Zoek.exe Version 4.0.0.4 Updated 26-08-2013
Tool run by f002519 on 29/08/2013 at 10:43:22,29.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\f002519\Desktop\zoek\zoek.scr [Script inserted]
==== System Restore Info ======================
29/08/2013 10:44:42 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_082013_1047.zip ======================
Copied file C:\Documents and Settings\f002519\Dados de aplicativos\unins000.exe to sample\unins000.exe
Copied file C:\Documents and Settings\f002519\Dados de aplicativos\unins001.exe to sample\unins001.exe
sample\unins000.exe renamed to DEBA5093D7DE0313E6BD3BE6C3E496E2
sample\unins001.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6
C:\Documents and Settings\All Users\Desktop\sample_082013_1047.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\WINDOWS\002701_.tmp" deleted
"C:\WINDOWS\SET25.tmp" deleted
"C:\WINDOWS\SET3.tmp" deleted
"C:\WINDOWS\SET4.tmp" deleted
"C:\WINDOWS\SET8.tmp" deleted
"C:\Documents and Settings\f002519\Dados de aplicativos\unins000.exe" deleted
"C:\Documents and Settings\f002519\Dados de aplicativos\unins001.exe" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\f002519\CONFIG~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Arquivos de programas =====
2013-08-29 12:32:09 -------- d-----w- C:\Arquivos de programas\ZHPDiag
======= C: =====
2013-08-29 12:36:35 088F8FD6112C23D4FA0D8964C246FAEB 512 ----a-w- C:\PhysicalDisk0_MBR.bin
====== C:\Documents and Settings\f002519\Dados de aplicativos ======
2013-08-29 12:37:36 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
2013-07-30 20:15:53 C35D139FBD565BFBAB82995935D52F6C 13898 ----a-w- C:\Documents and Settings\f002519\Dados de aplicativos\unins001.dat
2013-07-30 20:14:55 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Temp
====== C:\Documents and Settings\f002519 ======
====== C: exe-files ==
2013-08-29 12:32:15 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
2013-08-29 12:32:15 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
2013-08-29 12:32:15 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
2013-08-29 12:32:14 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
2013-08-29 12:32:14 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
2013-08-29 12:32:14 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
2013-08-29 12:32:14 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
2013-08-29 12:32:14 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
2013-08-29 12:32:14 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
2013-08-29 12:32:14 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
2013-08-29 12:32:13 7896CBFFEFE1E76E8EE50CFFF978C9A2 2728448 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPFix.exe
2013-08-29 12:32:12 27502022B75551385957D223DD9CB72B 7842304 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
2013-08-29 12:32:11 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
2013-08-29 12:32:09 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
2013-08-29 12:32:09 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
2013-08-29 12:17:08 C130DEDAF62E812D1808CBD40D6FFB6B 1023533 ----a-w- C:\Documents and Settings\f002519\Desktop\Ferramenta para remoção de virus\JRT.exe
2013-08-29 12:16:51 F7AF924D0D951FF8F7B05AD2E4FF50D3 994642 ----a-w- C:\Documents and Settings\f002519\Desktop\Ferramenta para remoção de virus\adwcleaner.exe
2013-08-29 12:15:13 EB24EDF485BA800603E93389F7EB0FE2 5076950 ----a-w- C:\Documents and Settings\f002519\Desktop\Ferramenta para remoção de virus\ZHPDiag2.exe
2013-08-26 11:58:55 D6E84508BBE50BBEEFAF02C865A96836 1070672 ----a-w- C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe
2013-08-26 11:58:23 42D0D34CAA293C83B4433A537DF13895 530912 ----a-w- C:\Arquivos de programas\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4413.1752\GoogleToolbarInstaller_updater_signed.exe
=== C: other files ==
2013-08-29 13:47:52 6C4CBD08A7F63BF0B8EEBE25D222A455 663551 ----a-w- C:\Documents and Settings\All Users\Desktop\sample_082013_1047.zip
2013-08-26 14:36:44 7D2B9A3746CA579B4BB778FED420F270 7485779 ----a-w- C:\Documents and Settings\f002519\Meus documentos\Downloads\Proposta e Doc (3).zip
2013-08-23 17:33:44 196E552857E5A7BD47C8234EE29BF66C 7485734 ----a-w- C:\Documents and Settings\f002519\Meus documentos\Downloads\Proposta e Doc (2).zip
2013-08-23 15:43:43 196E552857E5A7BD47C8234EE29BF66C 7485734 ----a-w- C:\Documents and Settings\f002519\Meus documentos\Downloads\Proposta e Doc (1).zip
2013-08-23 13:52:40 BCF94465CB9D84FD380CFF35CB02CFE2 7683958 ----a-w- C:\Documents and Settings\f002519\Meus documentos\Downloads\Proposta e Doc.zip
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\f002519\Dados de aplicativos\Mozilla\Firefox\Profiles\ayjwie4i.default
- NetVideoHunter - %ProfilePath%\extensions\netvideohunter@netvideohunter.com
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\f002519\Dados de aplicativos\Mozilla\Firefox\Profiles\ayjwie4i.default
ABCB4A6EAB701C629378255ABCB308E5 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
101700E93EB905992B518256CB441829 - C:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
667CB7D2CAF917608421E5250462C0AA - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
667CB7D2CAF917608421E5250462C0AA - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
6AD7B1D887D26F06033280F4B5C2034B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll - Shockwave Flash
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Documents and Settings\f002519\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\sf.crx[01/03/2013 16:06]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\f002519\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[15/08/2013 08:48]
YouTube - f002519 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - f002519 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Banco do Brasil - f002519 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - f002519 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YouTube - Fun0029 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Fun0029 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Fun0029 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{7585A3DB-544D-427B-951C-A3FB7302CD9C} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21044\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21044\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== HijackThis Entries ======================
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe
O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe
O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySql - Unknown owner - C:\MySQL\bin\mysqld-max.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Arquivos de programas\TIM Communicator\module\devicemon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
==== Empty IE Cache ======================
C:\Documents and Settings\LocalService\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f002519\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\f002519\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ayjwie4i.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\f002519\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Fun0029\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\f002519\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\f002519\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 29/08/2013 at 10:55:50,96 ======================
Portal
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )