Zoek.exe Version 4.0.0.4 Updated 31-08-2013
Tool run by f002898 on 04/09/2013 at 10:20:10,76.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\f002898\Desktop\zoek.exe [Script inserted]
==== System Restore Info ======================
04/09/2013 10:21:29 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_092013_1028.zip ======================
Copied file C:\Documents and Settings\f002898\Dados de aplicativos\unins000.exe to sample\unins000.exe
sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6
C:\Documents and Settings\All Users\Desktop\sample_092013_1028.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\WINDOWS\002749_.tmp" deleted
"C:\WINDOWS\SET25.tmp" deleted
"C:\WINDOWS\SET3.tmp" deleted
"C:\WINDOWS\SET4.tmp" deleted
"C:\WINDOWS\SET8.tmp" deleted
"C:\Documents and Settings\f002898\Dados de aplicativos\unins000.exe" deleted
"C:\Documents and Settings\f002898\Dados de aplicativos\DSite" deleted
"C:\Documents and Settings\NetworkService\Dados de aplicativos\Mozilla\Firefox\Profiles\owhysr8s.default\extensions\staged" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\f002898\Dados de aplicativos\Mozilla\Firefox\Profiles\0gn2mabk.default
- DealPly Shopping - %ProfilePath%\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
ProfilePath: C:\Documents and Settings\NetworkService\Dados de aplicativos\Mozilla\Firefox\Profiles\owhysr8s.default
- Coupons Malibu - %ProfilePath%\extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc}
- WebToSave - %ProfilePath%\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\f002898\Dados de aplicativos\Mozilla\Firefox\Profiles\0gn2mabk.default
0C8597DBC74AAF5179471BA013E3C6B4 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
ABCB4A6EAB701C629378255ABCB308E5 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
101700E93EB905992B518256CB441829 - C:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
04AF8BC83A89D9B71F7E0BCAF9FDD768 - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
==== Deleting Files \ Folders ======================
"C:\Documents and Settings\f002898\Dados de aplicativos\Mozilla\Firefox\Profiles\0gn2mabk.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}" deleted
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Documents and Settings\f002898\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\bb\sf.crx[21/11/2012 15:32]
Docs - Administrador - Default\Extensions\aohghmighlieiainnegkcijnfilokake
DealPly Shopping - f002898 - Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
GBBD Banco do Brasil - f002898 - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Docs - f002951 - Default\Extensions\aohghmighlieiainnegkcijnfilokake
avast WebRep - f002951 - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
==== Chrome Fix ======================
C:\Documents and Settings\f002898\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi deleted successfully
C:\Documents and Settings\f002898\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage deleted successfully
C:\Documents and Settings\f002898\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== HijackThis Entries ======================
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
==== Empty IE Cache ======================
C:\Documents and Settings\e0059\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f003176\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f002898\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\l1kd2nzy.default\Cache emptied successfully
C:\Documents and Settings\f002898\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\0gn2mabk.default\Cache emptied successfully
C:\Documents and Settings\f002951\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\dr6x6msy.default\Cache emptied successfully
C:\Documents and Settings\f003176\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\zsz4spgk.default\Cache emptied successfully
C:\Documents and Settings\f003204\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\h4xhhmtb.default\Cache emptied successfully
C:\Documents and Settings\Fun0094\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\zi4ore10.default\Cache emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\owhysr8s.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\f002898\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\f002951\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\f002898\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\f002898\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 04/09/2013 at 10:36:18,32 ======================
Portal
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )