Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes :: 2 Motores de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


adcash - Uma Praga!

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 06:52

Olá, bom dia a todos.
Sempre que abro um navegador, Explorer ou Chrome,ele me direciona inicialmente a uma página cheia de publicidades, ADCASH, que fica o tempo todo enviando ofertas, acaba ocupando quase que a metade da tela com isso, e não sei  como resolver.
Alguém poderia me ajudar?
Agradeço.
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 08:08

Bom Dia! Jose Wilson

> Baixe: < Farbar Recovery Scan Tool >

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Farbar )

> Ou aqui...

< Farbar Recovery Scan Tool 64-Bit >

> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Você precisa estar registrado e conectado para ver esta imagem.]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à [Você precisa estar registrado e conectado para ver esta imagem.] >

[Você precisa estar registrado e conectado para ver esta imagem.]

> O link ao relatório,que é este assinalado,deverá ser colado em seu Post.

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 09:00

Não consigo executar, ele aparece rapidinho e some, fica lá embaixo na barra de execução, mas quando clico nele, ele some.
Estou usando o pc da minha esposa, pois o adcash não deixa logar aqui no fórum, eu preencho o login, quando clico em ok, ele me redireciona para essa página adcash, uma tragédia.
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 09:18

Bom Dia! Jose Wilson

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Swearware )
> Salve-o no desktop! ( Área de trabalho! )
> Renomeie-o para Winlogon.
>
> Baixe: < Rkill.com > ( ... by Grinler )

> Baixe: < Rkill.scr > ( ... by Grinler )

> Baixe: < Rkill.exe > ( ... by Grinler )

> Ps: São 3 os links disponibilizados,onde cada versão deve ser baixada,ao constatar-mos o não funcionamento das anteriores que foram experimentadas.
> Para Windows Vista ou 7,execute-a como administrador! ( Clique direito e ... )
> Ao rodar a ferramenta e surgir caixas pretas,por breves momentos,teremos a certeza que está funcionando ou em operação. Caso não tenhamos caixas pretas em sua execução,delete essa versão e baixe outra.
> Não reinicie o computador,ao concluir! << Importante!
> Execute,agora,a ferramenta ComboFix e poste seu relatório. 

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 10:02

O AVG está detectando o COMBOFIX como ameaça, e está removendo. Foram concluídas etapas 1, 2 e 3 do combo fix.

etapas 8
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 10:24

ComboFix 14-11-18.01 - Vostro1320 23/11/2014 9:59.1.2 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3033.1103 [GMT -2:00]
Executando de: c:\users\Vostro1320\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vostro1320\AppData\Local\ContentAgent.exe
c:\users\Vostro1320\AppData\Local\ContentSinder.exe
c:\users\Vostro1320\AppData\Local\msvcp100.dll
c:\users\Vostro1320\AppData\Local\msvcr100.dll
c:\users\Vostro1320\AppData\Local\QtCore4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ProtectMonitor
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-23 to 2014-11-23 ))))))))))))))))))))))))))))
.
.
2014-11-23 11:41 . 2014-11-23 11:41 -------- d--h--w- c:\program files\GAS Tecnologia
2014-11-23 11:41 . 2014-11-23 11:41 -------- d-----w- c:\program files\Diebold
2014-11-23 11:14 . 2014-11-23 11:14 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2014
2014-11-23 10:12 . 2014-11-23 10:12 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2013
2014-11-22 10:51 . 2014-11-22 10:51 -------- d-----w- C:\zoek_backup
2014-11-22 09:06 . 2014-11-22 10:10 -------- d-----w- c:\users\Vostro1320\AppData\Local\Adobe
2014-11-20 23:01 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-20 23:01 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-20 21:58 . 2014-11-20 21:58 0 ----a-w- c:\windows\system32\drivers\AVGFWD6X.SYS
2014-11-20 09:16 . 2014-11-20 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2014-11-19 23:32 . 2014-11-19 23:32 52440 ----a-w- c:\windows\system32\drivers\ifxj.sys
2014-11-13 21:22 . 2014-11-13 21:22 -------- d-sh--w- c:\users\Vostro1320\AppData\Local\EmieBrowserModeList
2014-11-13 06:38 . 2014-11-13 06:38 -------- d-----w- c:\users\Vostro1320\mobogenieP2sp
2014-11-12 07:54 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 07:53 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 07:52 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 07:51 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 07:51 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 07:51 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 07:51 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 07:51 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 07:51 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 07:51 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-12 07:50 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 07:49 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-12 07:49 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-12 07:49 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 07:49 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-12 07:49 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-12 07:49 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 07:48 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 07:48 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 07:48 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 07:48 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-12 07:47 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 07:47 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 07:47 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 07:47 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 07:47 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-29 23:34 . 2014-10-29 23:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-25 22:27 . 2014-10-25 22:27 -------- d-----w- c:\users\Vostro1320\AppData\Roaming\AVG2015
2014-10-25 22:21 . 2014-11-12 19:45 -------- d-----w- c:\programdata\AVG2015
2014-10-25 21:13 . 2014-11-07 04:41 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2015
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 12:11 . 2014-04-18 09:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-11-23 10:22 . 2014-04-18 09:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-22 09:07 . 2012-11-01 09:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 09:07 . 2012-11-01 09:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 10:47 . 2013-09-18 23:53 47192 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2014-10-10 17:13 . 2014-10-10 17:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-05 23:42 . 2014-10-05 23:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-10-01 13:11 . 2014-04-18 09:57 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 13:11 . 2014-04-18 09:57 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 13:11 . 2014-04-18 09:57 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 20:45 . 2014-09-29 20:45 14304 ----a-w- c:\programdata\Duplicaterecord.js
2014-09-25 01:40 . 2014-09-30 22:17 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-13 12:35 . 2014-09-13 12:35 720082 ----a-w- c:\users\Vostro1320\AppData\Roaming\unins001.exe
2014-09-09 21:47 . 2014-09-29 00:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-08 23:27 . 2014-09-08 23:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-09-04 05:04 . 2014-10-15 01:29 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-03 01:08 . 2014-09-03 01:09 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-09-03 01:07 . 2010-06-24 14:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-28 23:43 . 2014-08-28 23:43 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-02 20:49 . 2013-07-02 20:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-03-17 473464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-10-07 2662424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2014-07-12 518968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Megacubo.lnk - c:\program files\Megacubo\megacubo.exe -load:update -type:startup [2014-4-20 4427776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-09-15 16:07 1890360 ----a-w- c:\program files\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-07-31 20:37 1754664 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-08-12 17:19 1760312 ----a-w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 BHipsEx;Baidu HipsEx Driver;c:\windows\System32\drivers\BHipsEx.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-11-23 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-11-12 47192]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-29 213784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-09-03 42784]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-04-16 29400]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2014-09-29 546104]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-09-03 1843736]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2014-07-12 518968]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 669912]
S3 WiredTools;WiredTools;c:\program files\WiredTools\WiredTools.exe [2014-07-05 1303128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 10:16 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 09:07]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 15:49]
.
.
------- Scan Suplementar -------
.
uStart Page = [Você precisa estar registrado e conectado para ver este link.]
mStart Page = [Você precisa estar registrado e conectado para ver este link.]
uInternet Settings,ProxyServer = 127.0.0.1:14303
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\WiredTools.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bancosantander.com.br\www
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 200.152.98.2 200.152.98.5 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.iminent.id - 7e88acf60000000000000c607634f0ce
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16229
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:18
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-ContentAgent - c:\users\Vostro1320\AppData\Local\ContentAgent.exe
HKCU-Run-ContentSinder - c:\users\Vostro1320\AppData\Local\ContentSinder.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-11-23 10:17:44 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-11-23 12:17
.
Pré-execução: 574.386.937.856 bytes disponíveis
Pós execução: 574.190.256.128 bytes disponíveis
.
- - End Of File - - 5A395C330B879EA940442442EBEDE98F
A36C5E4F47E84449FF07ED3517B43A31

avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 10:44

Bom Dia! Jose Wilson

> Selecione e copie,o conteúdo que está no "Código",para o Bloco de Notas.
> Salve-o,no desktop,com o nome: CFScript << Texto!

Código:
KillAll::

Driver::
Bhbase
BHipsEx
BprotectEx
PCFApiUtil

Firefox::
FF - user.js: extensions.iminent.id - 7e88acf60000000000000c607634f0ce
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16229
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:18
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef - 
FF - user.js: extensions.iminent.dfltLng - 
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Quit::

> Ps: Desabilite,temporariamente,seu antivírus.
> Ps: Não utilizem este script em outra máquina!
> Arraste,o CFScript.txt para o ícone/interior do ComboFix.
> Veja a demonstração!

[Você precisa estar registrado e conectado para ver esta imagem.]

> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
> Ps: Faça o arraste,até surgir essa solicitação! ( janela )
> Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
> Concluindo,poste: C:\ComboFix.txt <<

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 11:38

ComboFix 14-11-18.01 - Vostro1320 23/11/2014 11:05:01.4.2 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3033.1525 [GMT -2:00]
Executando de: c:\users\Vostro1320\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Vostro1320\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BHBASE
-------\Legacy_BPROTECTEX
-------\Legacy_PCFAPIUTIL
-------\Service_Bhbase
-------\Service_BHipsEx
-------\Service_BprotectEx
-------\Service_PCFApiUtil
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-23 to 2014-11-23 ))))))))))))))))))))))))))))
.
.
2014-11-23 13:28 . 2014-11-23 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-23 12:46 . 2014-11-23 12:46 157696 ----a-w- c:\windows\ERUNT.exe
2014-11-23 12:46 . 2014-11-23 12:46 -------- d-----w- C:\FRST
2014-11-23 11:41 . 2014-11-23 11:41 -------- d--h--w- c:\program files\GAS Tecnologia
2014-11-23 11:41 . 2014-11-23 11:41 -------- d-----w- c:\program files\Diebold
2014-11-23 11:14 . 2014-11-23 11:14 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2014
2014-11-23 10:12 . 2014-11-23 10:12 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2013
2014-11-22 10:51 . 2014-11-22 10:51 -------- d-----w- C:\zoek_backup
2014-11-22 09:06 . 2014-11-22 10:10 -------- d-----w- c:\users\Vostro1320\AppData\Local\Adobe
2014-11-20 23:01 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-20 23:01 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-20 21:58 . 2014-11-20 21:58 0 ----a-w- c:\windows\system32\drivers\AVGFWD6X.SYS
2014-11-20 09:16 . 2014-11-20 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2014-11-19 23:32 . 2014-11-19 23:32 52440 ----a-w- c:\windows\system32\drivers\ifxj.sys
2014-11-13 21:22 . 2014-11-13 21:22 -------- d-sh--w- c:\users\Vostro1320\AppData\Local\EmieBrowserModeList
2014-11-13 06:38 . 2014-11-13 06:38 -------- d-----w- c:\users\Vostro1320\mobogenieP2sp
2014-11-12 07:54 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 07:53 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 07:52 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 07:51 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 07:51 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 07:51 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 07:51 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 07:51 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 07:51 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 07:51 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-12 07:50 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 07:49 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-12 07:49 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-12 07:49 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 07:49 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-12 07:49 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-12 07:49 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 07:48 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 07:48 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 07:48 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 07:48 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-12 07:47 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 07:47 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 07:47 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 07:47 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 07:47 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-29 23:34 . 2014-10-29 23:34 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-25 22:27 . 2014-10-25 22:27 -------- d-----w- c:\users\Vostro1320\AppData\Roaming\AVG2015
2014-10-25 22:21 . 2014-11-12 19:45 -------- d-----w- c:\programdata\AVG2015
2014-10-25 21:13 . 2014-11-07 04:41 -------- d-----w- c:\users\Vostro1320\AppData\Local\Avg2015
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 13:31 . 2014-04-18 09:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-11-23 10:22 . 2014-04-18 09:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-22 09:07 . 2012-11-01 09:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 09:07 . 2012-11-01 09:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 10:47 . 2013-09-18 23:53 47192 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2014-10-10 17:13 . 2014-10-10 17:13 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-05 23:42 . 2014-10-05 23:42 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-10-01 13:11 . 2014-04-18 09:57 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 13:11 . 2014-04-18 09:57 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 13:11 . 2014-04-18 09:57 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 20:45 . 2014-09-29 20:45 14304 ----a-w- c:\programdata\Duplicaterecord.js
2014-09-25 01:40 . 2014-09-30 22:17 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-13 12:35 . 2014-09-13 12:35 720082 ----a-w- c:\users\Vostro1320\AppData\Roaming\unins001.exe
2014-09-09 21:47 . 2014-09-29 00:22 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-08 23:27 . 2014-09-08 23:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-09-04 05:04 . 2014-10-15 01:29 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-03 01:08 . 2014-09-03 01:09 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-09-03 01:07 . 2010-06-24 14:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-28 23:43 . 2014-08-28 23:43 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-02 20:49 . 2013-07-02 20:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-03-17 473464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-10-07 2662424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2014-07-12 518968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Megacubo.lnk - c:\program files\Megacubo\megacubo.exe -load:update -type:startup [2014-4-20 4427776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2014-08-12 1760312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-09-15 16:07 1890360 ----a-w- c:\program files\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-07-31 20:37 1754664 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-08-12 17:19 1760312 ----a-w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-11-23 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-11-12 47192]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-29 213784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-09-03 42784]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-04-16 29400]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2014-09-29 546104]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-09-03 1843736]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2014-07-12 518968]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 669912]
S3 WiredTools;WiredTools;c:\program files\WiredTools\WiredTools.exe [2014-07-05 1303128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 10:16 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 09:07]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 07:22]
.
2014-11-23 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 15:49]
.
.
------- Scan Suplementar -------
.
uStart Page = [Você precisa estar registrado e conectado para ver este link.]
mStart Page = [Você precisa estar registrado e conectado para ver este link.]
uInternet Settings,ProxyServer = 127.0.0.1:14303
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\WiredTools.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bancosantander.com.br\www
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 200.152.98.2 200.152.98.5 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.iminent.id - 7e88acf60000000000000c607634f0ce
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16229
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:18
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-11-23 11:35:53 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-11-23 13:35
ComboFix2.txt 2014-11-23 12:17
.
Pré-execução: 574.177.435.648 bytes disponíveis
Pós execução: 574.182.637.568 bytes disponíveis
.
- - End Of File - - 10AC97536715F01D3309B10015371FEE
A36C5E4F47E84449FF07ED3517B43A31
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 11:55

Bom Dia! Jose Wilson

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Ps: Dê início ao scan,clicando em "Examinar". 

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 12:18

# AdwCleaner v4.101 - Relatório criado 23/11/2014 às 12:12:09
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-23.1 [Live]
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : Vostro1320 - VOSTRO1320-PC
# Executando de : C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : vToolbarUpdater3.2.0

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AVG SafeGuard toolbar
Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\ProgramData\AVG Security Toolbar
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Uniblue
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\AVG SafeGuard toolbar
Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\PCDApp
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\Vostro1320\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Vostro1320\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Vostro1320\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\Vostro1320\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Vostro1320\AppData\Roaming\Mobogenie
Pasta Deletada : C:\Users\Vostro1320\AppData\Roaming\RHEng
Pasta Deletada : C:\Users\Vostro1320\Documents\Mobogenie
Pasta Deletada : C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Arquivo Deletada : C:\Windows\system32\SecureAssist.ini
Arquivo Deletada : C:\Windows\system32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\Vostro1320\daemonprocess.txt
Arquivo Deletada : C:\Users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\user.js

***** [ Tarefas ] *****

Tarefa Deletedo : FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{8628C2EA-1AE0-B56C-91FF-5695D800F1C2}]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\driverscanner
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[#] Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\WEDLMNGR
Chave Deletedo : HKCU\Software\CoinisRS
Chave Deletedo : HKLM\SOFTWARE\AVG SafeGuard toolbar
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\Speedchecker Limited
Chave Deletedo : HKLM\SOFTWARE\Uniblue
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\013AC89AE8CD1D45889FDECE68DF5C58
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13FCB74451B14F755A9489A45D48059A
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A8D788750C70AA57A73B2319DF554AE
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\592A2C0FFC3C7855AA30F38A3C25B7DA
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A426544C5826DA5292547521114EC1F
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC5ECDC1EDBB7615D81C34F1B6A68589
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D35F7D2F9958FA155AE7953C4A2EE959
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB01B45D33D99A85CB09D2FCEABE5EAC
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF720937002023F49ACAE8048560C5A1
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\DF720937002023F49ACAE8048560C5A1
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\DF720937002023F49ACAE8048560C5A1

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17420

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v18.0.2 (pt-BR)

[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.admin", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.dfltLng", "");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.excTlbr", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.id", "7e88acf60000000000000c607634f0ce");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.instlDay", "16229");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.instlRef", "");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.newTab", false);
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.rvrt", "false");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.39:18:17");
[uzs7z070.default\prefs.js] - Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");

-\\ Google Chrome v39.0.2171.65

[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]

-\\ Opera v0.0.0.0

[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
[C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]

*************************

AdwCleaner[R0].txt - [15215 octets] - [23/11/2014 12:08:25]
AdwCleaner[S0].txt - [15429 octets] - [23/11/2014 12:12:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15490 octets] ##########
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 12:53

Boa Tarde! Jose Wilson

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ... 

[Você precisa estar registrado e conectado para ver esta imagem.]

[Você precisa estar registrado e conectado para ver esta imagem.]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 13:09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Basic x86
Ran by Vostro1320 on 23/11/2014 at 13:05:25,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\ProgramData\duplicaterecord.js"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Vostro1320\AppData\Roaming\baidu security"



~~~ FireFox

Emptied folder: C:\Users\Vostro1320\AppData\Roaming\mozilla\firefox\profiles\uzs7z070.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/11/2014 at 13:07:59,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 13:57

Boa Tarde! Jose Wilson

> Instale o FRST e poste seus relatórios! ( FRST.txt + Addition.txt )

A+

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 15:31

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
Ran by Vostro1320 at 2014-11-23 15:29:22
Running from C:\Users\Vostro1320\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version: - )
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Aplicativo Itaú (HKLM\...\{F0FC58B7-CD41-4F3A-A1CE-2F5BEC1B48DE}) (Version: 1.0.30 - Banco Itaú)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
CALL - Vs5 (HKLM\...\CALL_VS5) (Version: 5 - CCAA)
CALL Vs.5 (Version: 5 - CCAA) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Nome de sua empresa:)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.)
Estudo de melhoria do produto HP Deskjet 1000 J110 series (HKLM\...\{16350E4D-D662-4103-BC10-7F729E16E96E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Files To Phones v2.1 (HKLM\...\Files To Phones_is1) (Version: 2.1 - PromoToMobile team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Guardião - Itaú 30 horas (HKLM\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.3.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Laptop Integrated Webcam Driver (1.01.01.0529) (HKLM\...\Creative OEM013) (Version: - )
LibreOffice 4.2.5.2 (HKLM\...\{93AD8CBD-C32E-4318-90BB-A294BE2D712C}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Megacubo 10 (HKLM\...\Megacubo_is1) (Version: 1.4.0 - [Você precisa estar registrado e conectado para ver este link.]
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Módulo de Proteção Banco Santander (Brasil) S.A. (HKLM\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.7.1.1 - )
Mozilla Firefox 18.0.2 (x86 pt-BR) (HKLM\...\Mozilla Firefox 18.0.2 (x86 pt-BR)) (Version: 18.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.2 - Mozilla)
MSM2MSI_gstudio (HKLM\...\{C53F001E-5912-4E76-AC49-9AC20B36B1A2}) (Version: 2.0 - Pantaray)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
Nero 7 Lite 7.9.6.0 (HKLM\...\Nero 7 Lite_is1) (Version: - Updatepack.nl)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}) (Version: 2.0.09 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.09 - O2Micro International LTD.) Hidden
PC Data App (HKLM\...\PCData App) (Version: - ) <==== ATTENTION
PowerDVD (HKLM\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.30.0000 - CyberLink)
PowerDVD (Version: 7.30.0000 - CyberLink) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Software básico do dispositivo HP Deskjet 1000 J110 series (HKLM\...\{B774EBF3-D178-4EAA-9E96-CFAAC0D00D16}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Warsaw 1.3.1 (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
WinAVI Video Converter 9.0 (HKLM\...\WinAVI Video Converter 9.09.0) (Version: 9.0 - WinAVI Video Converter 9.0)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WiredTools (HKLM\...\WiredTools_is1) (Version: 2.3.2.0 - WiredTools LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{5E2663C1-51B3-49B7-B081-70181C2AF816}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{88007BE6-7171-46F0-858B-852DAD96016D}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{AFA95F79-06AC-4B9A-B261-D415063DC2B3}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{F69B7E4A-4A83-4485-8860-85DAA196D745}\InprocServer32 -> C:\Program Files\Cyberlink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-705239193-524659859-1482476315-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:04 - 2014-11-23 11:31 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2128BD26-621C-4820-ACFB-DA2102047B97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-22] (Adobe Systems Incorporated)
Task: {35B6DED7-B2B6-4F6D-A0A5-FC174E464EB8} - System32\Tasks\{203436BC-B069-4534-BE79-D80398D1B5A2} => C:\Users\Vostro1320\Downloads\DELL_WIRELESS-370-BLUETOOTH-_A02-1_R235898.exe [2014-04-18] ()
Task: {38735F1B-157A-4831-BDEF-8B483D335E31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {3CF82531-C316-41FC-8D6E-D89593B0D506} - System32\Tasks\{C6BBDFBE-5BED-49BD-AD87-CF0953800345} => Chrome.exe
Task: {4E0F9B49-F50E-4AFC-B33F-9F743EA15408} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {518C5BDC-16F3-45D6-BD1A-1878B76D056E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {60DAB2A9-A0AF-481E-B9DE-62C1D9DCC866} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {631AACA1-C4A7-417C-8711-A33E3EAADB16} - System32\Tasks\{DEE13C22-33E4-4BB7-87CC-B0576155AE0B} => Chrome.exe
Task: {6C814033-561A-448C-924D-E47504A06C75} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {91079704-109F-44DC-A9AB-C80285244D30} - System32\Tasks\{8B9376A3-EEC3-44BC-9DB3-05169026326C} => Chrome.exe
Task: {C6410B17-6BB3-408F-B029-B2D113BD3FB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {CA3249E4-D879-4921-B8D0-F12B21E835C6} - System32\Tasks\{C2877B7D-5B34-4A5A-905D-584A59FA7E55} => C:\Users\Vostro1320\Downloads\adwcleaner_4.101.exe
Task: {CB13D63B-D021-40FB-9EEB-069F5537A7AA} - System32\Tasks\{C00B0CFD-4134-450E-99C6-28DF7C817E6C} => Chrome.exe
Task: {D180A894-BBBC-441D-B679-EAE287448B5D} - System32\Tasks\{CE4D0B9D-D322-4EE0-8BB9-6C10449094C1} => Chrome.exe
Task: {DCD67E1B-0D1B-498B-87AF-133868E5C9DF} - System32\Tasks\{240F1DF1-EE59-4DBB-89EE-C5E59134744B} => C:\Users\Vostro1320\Downloads\ChromeSetup.exe [2014-10-04] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2012-09-11 14:14 - 2007-02-07 17:29 - 00173616 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-09-02 23:09 - 2014-10-07 06:44 - 00577560 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-03-17 08:59 - 2014-03-17 08:59 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-03-17 08:58 - 2014-03-17 08:58 - 00082808 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-03-17 08:58 - 2014-03-17 08:58 - 00357752 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2012-09-11 14:10 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-21 21:10 - 2014-11-14 19:15 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-21 21:10 - 2014-11-14 19:15 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WiredTools => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrador (S-1-5-21-705239193-524659859-1482476315-500 - Administrator - Disabled)
Convidado (S-1-5-21-705239193-524659859-1482476315-501 - Limited - Enabled)
Vostro1320 (S-1-5-21-705239193-524659859-1482476315-1000 - Administrator - Enabled) => C:\Users\Vostro1320

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/23/2014 01:46:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-11-20 17:43:15.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:43:14.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:43:13.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:43:12.843
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.243
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:15:57.040
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:05:04.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-20 17:05:04.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 36%
Total physical RAM: 3032.96 MB
Available physical RAM: 1921.05 MB
Total Pagefile: 6064.2 MB
Available Pagefile: 4539.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:534.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 596.2 GB) (Disk ID: 70920402)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 16:06

Boa Tarde! Jose Wilson

> Faltou o FRST.txt,mas disponibilize-o em Cjoint.com.
> Poste o link ao relatório!


A+

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 16:49

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Vostro1320 (administrator) on VOSTRO1320-PC on 23-11-2014 16:42:02
Running from C:\Users\Vostro1320\Desktop\PROTEÇÃO
Loaded Profile: Vostro1320 (Available profiles: Vostro1320)
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehAbn.dll (Banco Real)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Megacubo.lnk
ShortcutTarget: Megacubo.lnk -> C:\Program Files\Megacubo\megacubo.exe ([Você precisa estar registrado e conectado para ver este link.] )
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-705239193-524659859-1482476315-1000] => 127.0.0.1:14303
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD4CDAC8F920CE01
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> DefaultScope Web URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> Web URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> {23A14FE8-E2F6-4CA1-A547-70745BA3EB79} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
Toolbar: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Você precisa estar registrado e conectado para ver este link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [1890360 2014-09-15] (Banco Real)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 200.152.98.2 200.152.98.5 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default
FF DefaultSearchEngine:
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-705239193-524659859-1482476315-1000: gastecnologia.com.br/sf/abn -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-705239193-524659859-1482476315-1000: gastecnologia.com.br/sf/uni -> C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\search_the_web.xml
FF Extension: Pinterest Right-Click - C:\Users\Vostro1320\AppData\Roaming\Mozilla\Firefox\Profiles\uzs7z070.default\Extensions\pinterest-addon@felixfung.ca.xpi [2012-10-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2014-04-26]
FF HKU\S-1-5-21-705239193-524659859-1482476315-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Vostro1320\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-09-13]

Chrome:
=======
CHR HomePage: Profile 1 ->
CHR StartupUrls: Profile 1 -> "", "", "", "hxxp://start.iminent.com/?appId=463D14D3-8CD8-4CC8-A39C-732A9B4DBF97", "https://www.google.com.br/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Profile: C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Circles Share) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-09-06]
CHR Extension: (feedly) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-06]
CHR Extension: (Create Short URL) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-09-06]
CHR Extension: (Internet Speed Tracker) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jinlofiojphnmpllecgejammnjcmeipf [2014-09-20]
CHR Extension: (rikaikun) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-09-06]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Vostro1320\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
S3 WiredTools; C:\Program Files\WiredTools\WiredTools.exe [1303128 2014-07-04] (WiredTools Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
U4 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [0 2014-11-20] () [File not signed]
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-02] (AVG Technologies)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-11-12] (GAS Tecnologia)
R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-04-16] (GAS Tecnologia)
R3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-11-23] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\VOSTRO~1\AppData\Local\Temp\catchme.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 16:22 - 2014-11-23 16:25 - 00000000 ____D () C:\Users\Vostro1320\Desktop\MATERIAL PARA CONCURSOS
2014-11-23 15:29 - 2014-11-23 15:29 - 00024854 _____ () C:\Users\Vostro1320\Downloads\Addition.txt
2014-11-23 15:28 - 2014-11-23 15:29 - 00038748 _____ () C:\Users\Vostro1320\Downloads\FRST.txt
2014-11-23 15:28 - 2014-11-23 15:28 - 00000000 ____D () C:\Users\Vostro1320\Downloads\FRST-OlderVersion
2014-11-23 15:27 - 2014-11-23 15:28 - 01110016 _____ (Farbar) C:\Users\Vostro1320\Downloads\FRST.exe
2014-11-23 13:07 - 2014-11-23 13:07 - 00000984 _____ () C:\Users\Vostro1320\Desktop\JRT.txt
2014-11-23 13:05 - 2014-11-23 13:05 - 00000000 ____D () C:\Windows\ERUNT
2014-11-23 12:14 - 2014-11-23 12:14 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-11-23 12:07 - 2014-11-23 12:07 - 00012568 _____ (Sysinternals - [Você precisa estar registrado e conectado para ver este link.] C:\Windows\system32\Drivers\PROCEXP113.SYS
2014-11-23 12:05 - 2014-11-23 12:05 - 02140160 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
2014-11-23 11:39 - 2014-11-23 11:42 - 00000000 ____D () C:\Users\Vostro1320\Desktop\CORREÇÃO DO PC
2014-11-23 11:35 - 2014-11-23 11:35 - 00018490 _____ () C:\ComboFix.txt
2014-11-23 10:46 - 2014-11-23 16:42 - 00000000 ____D () C:\FRST
2014-11-23 10:11 - 2014-11-23 12:14 - 00000168 _____ () C:\Windows\setupact.log
2014-11-23 10:11 - 2014-11-23 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 10:10 - 2014-11-23 12:13 - 00016510 _____ () C:\Windows\PFRO.log
2014-11-23 10:10 - 2014-11-23 10:10 - 00466792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 09:57 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 09:57 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 09:57 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 09:56 - 2014-11-23 12:07 - 00000000 ____D () C:\Qoobox
2014-11-23 09:55 - 2014-11-23 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 09:54 - 2014-11-23 09:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (2).com
2014-11-23 09:53 - 2014-11-23 09:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (1).com
2014-11-23 09:51 - 2014-11-23 09:52 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill.com
2014-11-23 09:50 - 2014-11-23 09:50 - 05598306 ____R (Swearware) C:\Users\Vostro1320\Desktop\ComboFix.exe
2014-11-23 09:41 - 2014-11-23 09:41 - 00000000 ___HD () C:\Program Files\GAS Tecnologia
2014-11-23 09:41 - 2014-11-23 09:41 - 00000000 ____D () C:\Program Files\Diebold
2014-11-23 09:19 - 2014-11-23 09:19 - 00001250 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk
2014-11-23 09:16 - 2014-11-23 09:16 - 00016335 _____ () C:\ZA-Scan.txt
2014-11-23 09:14 - 2014-11-23 09:14 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Avg2014
2014-11-23 08:16 - 2014-11-23 08:16 - 01971460 _____ () C:\Users\Vostro1320\Desktop\AVGInstLog.cab
2014-11-23 08:12 - 2014-11-23 08:12 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Avg2013
2014-11-23 08:10 - 2014-11-23 08:10 - 04445640 _____ (AVG Technologies) C:\Users\Vostro1320\Downloads\avg_avct_stb_all_2013_3272_freets11.exe
2014-11-22 08:51 - 2014-11-22 08:51 - 00000000 ____D () C:\zoek_backup
2014-11-22 08:50 - 2014-11-22 08:51 - 01351168 _____ () C:\Users\Vostro1320\Downloads\ZA-Scan.exe
2014-11-22 08:47 - 2014-11-22 09:02 - 00011811 _____ () C:\Users\Vostro1320\Downloads\hijackthis.log
2014-11-22 08:44 - 2014-11-22 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vostro1320\Downloads\HijackThis (1).exe
2014-11-22 08:16 - 2014-11-22 08:16 - 00002159 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 08:10 - 2014-11-22 08:10 - 00001349 _____ () C:\Users\Vostro1320\Desktop\Internet Explorer.lnk
2014-11-22 07:06 - 2014-11-22 08:10 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Adobe
2014-11-20 21:01 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 21:01 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 19:58 - 2014-11-20 19:58 - 00000000 _____ () C:\Windows\system32\Drivers\AVGFWD6X.SYS
2014-11-20 19:28 - 2014-11-23 15:25 - 00383791 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 07:16 - 2014-11-20 07:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-20 07:16 - 2014-11-20 07:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-20 07:16 - 2014-11-20 07:16 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-20 07:16 - 2014-11-20 07:16 - 00000000 ____D () C:\Program Files\Adobe
2014-11-19 21:32 - 2014-11-19 21:32 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ifxj.sys
2014-11-16 05:46 - 2014-11-16 05:46 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 04:38 - 2014-11-15 04:38 - 01057112 _____ (Installer Setup ) C:\Users\Vostro1320\Downloads\setup.exe.8nfp47q.partial
2014-11-13 19:22 - 2014-11-13 19:22 - 00000000 __SHD () C:\Users\Vostro1320\AppData\Local\EmieBrowserModeList
2014-11-13 04:38 - 2014-11-13 04:38 - 00000000 ____D () C:\Users\Vostro1320\mobogenieP2sp
2014-11-12 06:01 - 2014-11-07 17:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:01 - 2014-11-06 01:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:01 - 2014-11-06 01:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:01 - 2014-11-06 01:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:01 - 2014-11-06 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:01 - 2014-11-06 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:01 - 2014-11-06 01:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:01 - 2014-11-06 01:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:01 - 2014-11-06 01:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:01 - 2014-11-06 01:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:01 - 2014-11-06 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:01 - 2014-11-06 01:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:01 - 2014-11-06 00:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:01 - 2014-11-06 00:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:01 - 2014-11-06 00:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:01 - 2014-11-06 00:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:01 - 2014-11-06 00:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:01 - 2014-11-06 00:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:01 - 2014-11-06 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:01 - 2014-11-06 00:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:01 - 2014-11-06 00:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:01 - 2014-11-06 00:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:01 - 2014-11-06 00:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:01 - 2014-11-06 00:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:01 - 2014-11-06 00:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:01 - 2014-11-06 00:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:01 - 2014-11-06 00:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:01 - 2014-11-05 23:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:01 - 2014-11-05 23:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:01 - 2014-11-05 23:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 05:54 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 05:53 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 05:52 - 2014-10-13 23:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 05:51 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 05:51 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 05:51 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 05:50 - 2014-10-09 22:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 05:49 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 05:49 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 05:48 - 2014-11-05 15:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 05:48 - 2014-11-05 15:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 05:48 - 2014-11-05 15:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 05:48 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 05:47 - 2014-10-13 23:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 05:47 - 2014-10-13 23:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 05:47 - 2014-10-13 23:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 05:47 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 05:47 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-08 13:32 - 2014-11-08 13:54 - 907519920 _____ () C:\Users\Vostro1320\Downloads\Nebraska.2013.720p.BluRay.x264.YIFY.mp4
2014-11-08 08:38 - 2014-11-08 08:38 - 00001823 _____ () C:\Users\Vostro1320\Desktop\JAPONÊS - Atalho.lnk
2014-11-08 08:38 - 2014-11-08 08:38 - 00001178 _____ () C:\Users\Vostro1320\Desktop\Documentos - Atalho (2).lnk
2014-11-07 04:32 - 2014-11-08 06:01 - 00000000 ____D () C:\Users\Vostro1320\Documents\JAPONÊS
2014-11-07 03:50 - 2014-11-07 03:51 - 23232740 _____ () C:\Users\Vostro1320\Downloads\anki-2.0.31.exe
2014-11-01 11:36 - 2014-10-23 00:03 - 791622046 _____ () C:\Users\Vostro1320\Desktop\O Preço Do Amanha ([Você precisa estar registrado e conectado para ver este link.]
2014-10-29 21:34 - 2014-10-29 21:34 - 00213784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-10-25 20:27 - 2014-10-25 20:27 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\AVG2015
2014-10-25 20:25 - 2014-11-15 09:50 - 00000913 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-25 20:21 - 2014-11-12 17:45 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2015
2014-10-25 20:21 - 2014-11-12 17:45 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-25 19:13 - 2014-11-07 02:41 - 00000000 ____D () C:\Users\Vostro1320\AppData\Local\Avg2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 16:42 - 2014-04-18 09:00 - 00000000 ____D () C:\Users\Vostro1320\Desktop\PROTEÇÃO
2014-11-23 16:25 - 2011-02-04 15:30 - 00006250 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 16:25 - 2009-07-14 06:31 - 02233582 _____ () C:\Windows\system32\prfh0416.dat
2014-11-23 16:25 - 2009-07-14 06:31 - 01609566 _____ () C:\Windows\system32\prfc0416.dat
2014-11-23 16:19 - 2012-11-01 07:32 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 16:15 - 2012-09-11 14:35 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 12:45 - 2012-11-12 18:01 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\Skype
2014-11-23 12:32 - 2014-04-18 07:32 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-11-23 12:32 - 2014-04-18 07:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-23 12:21 - 2009-07-14 02:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:21 - 2009-07-14 02:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:14 - 2014-04-18 07:59 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-23 12:14 - 2014-04-18 07:59 - 00000396 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-11-23 12:14 - 2012-09-11 14:35 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 12:14 - 2009-07-14 02:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 12:12 - 2014-04-18 07:44 - 00000000 ____D () C:\AdwCleaner
2014-11-23 12:12 - 2012-09-11 14:05 - 00000000 ____D () C:\Users\Vostro1320
2014-11-23 11:31 - 2009-07-14 00:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-23 11:29 - 2009-07-14 00:03 - 52183040 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 15728640 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 00319488 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 00061440 _____ () C:\Windows\system32\config\SAM.bak
2014-11-23 11:29 - 2009-07-14 00:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-23 10:17 - 2009-07-14 00:37 - 00000000 __RHD () C:\Users\Default
2014-11-23 10:17 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Public
2014-11-23 10:10 - 2013-09-18 21:52 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-11-23 10:10 - 2013-09-18 21:52 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-11-23 10:04 - 2014-09-13 10:32 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-11-23 10:04 - 2014-09-13 10:32 - 00000000 ____D () C:\ProgramData\Temp
2014-11-23 09:42 - 2014-09-13 10:34 - 00001024 _____ () C:\.rnd
2014-11-23 08:22 - 2014-04-18 07:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 07:56 - 2014-09-21 08:49 - 00000000 ____D () C:\Program Files\Baixar Musicas Gratis
2014-11-23 07:38 - 2014-10-11 00:34 - 00000000 ____D () C:\Program Files\Mobogenie3
2014-11-22 07:58 - 2012-09-21 23:29 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\Media Player Classic
2014-11-22 07:58 - 2012-09-11 18:59 - 00000000 ____D () C:\Users\Vostro1320\AppData\Roaming\uTorrent
2014-11-22 07:07 - 2012-11-01 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-22 07:07 - 2012-11-01 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 22:03 - 2014-09-07 09:16 - 00000000 ____D () C:\Users\Vostro1320\Documents\Anki
2014-11-21 20:57 - 2013-07-02 18:56 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-11-21 20:57 - 2013-07-02 18:56 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-11-21 07:00 - 2012-09-11 14:36 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-21 06:54 - 2014-06-08 14:02 - 00000000 _____ () C:\Windows\system32\s.o
2014-11-21 06:54 - 2013-09-18 21:52 - 00000000 ____D () C:\Program Files\GbPlugin
2014-11-20 20:47 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-20 19:49 - 2014-05-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-20 07:24 - 2014-09-13 06:50 - 00000000 ____D () C:\Users\Vostro1320\Desktop\JAPA
2014-11-20 07:16 - 2012-09-12 17:00 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-11-20 07:16 - 2012-09-12 17:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-19 22:21 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\rescache
2014-11-18 05:55 - 2013-02-17 19:44 - 00000000 ____D () C:\Windows\Minidump
2014-11-16 05:46 - 2014-04-18 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 05:46 - 2014-04-18 07:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-15 10:12 - 2014-09-21 08:51 - 00518327 _____ () C:\Users\Vostro1320\AppData\Local\sinder.txt
2014-11-15 09:55 - 2014-08-03 09:40 - 00269257 _____ () C:\Users\Vostro1320\AppData\Local\viewer.txt
2014-11-15 04:50 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 03:42 - 2014-09-21 08:50 - 00000000 ____D () C:\Program Files\WiredTools
2014-11-13 03:42 - 2014-08-03 09:39 - 00004560 _____ () C:\Windows\system32\WiredTools.ini
2014-11-13 03:42 - 2014-08-03 09:39 - 00002384 _____ () C:\Windows\system32\WiredToolsOff.ini
2014-11-13 03:32 - 2014-05-09 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:32 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-11-13 03:16 - 2012-09-11 14:36 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-11-13 03:16 - 2012-09-11 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:08 - 2013-08-15 23:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:01 - 2012-09-19 21:50 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 08:47 - 2013-09-18 21:53 - 00047192 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpkm.sys
2014-11-11 17:49 - 2014-04-18 07:34 - 00000000 ____D () C:\$AVG
2014-11-08 13:07 - 2014-09-14 07:44 - 00000000 ____D () C:\Users\Vostro1320\Downloads\zé
2014-11-07 03:52 - 2014-09-07 09:16 - 00000881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2014-11-07 03:52 - 2014-09-07 09:16 - 00000869 _____ () C:\Users\Vostro1320\Desktop\Anki.lnk
2014-10-25 20:28 - 2014-04-18 07:34 - 00000000 ____D () C:\Users\Todos os Usuários\AVG2014
2014-10-25 20:28 - 2014-04-18 07:34 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-25 20:26 - 2014-08-04 08:49 - 00000000 ____D () C:\Users\Vostro1320\Documents\SENHAS
2014-10-25 20:21 - 2014-04-18 07:34 - 00000000 ____D () C:\Program Files\AVG

Some content of TEMP:
====================
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-19 22:14

==================== End Of Log ============================
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 17:50

Boa Tarde! Jose Wilson

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a na pasta: C:\Users\Vostro1320\Desktop\PROTEÇÃO

start
CloseProcesses:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR StartupUrls: Profile 1 -> "", "", "", "hxxp://start.iminent.com/?appId=463D14D3-8CD8-4CC8-A39C-732A9B4DBF97", "https://www.google.com.br/"
S3 catchme; \??\C:\Users\VOSTRO~1\AppData\Local\Temp\catchme.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
2014-11-23 13:07 - 2014-11-23 13:07 - 00000984 _____ () C:\Users\Vostro1320\Desktop\JRT.txt
2014-11-23 12:05 - 2014-11-23 12:05 - 02140160 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
2014-11-23 11:35 - 2014-11-23 11:35 - 00018490 _____ () C:\ComboFix.txt
2014-11-23 10:11 - 2014-11-23 12:14 - 00000168 _____ () C:\Windows\setupact.log
2014-11-23 10:11 - 2014-11-23 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 10:10 - 2014-11-23 12:13 - 00016510 _____ () C:\Windows\PFRO.log
2014-11-23 09:57 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 09:57 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 09:57 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 09:56 - 2014-11-23 12:07 - 00000000 ____D () C:\Qoobox
2014-11-23 09:55 - 2014-11-23 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 09:54 - 2014-11-23 09:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (2).com
2014-11-23 09:53 - 2014-11-23 09:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (1).com
2014-11-23 09:51 - 2014-11-23 09:52 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill.com
2014-11-23 09:50 - 2014-11-23 09:50 - 05598306 ____R (Swearware) C:\Users\Vostro1320\Desktop\ComboFix.exe
2014-11-23 09:19 - 2014-11-23 09:19 - 00001250 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk
2014-11-23 09:16 - 2014-11-23 09:16 - 00016335 _____ () C:\ZA-Scan.txt
2014-11-22 08:51 - 2014-11-22 08:51 - 00000000 ____D () C:\zoek_backup
2014-11-22 08:50 - 2014-11-22 08:51 - 01351168 _____ () C:\Users\Vostro1320\Downloads\ZA-Scan.exe
2014-11-22 08:47 - 2014-11-22 09:02 - 00011811 _____ () C:\Users\Vostro1320\Downloads\hijackthis.log
2014-11-22 08:44 - 2014-11-22 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vostro1320\Downloads\HijackThis (1).exe
2014-11-20 19:28 - 2014-11-23 15:25 - 00383791 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 12:12 - 2014-04-18 07:44 - 00000000 ____D () C:\AdwCleaner
2014-11-23 09:42 - 2014-09-13 10:34 - 00001024 _____ () C:\.rnd
2014-11-15 10:12 - 2014-09-21 08:51 - 00518327 _____ () C:\Users\Vostro1320\AppData\Local\sinder.txt
2014-11-15 09:55 - 2014-08-03 09:40 - 00269257 _____ () C:\Users\Vostro1320\AppData\Local\viewer.txt
Task: {4E0F9B49-F50E-4AFC-B33F-9F743EA15408} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll
emptytemp:
end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar
> Poste o relatório! (Fixlog.txt)

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 18:08

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Vostro1320 at 2014-11-23 18:00:02 Run:1
Running from C:\Users\Vostro1320\Desktop\PROTEÇÃO
Loaded Profile: Vostro1320 (Available profiles: Vostro1320)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-705239193-524659859-1482476315-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR StartupUrls: Profile 1 -> "", "", "", "hxxp://start.iminent.com/?appId=463D14D3-8CD8-4CC8-A39C-732A9B4DBF97", "https://www.google.com.br/"
S3 catchme; \??\C:\Users\VOSTRO~1\AppData\Local\Temp\catchme.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
2014-11-23 13:07 - 2014-11-23 13:07 - 00000984 _____ () C:\Users\Vostro1320\Desktop\JRT.txt
2014-11-23 12:05 - 2014-11-23 12:05 - 02140160 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe
2014-11-23 11:35 - 2014-11-23 11:35 - 00018490 _____ () C:\ComboFix.txt
2014-11-23 10:11 - 2014-11-23 12:14 - 00000168 _____ () C:\Windows\setupact.log
2014-11-23 10:11 - 2014-11-23 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 10:10 - 2014-11-23 12:13 - 00016510 _____ () C:\Windows\PFRO.log
2014-11-23 09:57 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 09:57 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 09:57 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 09:57 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 09:56 - 2014-11-23 12:07 - 00000000 ____D () C:\Qoobox
2014-11-23 09:55 - 2014-11-23 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 09:54 - 2014-11-23 09:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (2).com
2014-11-23 09:53 - 2014-11-23 09:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill (1).com
2014-11-23 09:51 - 2014-11-23 09:52 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Vostro1320\Downloads\rkill.com
2014-11-23 09:50 - 2014-11-23 09:50 - 05598306 ____R (Swearware) C:\Users\Vostro1320\Desktop\ComboFix.exe
2014-11-23 09:19 - 2014-11-23 09:19 - 00001250 _____ () C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk
2014-11-23 09:16 - 2014-11-23 09:16 - 00016335 _____ () C:\ZA-Scan.txt
2014-11-22 08:51 - 2014-11-22 08:51 - 00000000 ____D () C:\zoek_backup
2014-11-22 08:50 - 2014-11-22 08:51 - 01351168 _____ () C:\Users\Vostro1320\Downloads\ZA-Scan.exe
2014-11-22 08:47 - 2014-11-22 09:02 - 00011811 _____ () C:\Users\Vostro1320\Downloads\hijackthis.log
2014-11-22 08:44 - 2014-11-22 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vostro1320\Downloads\HijackThis (1).exe
2014-11-20 19:28 - 2014-11-23 15:25 - 00383791 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 12:12 - 2014-04-18 07:44 - 00000000 ____D () C:\AdwCleaner
2014-11-23 09:42 - 2014-09-13 10:34 - 00001024 _____ () C:\.rnd
2014-11-15 10:12 - 2014-09-21 08:51 - 00518327 _____ () C:\Users\Vostro1320\AppData\Local\sinder.txt
2014-11-15 09:55 - 2014-08-03 09:40 - 00269257 _____ () C:\Users\Vostro1320\AppData\Local\viewer.txt
Task: {4E0F9B49-F50E-4AFC-B33F-9F743EA15408} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll
emptytemp:
end

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-705239193-524659859-1482476315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-705239193-524659859-1482476315-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
Chrome StartupUrls deleted successfully.
catchme => Service deleted successfully.
NdisrdMP => Service deleted successfully.
"C:\Users\Vostro1320\Desktop\JRT.txt" => File/Directory not found.
C:\Users\Vostro1320\Desktop\adwcleaner_4.101.exe => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Windows\erdnt => Moved successfully.
C:\Users\Vostro1320\Downloads\rkill (2).com => Moved successfully.
C:\Users\Vostro1320\Downloads\rkill (1).com => Moved successfully.
C:\Users\Vostro1320\Downloads\rkill.com => Moved successfully.
"C:\Users\Vostro1320\Desktop\ComboFix.exe" => File/Directory not found.
C:\Users\Vostro1320\Desktop\adwcleaner_4.101 - Atalho.lnk => Moved successfully.
C:\ZA-Scan.txt => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Vostro1320\Downloads\ZA-Scan.exe => Moved successfully.
C:\Users\Vostro1320\Downloads\hijackthis.log => Moved successfully.
C:\Users\Vostro1320\Downloads\HijackThis (1).exe => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\AdwCleaner => Moved successfully.
C:\.rnd => Moved successfully.
C:\Users\Vostro1320\AppData\Local\sinder.txt => Moved successfully.
C:\Users\Vostro1320\AppData\Local\viewer.txt => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E0F9B49-F50E-4AFC-B33F-9F743EA15408}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E0F9B49-F50E-4AFC-B33F-9F743EA15408}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\Users\Vostro1320\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Vostro1320\AppData\Local\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 349 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-23 18:02:55)<=

"C:\Windows\WindowsUpdate.log" => File could not move.

==== End of Fixlog ====
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 18:28

Boa Noite! Jose Wilson

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )

> Estando na página,clique [Você precisa estar registrado e conectado para ver esta imagem.]
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".

[Você precisa estar registrado e conectado para ver esta imagem.]

> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 19:20

O Chrome impede a execução em 18%. E pede para desativar o ontivirus.
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 21:22

Jose Wilson escreveu:O Chrome impede a execução em 18%. E pede para desativar o ontivirus.
Boa Noite! Jose Wilson

> Feche o navegador e desabilite o AVG.
> Já tentou a solicitação?

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 22:17

Não é possível, e o programa pára exatamente nos 18%, e o chrome pede para desabilitar o anti vírus, que já está desabilitado.
Tentei copiar o log que aparece, mas ele não permite selecionar, ou qq outro comando. Tenho que ir o ctrl-alt-del, senão trava o pc.
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 22:25

Boa Noite! Jose Wilson

> Baixe: < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
> Ou aqui! << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < [Você precisa estar registrado e conectado para ver esta imagem.]

> Ou acesse: < MyFile.tk >

> Ou anexe-o |Aqui!| << Link!

> Maiores informações: < |Link| > << Hospedagem!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Jose Wilson em Dom 23 Nov 2014, 22:56

[Você precisa estar registrado e conectado para ver este link.]
avatar
Jose Wilson
Iniciante
Iniciante

Mensagens : 47
Reputação : 1
Data de inscrição : 07/10/2013
Idade : 57
Localização : Centro - Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por joram em Dom 23 Nov 2014, 23:16

Boa Noite! Jose Wilson

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
EmptyPrefetch
FirewallRaz
EmptyCLSID
EmptyFlash
EmptyTemp
HiddenFix
ProxyFix
HostFix
IfeoFix
[MD5.00000000000000000000000000000000] [APT] [{61961AFA-B7BC-4691-AA80-3EB614C1C80F}] (...) -- C:\Users\Vostro1320\Downloads\HijackThis (1).exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{6B5AB8CE-944C-4DB1-9FCA-3E36ADB159DE}] (...) -- C:\Users\Vostro1320\Downloads\HijackThis (1).exe (.not file.)   [0]
O4 - HKLM\..\Run: [LanguageShortcut] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O42 - Logiciel: PC Data App - (...) [HKLM] -- PCData App
O43 - CFD: 13/09/2014 - 10:48:24 - [] ----D C:\ProgramData\boost_interprocess
O44 - LFC:[MD5.EA29751D5408F7C62C00A82FFD4A1F83] - 22/11/2014 - 07:54:40 ---A- . (...) -- C:\zoek-results2014-11-22-105440.log   [17049]
O45 - LFCP:[MD5.0733EDD85AED35C08926251EA26C058F] - 23/11/2014 - 06:38:07 ---A- - C:\Windows\Prefetch\MOBOGENIE.EXE-F744BFAF.pf
O61 - LFC: 22/11/2014 - 22:35:52 ---A- . (.Trend Micro Inc..) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\HijackThis.exe   [388608]
O61 - LFC: 23/11/2014 - 22:35:52 ---A- . (.Farbar.) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\FSS.exe   [415232]
O61 - LFC: 23/11/2014 - 22:35:52 ---A- . (.Thisisu.) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\JRT.exe   [1707532]
O61 - LFC: 23/11/2014 - 22:35:52 R--A- . (.Swearware.) -- C:\Users\Vostro1320\Desktop\PROTEÇÃO\ComboFix.exe   [5598306]
O87 - FAEL: "{73C3AFA7-D24C-4902-A6FD-A5BFB957898D}" | In - Public - P6 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
O87 - FAEL: "{9A33DFC3-2638-4755-A8BE-45D689B724C1}" | In - Public - P17 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
O87 - FAEL: "{F5A39E22-FA8C-4040-861D-45FFFF20FB6B}" | In - Private - P6 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
O87 - FAEL: "{CBC2FBDC-E873-47F0-BDB4-41E663F85D4F}" | In - Private - P17 - TRUE | .(.mobogenie.com - downloader.) -- C:\Program Files\Mobogenie3\mobogenieP2sp.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
[HKCU\Software\PCDataApp]
[HKLM\Software\PCDataApp]
C:\Program Files\Mobogenie3
sysrestore


> Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+


Última edição por joram em Dom 23 Nov 2014, 23:39, editado 1 vez(es)
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: adcash - Uma Praga!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum