Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
17 usuários online :: 0 registrados, 0 invisíveis e 17 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


adcash - Uma Praga!

2 participantes

Página 1 de 2 1, 2  Seguinte

Ir para baixo

adcash - Uma Praga! Empty adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 06:52

Olá, bom dia a todos.
Sempre que abro um navegador, Explorer ou Chrome,ele me direciona inicialmente a uma página cheia de publicidades, ADCASH, que fica o tempo todo enviando ofertas, acaba ocupando quase que a metade da tela com isso, e não sei  como resolver.
Alguém poderia me ajudar?
Agradeço.
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 08:08

Bom Dia! Jose Wilson

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> Ou aqui...

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em seu Post.

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 09:00

Não consigo executar, ele aparece rapidinho e some, fica lá embaixo na barra de execução, mas quando clico nele, ele some.
Estou usando o pc da minha esposa, pois o adcash não deixa logar aqui no fórum, eu preencho o login, quando clico em ok, ele me redireciona para essa página adcash, uma tragédia.
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 09:18

Bom Dia! Jose Wilson

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Swearware )
> Salve-o no desktop! ( Área de trabalho! )
> Renomeie-o para Winlogon.
>
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Grinler )

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Grinler )

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Grinler )

> Ps: São 3 os links disponibilizados,onde cada versão deve ser baixada,ao constatar-mos o não funcionamento das anteriores que foram experimentadas.
> Para Windows Vista ou 7,execute-a como administrador! ( Clique direito e ... )
> Ao rodar a ferramenta e surgir caixas pretas,por breves momentos,teremos a certeza que está funcionando ou em operação. Caso não tenhamos caixas pretas em sua execução,delete essa versão e baixe outra.
> Não reinicie o computador,ao concluir! << Importante!
> Execute,agora,a ferramenta ComboFix e poste seu relatório. 

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 10:02

O AVG está detectando o COMBOFIX como ameaça, e está removendo. Foram concluídas etapas 1, 2 e 3 do combo fix.

etapas 8
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 10:24

ComboFix 14-11-18.01 - Vostro1320 23/11/2014 9:59.1.2 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3033.1103 [GMT -2:00]
Executando de: c:\users\Vostro1320\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vostro1320\AppData\Local\ContentAgent.exe
c:\users\Vostro1320\AppData\Local\ContentSinder.exe
c:\users\Vostro1320\AppData\Local\msvcp100.dll
c:\users\Vostro1320\AppData\Local\msvcr100.dll
c:\users\Vostro1320\AppData\Local\QtCore4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ProtectMonitor
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-23 to 2014-11-23 ))))))))))))))))))))))))))))
.
.
2014-11-23 11:41 . 2014-11-23 11:41 -------- d--h--w- c:\program files\GAS Tecnologia
2014-11-23 11:41 . 2014-11-23 11:41 -------- d-----w- c:\program files\Diebold
2014-11-23 11:14 . 2014-11-23 11:14 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2014
2014-11-23 10:12 . 2014-11-23 10:12 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2013
2014-11-22 10:51 . 2014-11-22 10:51 -------- d-----w- C:\zoek_backup
2014-11-22 09:06 . 2014-11-22 10:10 -------- d-----w- c:\users\Vostro1320\AppData\Local\Adobe
2014-11-20 23:01 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-20 23:01 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-20 21:58 . 2014-11-20 21:58 0 ----a-w- c:\windows\system32\drivers\AVGFWD6X.SYS
2014-11-20 09:16 . 2014-11-20 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2014-11-19 23:32 . 2014-11-19 23:32 52440 ----a-w- c:\windows\system32\drivers\ifxj.sys
2014-11-13 21:22 . 2014-11-13 21:22 -------- d-sh--w- c:\users\Vostro1320\AppData\Local\EmieBrowserModeList
2014-11-13 06:38 . 2014-11-13 06:38 -------- d-----w- c:\users\Vostro1320\mobogenieP2sp
2014-11-12 07:54 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 07:53 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 07:52 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 07:51 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 07:51 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 07:51 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 07:51 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 07:51 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 07:51 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 07:51 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-12 07:50 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 07:49 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-12 07:49 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-12 07:49 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 07:49 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-12 07:49 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-12 07:49 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 07:48 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 07:48 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 07:48 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 07:48 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-12 07:47 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 07:47 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 07:47 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 07:47 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 07:47 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-29 23:34 . 2014-10-29 23:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-25 22:27 . 2014-10-25 22:27 -------- d-----w- c:\users\Vostro1320\AppData\Roaming\AVG2015
2014-10-25 22:21 . 2014-11-12 19:45 -------- d-----w- c:\programdata\AVG2015
2014-10-25 21:13 . 2014-11-07 04:41 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2015
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 12:11 . 2014-04-18 09:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-11-23 10:22 . 2014-04-18 09:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-22 09:07 . 2012-11-01 09:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 09:07 . 2012-11-01 09:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 10:47 . 2013-09-18 23:53 47192 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2014-10-10 17:13 . 2014-10-10 17:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-05 23:42 . 2014-10-05 23:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-10-01 13:11 . 2014-04-18 09:57 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 13:11 . 2014-04-18 09:57 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 13:11 . 2014-04-18 09:57 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 20:45 . 2014-09-29 20:45 14304 ----a-w- c:\programdata\Duplicaterecord.js
2014-09-25 01:40 . 2014-09-30 22:17 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-13 12:35 . 2014-09-13 12:35 720082 ----a-w- c:\users\Vostro1320\AppData\Roaming\unins001.exe
2014-09-09 21:47 . 2014-09-29 00:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-08 23:27 . 2014-09-08 23:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-09-04 05:04 . 2014-10-15 01:29 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-03 01:08 . 2014-09-03 01:09 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-09-03 01:07 . 2010-06-24 14:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-28 23:43 . 2014-08-28 23:43 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-02 20:49 . 2013-07-02 20:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-03-17 473464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-10-07 2662424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2014-07-12 518968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Megacubo.lnk - c:\program files\Megacubo\megacubo.exe -load:update -type:startup [2014-4-20 4427776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-09-15 16:07 1890360 ----a-w- c:\program files\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-07-31 20:37 1754664 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-08-12 17:19 1760312 ----a-w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 BHipsEx;Baidu HipsEx Driver;c:\windows\System32\drivers\BHipsEx.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-11-23 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-11-12 47192]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-29 213784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-09-03 42784]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-04-16 29400]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2014-09-29 546104]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-09-03 1843736]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2014-07-12 518968]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 669912]
S3 WiredTools;WiredTools;c:\program files\WiredTools\WiredTools.exe [2014-07-05 1303128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 10:16 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 09:07]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 15:49]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyServer = 127.0.0.1:14303
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\WiredTools.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bancosantander.com.br\www
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 200.152.98.2 200.152.98.5 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.iminent.id - 7e88acf60000000000000c607634f0ce
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16229
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:18
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-ContentAgent - c:\users\Vostro1320\AppData\Local\ContentAgent.exe
HKCU-Run-ContentSinder - c:\users\Vostro1320\AppData\Local\ContentSinder.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-11-23 10:17:44 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-11-23 12:17
.
Pré-execução: 574.386.937.856 bytes disponíveis
Pós execução: 574.190.256.128 bytes disponíveis
.
- - End Of File - - 5A395C330B879EA940442442EBEDE98F
A36C5E4F47E84449FF07ED3517B43A31

Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 10:44

Bom Dia! Jose Wilson

> Selecione e copie,o conteúdo que está no "Código",para o Bloco de Notas.
> Salve-o,no desktop,com o nome: CFScript << Texto!

Código:
KillAll::

Driver::
Bhbase
BHipsEx
BprotectEx
PCFApiUtil

Firefox::
FF - user.js: extensions.iminent.id - 7e88acf60000000000000c607634f0ce
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16229
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:18
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef - 
FF - user.js: extensions.iminent.dfltLng - 
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Quit::

> Ps: Desabilite,temporariamente,seu antivírus.
> Ps: Não utilizem este script em outra máquina!
> Arraste,o CFScript.txt para o ícone/interior do ComboFix.
> Veja a demonstração!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
> Ps: Faça o arraste,até surgir essa solicitação! ( janela )
> Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
> Concluindo,poste: C:\ComboFix.txt <<

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 11:38

ComboFix 14-11-18.01 - Vostro1320 23/11/2014 11:05:01.4.2 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3033.1525 [GMT -2:00]
Executando de: c:\users\Vostro1320\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Vostro1320\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BHBASE
-------\Legacy_BPROTECTEX
-------\Legacy_PCFAPIUTIL
-------\Service_Bhbase
-------\Service_BHipsEx
-------\Service_BprotectEx
-------\Service_PCFApiUtil
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-23 to 2014-11-23 ))))))))))))))))))))))))))))
.
.
2014-11-23 13:28 . 2014-11-23 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-23 12:46 . 2014-11-23 12:46 157696 ----a-w- c:\windows\ERUNT.exe
2014-11-23 12:46 . 2014-11-23 12:46 -------- d-----w- C:\FRST
2014-11-23 11:41 . 2014-11-23 11:41 -------- d--h--w- c:\program files\GAS Tecnologia
2014-11-23 11:41 . 2014-11-23 11:41 -------- d-----w- c:\program files\Diebold
2014-11-23 11:14 . 2014-11-23 11:14 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2014
2014-11-23 10:12 . 2014-11-23 10:12 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2013
2014-11-22 10:51 . 2014-11-22 10:51 -------- d-----w- C:\zoek_backup
2014-11-22 09:06 . 2014-11-22 10:10 -------- d-----w- c:\users\Vostro1320\AppData\Local\Adobe
2014-11-20 23:01 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-20 23:01 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-20 21:58 . 2014-11-20 21:58 0 ----a-w- c:\windows\system32\drivers\AVGFWD6X.SYS
2014-11-20 09:16 . 2014-11-20 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2014-11-19 23:32 . 2014-11-19 23:32 52440 ----a-w- c:\windows\system32\drivers\ifxj.sys
2014-11-13 21:22 . 2014-11-13 21:22 -------- d-sh--w- c:\users\Vostro1320\AppData\Local\EmieBrowserModeList
2014-11-13 06:38 . 2014-11-13 06:38 -------- d-----w- c:\users\Vostro1320\mobogenieP2sp
2014-11-12 07:54 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 07:53 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 07:52 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 07:51 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 07:51 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 07:51 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 07:51 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 07:51 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 07:51 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 07:51 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-12 07:50 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 07:49 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-12 07:49 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-12 07:49 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 07:49 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-12 07:49 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-12 07:49 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 07:48 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 07:48 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 07:48 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 07:48 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-12 07:47 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 07:47 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 07:47 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 07:47 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 07:47 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-29 23:34 . 2014-10-29 23:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-25 22:27 . 2014-10-25 22:27 -------- d-----w- c:\users\Vostro1320\AppData\Roaming\AVG2015
2014-10-25 22:21 . 2014-11-12 19:45 -------- d-----w- c:\programdata\AVG2015
2014-10-25 21:13 . 2014-11-07 04:41 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2015
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 13:31 . 2014-04-18 09:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-11-23 10:22 . 2014-04-18 09:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-22 09:07 . 2012-11-01 09:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 09:07 . 2012-11-01 09:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 10:47 . 2013-09-18 23:53 47192 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2014-10-10 17:13 . 2014-10-10 17:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-05 23:42 . 2014-10-05 23:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-10-01 13:11 . 2014-04-18 09:57 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 13:11 . 2014-04-18 09:57 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 13:11 . 2014-04-18 09:57 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 20:45 . 2014-09-29 20:45 14304 ----a-w- c:\programdata\Duplicaterecord.js
2014-09-25 01:40 . 2014-09-30 22:17 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-13 12:35 . 2014-09-13 12:35 720082 ----a-w- c:\users\Vostro1320\AppData\Roaming\unins001.exe
2014-09-09 21:47 . 2014-09-29 00:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-08 23:27 . 2014-09-08 23:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-09-04 05:04 . 2014-10-15 01:29 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-03 01:08 . 2014-09-03 01:09 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-09-03 01:07 . 2010-06-24 14:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-28 23:43 . 2014-08-28 23:43 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-02 20:49 . 2013-07-02 20:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-03-17 473464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-10-07 2662424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2014-07-12 518968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Megacubo.lnk - c:\program files\Megacubo\megacubo.exe -load:update -type:startup [2014-4-20 4427776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-09-15 16:07 1890360 ----a-w- c:\program files\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-07-31 20:37 1754664 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-08-12 17:19 1760312 ----a-w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-11-23 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-11-12 47192]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-29 213784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-09-03 42784]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-04-16 29400]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2014-09-29 546104]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-09-03 1843736]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2014-07-12 518968]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 669912]
S3 WiredTools;WiredTools;c:\program files\WiredTools\WiredTools.exe [2014-07-05 1303128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 10:16 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 09:07]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 15:49]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyServer = 127.0.0.1:14303
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\WiredTools.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bancosantander.com.br\www
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 200.152.98.2 200.152.98.5 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.iminent.id - 7e88acf60000000000000c607634f0ce
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16229
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:18
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-11-23 11:35:53 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-11-23 13:35
ComboFix2.txt 2014-11-23 12:17
.
Pré-execução: 574.177.435.648 bytes disponíveis
Pós execução: 574.182.637.568 bytes disponíveis
.
- - End Of File - - 10AC97536715F01D3309B10015371FEE
A36C5E4F47E84449FF07ED3517B43A31
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 11:55

Bom Dia! Jose Wilson

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar". 

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 12:18

# AdwCleaner v4.101 - Relatório criado 23/11/2014 às 12:12:09
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-23.1 [Live]
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : Vostro1320 - VOSTRO1320-PC
# Executando de : C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : vToolbarUpdater3.2.0

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AVG SafeGuard toolbar
Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\ProgramData\AVG Security Toolbar
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Uniblue
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\AVG SafeGuard toolbar
Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\PCDApp
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\Vostro1320\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Vostro1320\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Vostro1320\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Vostro1320\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Vostro1320\AppData\Roaming\Mobogenie
Pasta Deletada : C:\Users\Vostro1320\AppData\Roaming\RHEng
Pasta Deletada : C:\Users\Vostro1320\Documents\Mobogenie
Pasta Deletada : C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Arquivo Deletada : C:\Windows\system32\SecureAssist.ini
Arquivo Deletada : C:\Windows\system32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\Vostro1320\daemonprocess.txt
Arquivo Deletada : C:\Users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\user.js

***** [ Tarefas ] *****

Tarefa Deletedo : FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{8628C2EA-1AE0-B56C-91FF-5695D800F1C2}]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\driverscanner
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[#] Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\WEDLMNGR
Chave Deletedo : HKCU\Software\CoinisRS
Chave Deletedo : HKLM\SOFTWARE\AVG SafeGuard toolbar
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\Speedchecker Limited
Chave Deletedo : HKLM\SOFTWARE\Uniblue
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\013AC89AE8CD1D45889FDECE68DF5C58
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13FCB74451B14F755A9489A45D48059A
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A8D788750C70AA57A73B2319DF554AE
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\592A2C0FFC3C7855AA30F38A3C25B7DA
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A426544C5826DA5292547521114EC1F
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC5ECDC1EDBB7615D81C34F1B6A68589
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D35F7D2F9958FA155AE7953C4A2EE959
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB01B45D33D99A85CB09D2FCEABE5EAC
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF720937002023F49ACAE8048560C5A1
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\DF720937002023F49ACAE8048560C5A1
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\DF720937002023F49ACAE8048560C5A1

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17420

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v18.0.2 (pt-BR)

[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.admin", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.dfltLng", "");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.excTlbr", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.id", "7e88acf60000000000000c607634f0ce");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.instlDay", "16229");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.instlRef", "");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.newTab", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.rvrt", "false");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.39:18:17");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");

-\\ Google Chrome v39.0.2171.65

[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Opera v0.0.0.0

[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [15215 octets] - [23/11/2014 12:08:25]
AdwCleaner[S0].txt - [15429 octets] - [23/11/2014 12:12:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15490 octets] ##########
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 12:53

Boa Tarde! Jose Wilson

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ... 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 13:09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Basic x86
Ran by Vostro1320 on 23/11/2014 at 13:05:25,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\ProgramData\duplicaterecord.js"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Vostro1320\AppData\Roaming\baidu security"



~~~ FireFox

Emptied folder: C:\Users\Vostro1320\AppData\Roaming\mozilla\firefox\profiles\uzs7z070.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/11/2014 at 13:07:59,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 13:57

Boa Tarde! Jose Wilson

> Instale o FRST e poste seus relatórios! ( FRST.txt + Addition.txt )

A+

_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 15:31

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
Ran by Vostro1320 at 2014-11-23 15:29:22
Running from C:\Users\Vostro1320\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version: - )
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Aplicativo Itaú (HKLM\...\{F0FC58B7-CD41-4F3A-A1CE-2F5BEC1B48DE}) (Version: 1.0.30 - Banco Itaú)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
CALL - Vs5 (HKLM\...\CALL_VS5) (Version: 5 - CCAA)
CALL Vs.5 (Version: 5 - CCAA) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Nome de sua empresa:)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.)
Estudo de melhoria do produto HP Deskjet 1000 J110 series (HKLM\...\{16350E4D-D662-4103-BC10-7F729E16E96E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Files To Phones v2.1 (HKLM\...\Files To Phones_is1) (Version: 2.1 - PromoToMobile team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Guardião - Itaú 30 horas (HKLM\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.3.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Laptop Integrated Webcam Driver (1.01.01.0529) (HKLM\...\Creative OEM013) (Version: - )
LibreOffice 4.2.5.2 (HKLM\...\{93AD8CBD-C32E-4318-90BB-A294BE2D712C}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Megacubo 10 (HKLM\...\Megacubo_is1) (Version: 1.4.0 - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Módulo de Proteção Banco Santander (Brasil) S.A. (HKLM\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.7.1.1 - )
Mozilla Firefox 18.0.2 (x86 pt-BR) (HKLM\...\Mozilla Firefox 18.0.2 (x86 pt-BR)) (Version: 18.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.2 - Mozilla)
MSM2MSI_gstudio (HKLM\...\{C53F001E-5912-4E76-AC49-9AC20B36B1A2}) (Version: 2.0 - Pantaray)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
Nero 7 Lite 7.9.6.0 (HKLM\...\Nero 7 Lite_is1) (Version: - Updatepack.nl)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}) (Version: 2.0.09 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.09 - O2Micro International LTD.) Hidden
PC Data App (HKLM\...\PCData App) (Version: - ) <==== ATTENTION
PowerDVD (HKLM\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.30.0000 - CyberLink)
PowerDVD (Version: 7.30.0000 - CyberLink) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™️ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Software básico do dispositivo HP Deskjet 1000 J110 series (HKLM\...\{B774EBF3-D178-4EAA-9E96-CFAAC0D00D16}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Warsaw 1.3.1 (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
WinAVI Video Converter 9.0 (HKLM\...\WinAVI Video Converter 9.09.0) (Version: 9.0 - WinAVI Video Converter 9.0)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WiredTools (HKLM\...\WiredTools_is1) (Version: 2.3.2.0 - WiredTools LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{5E2663C1-51B3-49B7-B081-70181C2AF816}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{88007BE6-7171-46F0-858B-852DAD96016D}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{AFA95F79-06AC-4B9A-B261-D415063DC2B3}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{F69B7E4A-4A83-4485-8860-85DAA196D745}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:04 - 2014-11-23 11:31 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2128BD26-621C-4820-ACFB-DA2102047B97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-22] (Adobe Systems Incorporated)
Task: {35B6DED7-B2B6-4F6D-A0A5-FC174E464EB8} - System32\Tasks\{203436BC-B069-4534-BE79-D80398D1B5A2} => C:\Users\Vostro1320\Downloads\DELL_WIRELESS-370-BLUETOOTH-_A02-1_R235898.exe [2014-04-18] ()
Task: {38735F1B-157A-4831-BDEF-8B483D335E31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {3CF82531-C316-41FC-8D6E-D89593B0D506} - System32\Tasks\{C6BBDFBE-5BED-49BD-AD87-CF0953800345} => Chrome.exe
Task: {4E0F9B49-F50E-4AFC-B33F-9F743EA15408} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {518C5BDC-16F3-45D6-BD1A-1878B76D056E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {60DAB2A9-A0AF-481E-B9DE-62C1D9DCC866} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {631AACA1-C4A7-417C-8711-A33E3EAADB16} - System32\Tasks\{DEE13C22-33E4-4BB7-87CC-B0576155AE0B} => Chrome.exe
Task: {6C814033-561A-448C-924D-E47504A06C75} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {91079704-109F-44DC-A9AB-C80285244D30} - System32\Tasks\{8B9376A3-EEC3-44BC-9DB3-05169026326C} => Chrome.exe
Task: {C6410B17-6BB3-408F-B029-B2D113BD3FB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {CA3249E4-D879-4921-B8D0-F12B21E835C6} - System32\Tasks\{C2877B7D-5B34-4A5A-905D-584A59FA7E55} => C:\Users\Vostro1320\Downloads\adwcleaner_4.101.exe
Task: {CB13D63B-D021-40FB-9EEB-069F5537A7AA} - System32\Tasks\{C00B0CFD-4134-450E-99C6-28DF7C817E6C} => Chrome.exe
Task: {D180A894-BBBC-441D-B679-EAE287448B5D} - System32\Tasks\{CE4D0B9D-D322-4EE0-8BB9-6C10449094C1} => Chrome.exe
Task: {DCD67E1B-0D1B-498B-87AF-133868E5C9DF} - System32\Tasks\{240F1DF1-EE59-4DBB-89EE-C5E59134744B} => C:\Users\Vostro1320\Downloads\ChromeSetup.exe [2014-10-04] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2012-09-11 14:14 - 2007-02-07 17:29 - 00173616 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-09-02 23:09 - 2014-10-07 06:44 - 00577560 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-03-17 08:59 - 2014-03-17 08:59 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-03-17 08:58 - 2014-03-17 08:58 - 00082808 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-03-17 08:58 - 2014-03-17 08:58 - 00357752 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2012-09-11 14:10 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-21 21:10 - 2014-11-14 19:15 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-21 21:10 - 2014-11-14 19:15 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WiredTools => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrador (S-1-5-21-705239193-524659859-1482476315-500 - Administrator - Disabled)
Convidado (S-1-5-21-705239193-524659859-1482476315-501 - Limited - Enabled)
Vostro1320 (S-1-5-21-705239193-524659859-1482476315-1000 - Administrator - Enabled) => C:\Users\Vostro1320

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/23/2014 01:46:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-11-20 17:43:15.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:43:14.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:43:13.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:43:12.843
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.243
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.040
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:05:04.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:05:04.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 36%
Total physical RAM: 3032.96 MB
Available physical RAM: 1921.05 MB
Total Pagefile: 6064.2 MB
Available Pagefile: 4539.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:534.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 596.2 GB) (Disk ID: 70920402)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 16:06

Boa Tarde! Jose Wilson

> Faltou o FRST.txt,mas disponibilize-o em Cjoint.com.
> Poste o link ao relatório!


A+

_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 16:49

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Vostro1320 (administrator) on VOSTRO1320-PC on 23-11-2014 16:42:02
Running from C:\Users\Vostro1320\Desktop\PROTEÇÃO
Loaded Profile: Vostro1320 (Available profiles: Vostro1320)
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehAbn.dll (Banco Real)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Megacubo.lnk
ShortcutTarget: Megacubo.lnk -> C:\Program Files\Megacubo\megacubo.exe ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-705239193-524659859-1482476315-1000] => 127.0.0.1:14303
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD4CDAC8F920CE01
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> DefaultScope Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> {23A14FE8-E2F6-4CA1-A547-70745BA3EB79} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
Toolbar: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [1890360 2014-09-15] (Banco Real)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 200.152.98.2 200.152.98.5 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default
FF DefaultSearchEngine:
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-705239193-524659859-1482476315-1000: gastecnologia.com.br/sf/abn -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-705239193-524659859-1482476315-1000: gastecnologia.com.br/sf/uni -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\search_the_web.xml
FF Extension: Pinterest Right-Click - C:\Users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\Extensions\pinterest-addon@felixfung.ca.xpi [2012-10-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2014-04-26]
FF HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-09-13]

Chrome:
=======
CHR HomePage: Profile 1 ->
CHR StartupUrls: Profile 1 -> "", "", "", "hxxp://start.iminent.com/?appId=463D14D3-8CD8-4CC8-A39C-732A9B4DBF97", "https://www.google.com.br/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Profile: C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Circles Share) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-09-06]
CHR Extension: (feedly) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-06]
CHR Extension: (Create Short URL) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-09-06]
CHR Extension: (Internet Speed Tracker) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jinlofiojphnmpllecgejammnjcmeipf [2014-09-20]
CHR Extension: (rikaikun) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-09-06]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
S3 WiredTools; C:\Program Files\WiredTools\WiredTools.exe [1303128 2014-07-04] (WiredTools Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
U4 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [0 2014-11-20] () [File not signed]
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-02] (AVG Technologies)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-11-12] (GAS Tecnologia)
R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-04-16] (GAS Tecnologia)
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-11-23] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\VOSTRO~1\AppData\Local\Temp\catchme.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 16:22 - 2014-11-23 16:25 - 00000000 ____D () C:\Users\Vostro1320\Desktop\MATERIAL PARA CONCURSOS
2014-11-23 15:29 - 2014-11-23 15:29 - 00024854 _____ () C:\Users\Vostro1320\Downloads\Addition.txt
2014-11-23 15:28 - 2014-11-23 15:29 - 00038748 _____ () C:\Users\Vostro1320\Downloads\FRST.txt
2014-11-23 15:28 - 2014-11-23 15:28 - 00000000 ____D () C:\Users\Vostro1320\Downloads\FRST-OlderVersion
2014-11-23 15:27 - 2014-11-23 15:28 - 01110016 _____ (Farbar) C:\Users\Vostro1320\Downloads\FRST.exe
2014-11-23 13:07 - 2014-11-23 13:07 - 00000984 _____ () C:\Users\Vostro1320\Desktop\JRT.txt
2014-11-23 13:05 - 2014-11-23 13:05 - 00000000 ____D () C:\Windows\ERUNT
2014-11-23 12:14 - 2014-11-23 12:14 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-11-23 12:07 - 2014-11-23 12:07 - 00012568 _____ (Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\Drivers\PROCEXP113.SYS
2014-11-23 12:05 - 2014-11-23 12:05 - 02140160 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
2014-11-23 11:39 - 2014-11-23 11:42 - 00000000 ____D () C:\Users\Vostro1320\Desktop\CORREÇÃO DO PC
2014-11-23 11:35 - 2014-11-23 11:35 - 00018490 _____ () C:\ComboFix.txt
2014-11-23 10:46 - 2014-11-23 16:42 - 00000000 ____D () C:\FRST
2014-11-23 10:11 - 2014-11-23 12:14 - 00000168 _____ () C:\Windows\setupact.log
2014-11-23 10:11 - 2014-11-23 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 10:10 - 2014-11-23 12:13 - 00016510 _____ () C:\Windows\PFRO.log
2014-11-23 10:10 - 2014-11-23 10:10 - 00466792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 09:57 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 09:57 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 09:57 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 09:56 - 2014-11-23 12:07 - 00000000 ____D () C:\Qoobox
2014-11-23 09:55 - 2014-11-23 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 09:54 - 2014-11-23 09:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (2).com
2014-11-23 09:53 - 2014-11-23 09:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (1).com
2014-11-23 09:51 - 2014-11-23 09:52 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill.com
2014-11-23 09:50 - 2014-11-23 09:50 - 05598306 ____R (Swearware) C:\Users\Vostro1320\Desktop\ComboFix.exe
2014-11-23 09:41 - 2014-11-23 09:41 - 00000000 ___HD () C:\Program Files\GAS Tecnologia
2014-11-23 09:41 - 2014-11-23 09:41 - 00000000 ____D () C:\Program Files\Diebold
2014-11-23 09:19 - 2014-11-23 09:19 - 00001250 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk
2014-11-23 09:16 - 2014-11-23 09:16 - 00016335 _____ () C:\ZA-Scan.txt
2014-11-23 09:14 - 2014-11-23 09:14 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Avg2014
2014-11-23 08:16 - 2014-11-23 08:16 - 01971460 _____ () C:\Users\Vostro1320\Desktop\AVGInstLog.cab
2014-11-23 08:12 - 2014-11-23 08:12 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Avg2013
2014-11-23 08:10 - 2014-11-23 08:10 - 04445640 _____ (AVG Technologies) C:\Users\Vostro1320\Downloads\avg_avct_stb_all_2013_3272_freets11.exe
2014-11-22 08:51 - 2014-11-22 08:51 - 00000000 ____D () C:\zoek_backup
2014-11-22 08:50 - 2014-11-22 08:51 - 01351168 _____ () C:\Users\Vostro1320\Downloads\ZA-Scan.exe
2014-11-22 08:47 - 2014-11-22 09:02 - 00011811 _____ () C:\Users\Vostro1320\Downloads\hijackthis.log
2014-11-22 08:44 - 2014-11-22 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vostro1320\Downloads\HijackThis (1).exe
2014-11-22 08:16 - 2014-11-22 08:16 - 00002159 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 08:10 - 2014-11-22 08:10 - 00001349 _____ () C:\Users\Vostro1320\Desktop\Internet Explorer.lnk
2014-11-22 07:06 - 2014-11-22 08:10 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Adobe
2014-11-20 21:01 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 21:01 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 19:58 - 2014-11-20 19:58 - 00000000 _____ () C:\Windows\system32\Drivers\AVGFWD6X.SYS
2014-11-20 19:28 - 2014-11-23 15:25 - 00383791 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 07:16 - 2014-11-20 07:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-20 07:16 - 2014-11-20 07:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-20 07:16 - 2014-11-20 07:16 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-20 07:16 - 2014-11-20 07:16 - 00000000 ____D () C:\Program Files\Adobe
2014-11-19 21:32 - 2014-11-19 21:32 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ifxj.sys
2014-11-16 05:46 - 2014-11-16 05:46 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 04:38 - 2014-11-15 04:38 - 01057112 _____ (Installer Setup ) C:\Users\Vostro1320\Downloads\setup.exe.8nfp47q.partial
2014-11-13 19:22 - 2014-11-13 19:22 - 00000000 __SHD () C:\Users\Vostro1320\AppData\Local\EmieBrowserModeList
2014-11-13 04:38 - 2014-11-13 04:38 - 00000000 ____D () C:\Users\Vostro1320\mobogenieP2sp
2014-11-12 06:01 - 2014-11-07 17:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:01 - 2014-11-06 01:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:01 - 2014-11-06 01:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:01 - 2014-11-06 01:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:01 - 2014-11-06 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:01 - 2014-11-06 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:01 - 2014-11-06 01:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:01 - 2014-11-06 01:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:01 - 2014-11-06 01:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:01 - 2014-11-06 01:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:01 - 2014-11-06 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:01 - 2014-11-06 01:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:01 - 2014-11-06 00:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:01 - 2014-11-06 00:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:01 - 2014-11-06 00:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:01 - 2014-11-06 00:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:01 - 2014-11-06 00:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:01 - 2014-11-06 00:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:01 - 2014-11-06 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:01 - 2014-11-06 00:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:01 - 2014-11-06 00:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:01 - 2014-11-06 00:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:01 - 2014-11-06 00:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:01 - 2014-11-06 00:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:01 - 2014-11-06 00:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:01 - 2014-11-06 00:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:01 - 2014-11-06 00:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:01 - 2014-11-05 23:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:01 - 2014-11-05 23:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:01 - 2014-11-05 23:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 05:54 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 05:53 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 05:52 - 2014-10-13 23:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 05:51 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 05:51 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 05:50 - 2014-10-09 22:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 05:49 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 05:48 - 2014-11-05 15:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 05:48 - 2014-11-05 15:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 05:48 - 2014-11-05 15:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 05:48 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 05:47 - 2014-10-13 23:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 05:47 - 2014-10-13 23:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 05:47 - 2014-10-13 23:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 05:47 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 05:47 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-08 13:32 - 2014-11-08 13:54 - 907519920 _____ () C:\Users\Vostro1320\Downloads\Nebraska.2013.720p.BluRay.x264.YIFY.mp4
2014-11-08 08:38 - 2014-11-08 08:38 - 00001823 _____ () C:\Users\Vostro1320\Desktop\JAPONÊS - Atalho.lnk
2014-11-08 08:38 - 2014-11-08 08:38 - 00001178 _____ () C:\Users\Vostro1320\Desktop\Documentos - Atalho (2).lnk
2014-11-07 04:32 - 2014-11-08 06:01 - 00000000 ____D () C:\Users\Vostro1320\Documents\JAPONÊS
2014-11-07 03:50 - 2014-11-07 03:51 - 23232740 _____ () C:\Users\Vostro1320\Downloads\anki-2.0.31.exe
2014-11-01 11:36 - 2014-10-23 00:03 - 791622046 _____ () C:\Users\Vostro1320\Desktop\O Preço Do Amanha ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
2014-10-29 21:34 - 2014-10-29 21:34 - 00213784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-10-25 20:27 - 2014-10-25 20:27 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\AVG2015
2014-10-25 20:25 - 2014-11-15 09:50 - 00000913 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-25 20:21 - 2014-11-12 17:45 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2015
2014-10-25 20:21 - 2014-11-12 17:45 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-25 19:13 - 2014-11-07 02:41 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Avg2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 16:42 - 2014-04-18 09:00 - 00000000 ____D () C:\Users\Vostro1320\Desktop\PROTEÇÃO
2014-11-23 16:25 - 2011-02-04 15:30 - 00006250 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 16:25 - 2009-07-14 06:31 - 02233582 _____ () C:\Windows\system32\prfh0416.dat
2014-11-23 16:25 - 2009-07-14 06:31 - 01609566 _____ () C:\Windows\system32\prfc0416.dat
2014-11-23 16:19 - 2012-11-01 07:32 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 16:15 - 2012-09-11 14:35 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 12:45 - 2012-11-12 18:01 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\Skype
2014-11-23 12:32 - 2014-04-18 07:32 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-11-23 12:32 - 2014-04-18 07:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-23 12:21 - 2009-07-14 02:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:21 - 2009-07-14 02:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:14 - 2014-04-18 07:59 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-23 12:14 - 2014-04-18 07:59 - 00000396 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-11-23 12:14 - 2012-09-11 14:35 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 12:14 - 2009-07-14 02:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 12:12 - 2014-04-18 07:44 - 00000000 ____D () C:\AdwCleaner
2014-11-23 12:12 - 2012-09-11 14:05 - 00000000 ____D () C:\Users\Vostro1320
2014-11-23 11:31 - 2009-07-14 00:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-23 11:29 - 2009-07-14 00:03 - 52183040 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 15728640 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 00319488 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 00061440 _____ () C:\Windows\system32\config\SAM.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-23 10:17 - 2009-07-14 00:37 - 00000000 __RHD () C:\Users\Default
2014-11-23 10:17 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Public
2014-11-23 10:10 - 2013-09-18 21:52 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-11-23 10:10 - 2013-09-18 21:52 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-11-23 10:04 - 2014-09-13 10:32 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-11-23 10:04 - 2014-09-13 10:32 - 00000000 ____D () C:\ProgramData\Temp
2014-11-23 09:42 - 2014-09-13 10:34 - 00001024 _____ () C:\.rnd
2014-11-23 08:22 - 2014-04-18 07:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 07:56 - 2014-09-21 08:49 - 00000000 ____D () C:\Program Files\Baixar Musicas Gratis
2014-11-23 07:38 - 2014-10-11 00:34 - 00000000 ____D () C:\Program Files\Mobogenie3
2014-11-22 07:58 - 2012-09-21 23:29 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\Media Player Classic
2014-11-22 07:58 - 2012-09-11 18:59 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\uTorrent
2014-11-22 07:07 - 2012-11-01 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-22 07:07 - 2012-11-01 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 22:03 - 2014-09-07 09:16 - 00000000 ____D () C:\Users\Vostro1320\Documents\Anki
2014-11-21 20:57 - 2013-07-02 18:56 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-11-21 20:57 - 2013-07-02 18:56 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-11-21 07:00 - 2012-09-11 14:36 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-21 06:54 - 2014-06-08 14:02 - 00000000 _____ () C:\Windows\system32\s.o
2014-11-21 06:54 - 2013-09-18 21:52 - 00000000 ____D () C:\Program Files\GbPlugin
2014-11-20 20:47 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-20 19:49 - 2014-05-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-20 07:24 - 2014-09-13 06:50 - 00000000 ____D () C:\Users\Vostro1320\Desktop\JAPA
2014-11-20 07:16 - 2012-09-12 17:00 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-11-20 07:16 - 2012-09-12 17:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-19 22:21 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\rescache
2014-11-18 05:55 - 2013-02-17 19:44 - 00000000 ____D () C:\Windows\Minidump
2014-11-16 05:46 - 2014-04-18 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 05:46 - 2014-04-18 07:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-15 10:12 - 2014-09-21 08:51 - 00518327 _____ () C:\Users\Vostro1320\AppData\Local\sinder.txt
2014-11-15 09:55 - 2014-08-03 09:40 - 00269257 _____ () C:\Users\Vostro1320\AppData\Local\viewer.txt
2014-11-15 04:50 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 03:42 - 2014-09-21 08:50 - 00000000 ____D () C:\Program Files\WiredTools
2014-11-13 03:42 - 2014-08-03 09:39 - 00004560 _____ () C:\Windows\system32\WiredTools.ini
2014-11-13 03:42 - 2014-08-03 09:39 - 00002384 _____ () C:\Windows\system32\WiredToolsOff.ini
2014-11-13 03:32 - 2014-05-09 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:32 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-11-13 03:16 - 2012-09-11 14:36 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-11-13 03:16 - 2012-09-11 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:08 - 2013-08-15 23:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:01 - 2012-09-19 21:50 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 08:47 - 2013-09-18 21:53 - 00047192 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpkm.sys
2014-11-11 17:49 - 2014-04-18 07:34 - 00000000 ____D () C:\$AVG
2014-11-08 13:07 - 2014-09-14 07:44 - 00000000 ____D () C:\Users\Vostro1320\Downloads\zé
2014-11-07 03:52 - 2014-09-07 09:16 - 00000881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2014-11-07 03:52 - 2014-09-07 09:16 - 00000869 _____ () C:\Users\Vostro1320\Desktop\Anki.lnk
2014-10-25 20:28 - 2014-04-18 07:34 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2014
2014-10-25 20:28 - 2014-04-18 07:34 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-25 20:26 - 2014-08-04 08:49 - 00000000 ____D () C:\Users\Vostro1320\Documents\SENHAS
2014-10-25 20:21 - 2014-04-18 07:34 - 00000000 ____D () C:\Program Files\AVG

Some content of TEMP:
====================
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-19 22:14

==================== End Of Log ============================
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 17:50

Boa Tarde! Jose Wilson

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a na pasta: C:\Users\Vostro1320\Desktop\PROTEÇÃO

start
CloseProcesses:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR StartupUrls: Profile 1 -> "", "", "", "hxxp://start.iminent.com/?appId=463D14D3-8CD8-4CC8-A39C-732A9B4DBF97", "https://www.google.com.br/"
S3 catchme; \??\C:\Users\VOSTRO~1\AppData\Local\Temp\catchme.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
2014-11-23 13:07 - 2014-11-23 13:07 - 00000984 _____ () C:\Users\Vostro1320\Desktop\JRT.txt
2014-11-23 12:05 - 2014-11-23 12:05 - 02140160 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
2014-11-23 11:35 - 2014-11-23 11:35 - 00018490 _____ () C:\ComboFix.txt
2014-11-23 10:11 - 2014-11-23 12:14 - 00000168 _____ () C:\Windows\setupact.log
2014-11-23 10:11 - 2014-11-23 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 10:10 - 2014-11-23 12:13 - 00016510 _____ () C:\Windows\PFRO.log
2014-11-23 09:57 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 09:57 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 09:57 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 09:56 - 2014-11-23 12:07 - 00000000 ____D () C:\Qoobox
2014-11-23 09:55 - 2014-11-23 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 09:54 - 2014-11-23 09:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (2).com
2014-11-23 09:53 - 2014-11-23 09:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (1).com
2014-11-23 09:51 - 2014-11-23 09:52 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill.com
2014-11-23 09:50 - 2014-11-23 09:50 - 05598306 ____R (Swearware) C:\Users\Vostro1320\Desktop\ComboFix.exe
2014-11-23 09:19 - 2014-11-23 09:19 - 00001250 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk
2014-11-23 09:16 - 2014-11-23 09:16 - 00016335 _____ () C:\ZA-Scan.txt
2014-11-22 08:51 - 2014-11-22 08:51 - 00000000 ____D () C:\zoek_backup
2014-11-22 08:50 - 2014-11-22 08:51 - 01351168 _____ () C:\Users\Vostro1320\Downloads\ZA-Scan.exe
2014-11-22 08:47 - 2014-11-22 09:02 - 00011811 _____ () C:\Users\Vostro1320\Downloads\hijackthis.log
2014-11-22 08:44 - 2014-11-22 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vostro1320\Downloads\HijackThis (1).exe
2014-11-20 19:28 - 2014-11-23 15:25 - 00383791 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 12:12 - 2014-04-18 07:44 - 00000000 ____D () C:\AdwCleaner
2014-11-23 09:42 - 2014-09-13 10:34 - 00001024 _____ () C:\.rnd
2014-11-15 10:12 - 2014-09-21 08:51 - 00518327 _____ () C:\Users\Vostro1320\AppData\Local\sinder.txt
2014-11-15 09:55 - 2014-08-03 09:40 - 00269257 _____ () C:\Users\Vostro1320\AppData\Local\viewer.txt
Task: {4E0F9B49-F50E-4AFC-B33F-9F743EA15408} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll
emptytemp:
end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar
> Poste o relatório! (Fixlog.txt)

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 18:08

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Vostro1320 at 2014-11-23 18:00:02 Run:1
Running from C:\Users\Vostro1320\Desktop\PROTEÇÃO
Loaded Profile: Vostro1320 (Available profiles: Vostro1320)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR StartupUrls: Profile 1 -> "", "", "", "hxxp://start.iminent.com/?appId=463D14D3-8CD8-4CC8-A39C-732A9B4DBF97", "https://www.google.com.br/"
S3 catchme; \??\C:\Users\VOSTRO~1\AppData\Local\Temp\catchme.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
2014-11-23 13:07 - 2014-11-23 13:07 - 00000984 _____ () C:\Users\Vostro1320\Desktop\JRT.txt
2014-11-23 12:05 - 2014-11-23 12:05 - 02140160 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
2014-11-23 11:35 - 2014-11-23 11:35 - 00018490 _____ () C:\ComboFix.txt
2014-11-23 10:11 - 2014-11-23 12:14 - 00000168 _____ () C:\Windows\setupact.log
2014-11-23 10:11 - 2014-11-23 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 10:10 - 2014-11-23 12:13 - 00016510 _____ () C:\Windows\PFRO.log
2014-11-23 09:57 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 09:57 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 09:57 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 09:56 - 2014-11-23 12:07 - 00000000 ____D () C:\Qoobox
2014-11-23 09:55 - 2014-11-23 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 09:54 - 2014-11-23 09:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (2).com
2014-11-23 09:53 - 2014-11-23 09:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (1).com
2014-11-23 09:51 - 2014-11-23 09:52 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill.com
2014-11-23 09:50 - 2014-11-23 09:50 - 05598306 ____R (Swearware) C:\Users\Vostro1320\Desktop\ComboFix.exe
2014-11-23 09:19 - 2014-11-23 09:19 - 00001250 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk
2014-11-23 09:16 - 2014-11-23 09:16 - 00016335 _____ () C:\ZA-Scan.txt
2014-11-22 08:51 - 2014-11-22 08:51 - 00000000 ____D () C:\zoek_backup
2014-11-22 08:50 - 2014-11-22 08:51 - 01351168 _____ () C:\Users\Vostro1320\Downloads\ZA-Scan.exe
2014-11-22 08:47 - 2014-11-22 09:02 - 00011811 _____ () C:\Users\Vostro1320\Downloads\hijackthis.log
2014-11-22 08:44 - 2014-11-22 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vostro1320\Downloads\HijackThis (1).exe
2014-11-20 19:28 - 2014-11-23 15:25 - 00383791 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 12:12 - 2014-04-18 07:44 - 00000000 ____D () C:\AdwCleaner
2014-11-23 09:42 - 2014-09-13 10:34 - 00001024 _____ () C:\.rnd
2014-11-15 10:12 - 2014-09-21 08:51 - 00518327 _____ () C:\Users\Vostro1320\AppData\Local\sinder.txt
2014-11-15 09:55 - 2014-08-03 09:40 - 00269257 _____ () C:\Users\Vostro1320\AppData\Local\viewer.txt
Task: {4E0F9B49-F50E-4AFC-B33F-9F743EA15408} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll
emptytemp:
end

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
Chrome StartupUrls deleted successfully.
catchme => Service deleted successfully.
NdisrdMP => Service deleted successfully.
"C:\Users\Vostro1320\Desktop\JRT.txt" => File/Directory not found.
C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Windows\erdnt => Moved successfully.
C:\Users\Vostro1320\Downloads\rkill (2).com => Moved successfully.
C:\Users\Vostro1320\Downloads\rkill (1).com => Moved successfully.
C:\Users\Vostro1320\Downloads\rkill.com => Moved successfully.
"C:\Users\Vostro1320\Desktop\ComboFix.exe" => File/Directory not found.
C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk => Moved successfully.
C:\ZA-Scan.txt => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Vostro1320\Downloads\ZA-Scan.exe => Moved successfully.
C:\Users\Vostro1320\Downloads\hijackthis.log => Moved successfully.
C:\Users\Vostro1320\Downloads\HijackThis (1).exe => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\AdwCleaner => Moved successfully.
C:\.rnd => Moved successfully.
C:\Users\Vostro1320\AppData\Local\sinder.txt => Moved successfully.
C:\Users\Vostro1320\AppData\Local\viewer.txt => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E0F9B49-F50E-4AFC-B33F-9F743EA15408}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E0F9B49-F50E-4AFC-B33F-9F743EA15408}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 349 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-23 18:02:55)<=

"C:\Windows\WindowsUpdate.log" => File could not move.

==== End of Fixlog ====
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 18:28

Boa Noite! Jose Wilson

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )

> Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 19:20

O Chrome impede a execução em 18%. E pede para desativar o ontivirus.
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 21:22

Jose Wilson escreveu:O Chrome impede a execução em 18%. E pede para desativar o ontivirus.
Boa Noite! Jose Wilson

> Feche o navegador e desabilite o AVG.
> Já tentou a solicitação?

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 22:17

Não é possível, e o programa pára exatamente nos 18%, e o chrome pede para desabilitar o anti vírus, que já está desabilitado.
Tentei copiar o log que aparece, mas ele não permite selecionar, ou qq outro comando. Tenho que ir o ctrl-alt-del, senão trava o pc.
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 22:25

Boa Noite! Jose Wilson

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!

> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Jose Wilson Dom 23 Nov 2014, 22:56

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Jose Wilson
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 64
Localização : Centro - Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por joram Dom 23 Nov 2014, 23:16

Boa Noite! Jose Wilson

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
EmptyPrefetch
FirewallRaz
EmptyCLSID
EmptyFlash
EmptyTemp
HiddenFix
ProxyFix
HostFix
IfeoFix
[MD5.00000000000000000000000000000000] [APT] [{61961AFA-B7BC-4691-AA80-3EB614C1C80F}] (...) -- C:\Users\Vostro1320\Downloads\HijackThis (1).exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{6B5AB8CE-944C-4DB1-9FCA-3E36ADB159DE}] (...) -- C:\Users\Vostro1320\Downloads\HijackThis (1).exe (.not file.)   [0]
O4 - HKLM\..\Run: [LanguageShortcut] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O42 - Logiciel: PC Data App - (...) [HKLM] -- PCData App
O43 - CFD: 13/09/2014 - 10:48:24 - [] ----D C:\ProgramData\boost_interprocess
O44 - LFC:[MD5.EA29751D5408F7C62C00A82FFD4A1F83] - 22/11/2014 - 07:54:40 ---A- . (...) -- C:\zoek-results2014-11-22-105440.log   [17049]
O45 - LFCP:[MD5.0733EDD85AED35C08926251EA26C058F] - 23/11/2014 - 06:38:07 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-F744BFAF.pf
O61 - LFC: 22/11/2014 - 22:35:52 ---A- . (.Trend Micro Inc..) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\HijackThis.exe   [388608]
O61 - LFC: 23/11/2014 - 22:35:52 ---A- . (.Farbar.) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\FSS.exe   [415232]
O61 - LFC: 23/11/2014 - 22:35:52 ---A- . (.Thisisu.) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\JRT.exe   [1707532]
O61 - LFC: 23/11/2014 - 22:35:52 R--A- . (.Swearware.) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\ComboFix.exe   [5598306]
O87 - FAEL: "{73C3AFA7-D24C-4902-A6FD-A5BFB957898D}" | In - Public - P6 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
O87 - FAEL: "{9A33DFC3-2638-4755-A8BE-45D689B724C1}" | In - Public - P17 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
O87 - FAEL: "{F5A39E22-FA8C-4040-861D-45FFFF20FB6B}" | In - Private - P6 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
O87 - FAEL: "{CBC2FBDC-E873-47F0-BDB4-41E663F85D4F}" | In - Private - P17 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
[HKCU\Software\PCDataApp]
[HKLM\Software\PCDataApp]
C:\Program Files\Mobogenie3
sysrestore


> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+


Última edição por joram em Dom 23 Nov 2014, 23:39, editado 1 vez(es)
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

adcash - Uma Praga! Empty Re: adcash - Uma Praga!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos