 ----a-w- C:\Documents and Settings\f001699\Meus documentos\Downloads\AdwCleaner.exe
=== C: other files ==
2013-07-24 13:11:23 3D6F8678AB52105329B3FD72D7C4F524 7450 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
2013-07-24 13:02:52 F79A3991927C7B1005E0DE627034002E 11837 ----a-w- C:\JRT\JRT.bat
2013-07-24 13:02:52 E81B41BEDB4EFDE2BC2C6863E7ABE25A 78772 ----a-w- C:\JRT\misc.bat
2013-07-24 13:02:52 E4B95882FB080670179EA3605395889B 29803 ----a-w- C:\JRT\iexplore.bat
2013-07-24 13:02:52 C0C9EBB0F67894B294057F8DFD982FB7 224236 ----a-w- C:\JRT\firefox.bat
2013-07-24 13:02:52 BC6829679AE4DF51BA5F2B6DF9C0BAFC 14243 ----a-w- C:\JRT\medfos.bat
2013-07-24 13:02:52 892B8347BAF133646A19D3B90928AE86 15542 ----a-w- C:\JRT\chrome.bat
2013-07-24 13:02:52 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\JRT\ev_clear.bat
2013-07-24 13:02:52 6AFF3EA276AA312EFBB29BA0D5D2A85A 9763 ----a-w- C:\JRT\modules.bat
2013-07-24 13:02:52 63FEB4EAF9E8C709C3B3470BC40E3EF8 37373 ----a-w- C:\JRT\ask.bat
2013-07-24 13:02:52 620AD0970CC18D799A357D5B9C797F31 5379 ----a-w- C:\JRT\runvalues.bat
2013-07-24 13:02:52 4C021963204579942B72781B032315A0 29023 ----a-w- C:\JRT\prelim.bat
2013-07-24 13:02:52 357F4F46BA2ADE86E2084DE3EC219A18 13025 ----a-w- C:\JRT\searchlnk.bat
2013-07-24 13:02:52 33A0F7BBDF15B84FB01A361D09F54DFE 1825 ----a-w- C:\JRT\delfolders.bat
2013-07-24 13:02:52 31D9F977B48014E79CC35A98D324B16A 1256 ----a-w- C:\JRT\FWPolicy.bat
2013-07-24 13:02:52 1EE55AF77826E0E6F89A0ED6278E2C35 1040 ----a-w- C:\JRT\TDL4.bat
2013-07-24 13:02:52 04BA8405091707D31A526A4689E6F5A8 14028 ----a-w- C:\JRT\get.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sttray"
"hkey"="HKLM"
"command"="%ProgramFiles%\\IDT\\WDM\\sttray.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^f001699^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
"path"="C:\\Documents and Settings\\f001699\\Menu Iniciar\\Programas\\Inicializar\\Recorte de tela e Iniciador do OneNote 2007.lnk"
"backup"="C:\\WINDOWS\\pss\\Recorte de tela e Iniciador do OneNote 2007.lnkStartup"
"command"="C:\\ARQUIV~1\\MICROS~2\\Office12\\ONENOTEM.EXE /tsr"
"item"="Recorte de tela e Iniciador do OneNote 2007"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/06/2013 10:18]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/06/2013 10:18]
C:\WINDOWS\tasks\User_Feed_Synchronization-{9EF3CD9D-FF4D-41DD-B756-ABF343C41E1D}.job --ah----- C:\WINDOWS\system32\msfeedssynC:.exe []
C:\WINDOWS\tasks\WGASetup.job --a------ C:\WINDOWS\system32\KB905474\wgasetup.exe [10/03/2009 22:18]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[21/11/2012 15:32]

GBBD Banco do Brasil - f001699 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f001699\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configuraþ§es locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configuraþ§es locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f001699\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\f001699\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\f001699\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 24/07/2013 at 16:34:50,57 ======================

Boa Tarde! Edvan

|- Abra,novamente,a ferramenta Zoek.

pflphaooapbgpeakohlggbpidpppgdff;chr
silentrunners;

|- Cole,no campo,estas informações,em vermelho.
|- Clique "Run Script". 
|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

 Aqui amigo, dessa vez nao pediu para reiniciar.

Ha!! na unidade "C" criou esse monte de pastas, nao consigo excluir, sabe do que se trata?  

Imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Zoek.exe Version 4.0.0.4 Updated 21-07-2013
Tool run by Administrador on qua 24/07/2013 at 17:20:27,45.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Script inserted] 

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pflphaooapbgpeakohlggbpidpppgdff - C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx[13/06/2013 09:36]

Docs - Administrador - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Administrador - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Administrador - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Administrador - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Newtab - Administrador - Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Gmail - Administrador - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GBBD Banco do Brasil - f001699 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Chrome Fix ======================

C:\DOCUME~1\f001699\CONFIG~1\DADOSD~1\mysearchdial_speedial_v9.0.2.crx deleted successfully
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
avast = "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
SunJavaUpdateSched = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                   \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\ssv.dll [Oracle Corporation]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
  -> {HKLM...CLSID} = avast! Online Security
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = G-Buster Browser Defense
  -> {HKLM...CLSID} = GbIehObj Class
                   \InProcServer32\(Default) = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [Banco do Brasil]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{88895560-9AA2-1069-930E-00AA0030EBC8} = Extensão de ícone do HyperTerminal
  -> {HKLM...CLSID} = HyperTerminal Icon Ext
                   \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} = Sorcerer Shell Extension
  -> {HKLM...CLSID} = Sorcerer Shell Extension
                   \InProcServer32\(Default) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006SX.DLL [Software 2000 Limited]

{E37CB5F0-51F5-4395-A808-5FA49E399F83} = GbPlugin ShlObj
  -> {HKLM...CLSID} = GbPluginObj Class
                   \InProcServer32\(Default) = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [Banco do Brasil]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {E37CB5F0-51F5-4395-A808-5FA49E399F83} = GbPlugin ShlObj
  -> {HKLM...CLSID} = GbPluginObj Class
                   \InProcServer32\(Default) = C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [Banco do Brasil]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>>  GbPluginBb\DLLName = C:\Arquivos de programas\GbPlugin\gbieh.dll [Banco do Brasil]
<<!>> igfxcui\DLLName = igfxdev.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
  -> {HKLM...CLSID} = HxProtocol Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...CLSID} = PDF Shell Extension
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [Alexander Roshal]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\web\wallpaper\Alegria.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\WINDOWS\web\wallpaper\Alegria.bmp


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr [MS]


Enabled Scheduled Tasks: {++}
------------------------

avast! Emergency Update -> launches: C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
GoogleUpdateTaskMachineCore -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
User_Feed_Synchronization-{9EF3CD9D-FF4D-41DD-B756-ABF343C41E1D} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
WGASetup -> launches: C:\WINDOWS\system32\KB905474\wgasetup.exe /autoauto [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
  -> {HKLM...CLSID} = avast! Online Security
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Pesquisar
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Enviar para o OneNote
MenuText = &Enviar para o OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM...CLSID} = &Pesquisar
                   \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Arquivos de programas\Messenger\msmsgs.exe [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Audio Service, STacSV, c:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe [IDT, Inc.]
avast! Antivirus, avast! Antivirus, "C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
Gbp Service, GbpSv, C:\ARQUIV~1\GbPlugin\GbpSv.exe [GAS Tecnologia]
Java Quick Starter, JavaQuickStarterService, "C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
Machine Debug Manager, MDM, "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe" [MS]
TeamViewer 8, TeamViewer8, "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS]
Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS]




==== EOF on qua 24/07/2013 at 17:21:22,50 ======================

Detalhe, a primeira execução do Zoek, foi direto com o usuário dele. 

Zoek.exe Version 4.0.0.4 Updated 21-07-2013
Tool run by f001699 on 24/07/2013 at 16:28:24,93.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\f001699\Desktop\zoek.exe [Script inserted] 

Já a segunda vez que executei foi como Administrador, veja:

Zoek.exe Version 4.0.0.4 Updated 21-07-2013
Tool run by Administrador on qua 24/07/2013 at 17:20:27,45.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Script inserted] 

OBS: Como o rapaz nao estava na sala e nao tinha a senha dele, então entrei como Administrador, executei o procedimento... Algum problema?

Bom Dia! Edvan

Edvan escreveu:OBS: Como o rapaz nao estava na sala e nao tinha a senha dele, então entrei como Administrador, executei o procedimento... Algum problema?

|- Na primeira oportunidade,execute como usuário ( f001699 ),mas cole este novo script na ferramenta.

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System];r
"DisableRegistryTools"=-;r
pflphaooapbgpeakohlggbpidpppgdff;chr
autoclean; 
filesrcm; 
emptyalltemp;

|- Poste o relatório! 

Edvan escreveu:Ha!! na unidade "C" criou esse monte de pastas, nao consigo excluir, sabe do que se trata?  

|- Consegue abri-las,pelo menos? São pastas vazias?

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Pierre13 )
|- Salve-o no desktop!
|- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute-o e clique "Go".
|- Aguarde seu término,que é rápido.
|- Poste o relatório! ( SFT.txt )
|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
|- Acesse,para essa tarefa! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>

A+