Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
1 usuário online :: Nenhum usuário registrado, Nenhum Invisível e 1 Visitante :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


ganhei um notebook bichado

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

ganhei um notebook bichado

Mensagem por Silvana Alfredo em Seg 24 Nov 2014, 23:13

Ganhei um notebook aparentemente novo, mas todo ruim, lento, mensagens de erro, e pedidos de atualização de programas desconhecidos.
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Seg 24 Nov 2014, 23:56

Boa Noite! Silvana Alfredo

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Você precisa estar registrado e conectado para ver esta imagem.]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Você precisa estar registrado e conectado para ver esta imagem.]

[Você precisa estar registrado e conectado para ver esta imagem.]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Ter 25 Nov 2014, 08:50

Vai aqui os relatórios,disponibilizados em Cjoint.com

< FRST_4 >

< Addition_4 >

Grato!
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Ter 25 Nov 2014, 12:38

Boa Tarde! Silvana Alfredo

> Desinstale: 

C:\Program Files\TuneUp Utilities 2014
C:\Program Files\Baidu Security\Baidu Antivirus

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a na pasta Download! /!\ C:\Users\Usuario\Downloads /!\

start
CloseProcesses:
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-09-25] (Baidu, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2770409014-1854213450-1300532065-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> {7DC0055E-1C76-479B-9C92-9D2459569A1F} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: BrowseMark -> {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} -> No File
CHR HomePage: Default -> [Você precisa estar registrado e conectado para ver este link.]
CHR StartupUrls: Default -> "hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal", "https://www.google.com/"
CHR HKLM\...\Chrome\Extension: [hmmobpklocnejaagcklhmlnjdfpfjjib] - C:\Program Files\OpenLyrics\116.crx [2014-10-29]
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-09-25] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-09-25] (Baidu, Inc.)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [121184 2014-03-26] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [21152 2014-09-25] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [48448 2014-09-25] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [29504 2014-09-25] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [94976 2014-01-14] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [70496 2014-09-25] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [51584 2014-09-25] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [157504 2014-09-25] (Baidu, Inc.)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
2014-11-24 23:34 - 2014-11-24 23:34 - 00000197 _____ () C:\Windows\system32\2014-11-25-01-34-50.092-AvastVBoxSVC.exe-3312.log
2014-11-24 19:52 - 2014-11-24 19:52 - 00000197 _____ () C:\Windows\system32\2014-11-24-21-52-27.061-AvastVBoxSVC.exe-5156.log
2014-11-10 19:44 - 2014-11-10 19:44 - 00000197 _____ () C:\Windows\system32\2014-11-10-21-44-20.011-AvastVBoxSVC.exe-3548.log
2014-11-03 20:12 - 2014-11-03 20:12 - 00000247 _____ () C:\Windows\system32\2014-11-03-22-12-07.016-aswFe.exe-1192.log
2014-11-03 20:04 - 2014-11-03 20:11 - 00000247 _____ () C:\Windows\system32\2014-11-03-22-04-05.044-aswFe.exe-3572.log
2014-11-03 20:03 - 2014-11-03 20:03 - 00000197 _____ () C:\Windows\system32\2014-11-03-22-03-56.072-AvastVBoxSVC.exe-5204.log
2014-11-25 07:54 - 2012-10-26 09:52 - 01791807 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 23:31 - 2009-07-14 02:39 - 00082517 _____ () C:\Windows\setupact.log
2014-11-24 19:47 - 2012-10-26 12:17 - 00278450 _____ () C:\Windows\PFRO.log
2014-09-25 16:15 - 2014-09-25 16:15 - 00208744 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll
2014-01-21 12:17 - 2014-04-01 01:21 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
Task: {095E86B4-F159-4C6F-BA5F-953A838E5604} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Baidu Antivirus\BavUpdater.exe [2014-09-25] (Baidu, Inc.)
Task: {65036691-E3EA-40DF-AA66-F70C35A1EF2C} - System32\Tasks\pricemeterwatcher => C:\Users\geomapas\AppData\Local\PriceMeter\pricemeterw.exe [2014-04-13] (PriceMeter) <==== ATTENTION
Task: {A8C68EF4-3723-408E-A30D-445B9256479A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {CAFADBA0-E566-49C4-8FDD-3287240C76BF} - System32\Tasks\pricemetertask => C:\Users\geomapas\AppData\Local\PriceMeter\TEMP\pricemeter.exe <==== ATTENTION
Task: {E3028495-49A7-4B98-AE7F-C83C7EE8EDF8} - System32\Tasks\Digital Sites => C:\Users\geomapas\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\geomapas\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
emptytemp:
end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar
> Poste o relatório! (Fixlog.txt)

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 08:53

Olá Segue o relatório depois de várias tentativas. Minha concexão com a internet está muito ruim com um tal de navegaki. Gostaria de eliminar pois está tanto no Explorer como no "suposto google", pois o símbolo é do google mas entra essa coisa.

Então depois de algumas tentativas segue abaixo:



=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-26 08:38:08)<=

"C:\Windows\WindowsUpdate.log" => File could not move.

==== End of Fixlog ====
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 08:59

Bom Dia! Silvana Alfredo

> O relatório veio incompleto,mas...não se preocupe,posteriormente voltaremos ao uso da FRST.

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Ps: Dê início ao scan,clicando em "Examinar". 

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 09:20

# AdwCleaner v4.102 - Relatório criado 26/11/2014 às 09:15:35
# Atualizado 23/11/2014 por Xplode
# Database : 2014-11-25.1 [Live]
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : Usuario - ACER-001
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\PriceMeterLiveUpdate
Pasta Deletada : C:\Program Files\BrowseMark
Pasta Deletada : C:\Program Files\LyricsFinder
Pasta Deletada : C:\Users\geomapas\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\geomapas\AppData\Local\PriceMeterLiveUpdate
Pasta Deletada : C:\Users\geomapas\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\geomapas\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\geomapas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\pdfforge
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Systweak
Arquivo Deletada : C:\Windows\system32\roboot.exe

***** [ Tarefas ] *****


***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BrowseMark
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\BrowseMark
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\systweak

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17420

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [URL]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3367 octets] - [26/11/2014 09:11:57]
AdwCleaner[S0].txt - [3775 octets] - [26/11/2014 09:15:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3835 octets] ##########
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 09:22

Bom Dia! Silvana Alfredo

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ... 

[Você precisa estar registrado e conectado para ver esta imagem.]

[Você precisa estar registrado e conectado para ver esta imagem.]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 09:34

Ai vai

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x86
Ran by Usuario on 26/11/2014 at 9:25:24,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Program Files\baidu security"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/11/2014 at 9:29:30,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 09:56

Bom Dia! Silvana Alfredo

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Smeenk )

< [Você precisa estar registrado e conectado para ver esta imagem.] zoek.exe >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

emptytemp;
resetieproxy;
resethosts;
autoclean;
chrdefaults;
Baidu;a
Baidu;z
 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt <<

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 10:19

Olá

Não consigo abrir o arquivo para executá-lo pois apareceu uma unica vez uma caixa do baidu e depois fechou sozinha e não pude visualiza-la completamente para informar.

Aviso do WIN - RAR que o arquivo contem um erro e não pode ser executado.

Eu tinha desabilitado o Avast por uma hora e o ícone sumiu e não sei se continua desabilitado
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 10:24

Silvana Alfredo escreveu:Olá

Não consigo abrir o arquivo para executá-lo pois apareceu uma unica vez uma caixa do baidu e depois fechou sozinha e não pude visualiza-la completamente para informar.

Aviso do WIN - RAR que o arquivo contem um erro e não pode ser executado.

Eu tinha desabilitado o Avast por uma hora e o ícone sumiu e não sei se continua desabilitado
Olá! Silvana Alfredo

> Baixe o Zoek.exe e não o Zoek.rar ou Zoek.zip <<

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 11:22

Segue relatório



Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Usuario on 26/11/2014 at 10:52:19,84.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26/11/2014 10:54:59 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\GUMA83F.tmp deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\boost_interprocess deleted successfully
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Usuario\AppData\Roaming\HpUpdate deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\Users\geomapas\AppData\Roaming\WB.CFG deleted
C:\Users\Usuario\Downloads\SoftonicDownloader_para_dropbox.exe deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Users\Usuario\AppData\Roaming\unins000.exe deleted

==== Folders Found ======================

2014-11-26 11:15:36 2014-11-26 11:15:36 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-11-26 11:15:42 2014-11-26 11:15:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-11-26 11:15:42 2014-11-26 11:15:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu
2014-11-26 11:15:42 2014-11-26 11:15:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu\Baidu Antivirus

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/11/2014 10:36]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"OpenLyrics@Sclido.co"="C:\Program Files\OpenLyrics\116.xpi" []

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[26/11/2014 10:36]

IEQ Campo Grande - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkedkkheeiebaeijcbghdppmbnigplb

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_pt-BRBR509"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Mozilla\Firefox\Extensions\OpenLyrics@Sclido.co deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UC7L2209 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=3 1105496 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\geomapas\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UC7L2209" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 26/11/2014 at 11:18:25,48 ======================
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 11:37


  • Bom Dia! Silvana Alfredo

  • Baixe: < RogueKiller > ( ... by Adlice Software ) ( 32 bits version )

  • Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.]  > ( ... by Adlice Software ) ( 64 bits version )

  • Salve-o no desktop! [Você precisa estar registrado e conectado para ver esta imagem.]

  • Feche aplicativos que estejam abertos!
  • Execute RogueKiller.exe e aceite a Eula,caso solicite!
  • Se o "Filtro SmartScreen" bloquear o anti-malware,clique em "Mais informações" >> "Executar de qualquer maneira"

[Você precisa estar registrado e conectado para ver esta imagem.] 

  • Aguarde a finalização de seu Pre-scan,que se inicia automáticamente.

[Você precisa estar registrado e conectado para ver esta imagem.]

  • Dê início ao diagnóstico,clicando no botão "Verificar". 
  • Poste o relatório ao concluir: RKreport[1].txt

  • A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 12:01

RogueKiller V10.0.8.0 [Nov 20 2014] por Adlice Software
mail : [Você precisa estar registrado e conectado para ver este link.]
Feedback : [Você precisa estar registrado e conectado para ver este link.]
Site : [Você precisa estar registrado e conectado para ver este link.]
Blog : [Você precisa estar registrado e conectado para ver este link.]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Modo : Escanear -- Data : 11/26/2014 12:00:04

¤¤¤ Processos : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> Interrompido [TermProc]

¤¤¤ Registro : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Encontrado
[PUM.HomePage] HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main | Start Page : [Você precisa estar registrado e conectado para ver este link.] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 4 (Driver: Carregado) ¤¤¤
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 689e982ce80f7457f374af15b01d1ffa
[BSP] f613144728751a0a87fe609af50a758c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 12:32

/!\ Boa Tarde! Silvana Alfredo /!\

> Execute,novamente,a ferramenta RogueKiller.
> Clique em Verificar.
> Marque todas as caixinhas,indo a guia Registro.
> Clique Deletar!
> Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 15:41

RogueKiller V10.0.8.0 [Nov 20 2014] por Adlice Software
mail : [Você precisa estar registrado e conectado para ver este link.]
Feedback : [Você precisa estar registrado e conectado para ver este link.]
Site : [Você precisa estar registrado e conectado para ver este link.]
Blog : [Você precisa estar registrado e conectado para ver este link.]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Modo : Escanear -- Data : 11/26/2014 12:00:04

¤¤¤ Processos : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> Interrompido [TermProc]

¤¤¤ Registro : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Encontrado
[PUM.HomePage] HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main | Start Page : [Você precisa estar registrado e conectado para ver este link.] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 4 (Driver: Carregado) ¤¤¤
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 689e982ce80f7457f374af15b01d1ffa
[BSP] f613144728751a0a87fe609af50a758c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 15:54

RogueKiller V10.0.8.0 [Nov 20 2014] por Adlice Software
mail : [Você precisa estar registrado e conectado para ver este link.]
Feedback : [Você precisa estar registrado e conectado para ver este link.]
Site : [Você precisa estar registrado e conectado para ver este link.]
Blog : [Você precisa estar registrado e conectado para ver este link.]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Modo : Deletar -- Data : 11/26/2014 15:52:58

¤¤¤ Processos : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> Interrompido [TermProc]

¤¤¤ Registro : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Não selecionado
[PUM.HomePage] HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main | Start Page : [Você precisa estar registrado e conectado para ver este link.] -> Não selecionado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Não selecionado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Não selecionado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Não selecionado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Não selecionado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Não selecionado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 4 (Driver: Carregado) ¤¤¤
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 689e982ce80f7457f374af15b01d1ffa
[BSP] f613144728751a0a87fe609af50a758c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11262014_120004.log - RKreport_DEL_11262014_120214.log - RKreport_DEL_11262014_120249.log - RKreport_DEL_11262014_120314.log
RKreport_DEL_11262014_120325.log - RKreport_DEL_11262014_120340.log - RKreport_DEL_11262014_120403.log - RKreport_DEL_11262014_120420.log
RKreport_DEL_11262014_120428.log - RKreport_SCN_11262014_154739.log - RKreport_DEL_11262014_154808.log - RKreport_DEL_11262014_154827.log
RKreport_DEL_11262014_154834.log - RKreport_DEL_11262014_154841.log - RKreport_DEL_11262014_154851.log - RKreport_DEL_11262014_154856.log
RKreport_DEL_11262014_154902.log - RKreport_DEL_11262014_154908.log - RKreport_DEL_11262014_154911.log - RKreport_DEL_11262014_154915.log
RKreport_DEL_11262014_154918.log - RKreport_DEL_11262014_154923.log - RKreport_DEL_11262014_154927.log - RKreport_DEL_11262014_154932.log
RKreport_DEL_11262014_154936.log - RKreport_DEL_11262014_154939.log - RKreport_DEL_11262014_154942.log - RKreport_DEL_11262014_154947.log
RKreport_DEL_11262014_154951.log - RKreport_DEL_11262014_154959.log - RKreport_DEL_11262014_155004.log - RKreport_DEL_11262014_155008.log
RKreport_DEL_11262014_155017.log - RKreport_DEL_11262014_155020.log - RKreport_DEL_11262014_155026.log - RKreport_DEL_11262014_155030.log
RKreport_DEL_11262014_155035.log - RKreport_DEL_11262014_155041.log - RKreport_DEL_11262014_155047.log - RKreport_DEL_11262014_155054.log
RKreport_DEL_11262014_155118.log - RKreport_DEL_11262014_155155.log - RKreport_DEL_11262014_155210.log - RKreport_DEL_11262014_155216.log
RKreport_DEL_11262014_155220.log - RKreport_DEL_11262014_155224.log - RKreport_DEL_11262014_155235.log - RKreport_DEL_11262014_155244.log
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 16:10

/!\ Olá! Silvana Alfredo /!\

> Qual o motivo de tantos relatórios do RogueKiller? Vc tinha apenas,que marcar as caixinhas e clicar em Deletar.
> Poste novo relatório da ferramenta FRST.
> Ps: Desta vez não teremos o Addition.txt.
> Disponibilize-o em Cjoint.com e poste o link ao relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 20:10

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Usuario (administrator) on ACER-001 on 26-11-2014 20:07:56
Running from C:\Users\Usuario\Desktop
Loaded Profile: Usuario (Available profiles: Usuario & geomapas)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
() C:\ProgramData\HP Photo Creations\Communicator.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-02] (Google Inc.)
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17880752 2012-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\...\Run: [Google Update] => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-26] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF9C52B4CCCD01
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
SearchScopes: HKLM -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 201.6.2.138 201.6.2.78

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2770409014-1854213450-1300532065-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2770409014-1854213450-1300532065-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2770409014-1854213450-1300532065-1000: gastecnologia.com.br/sf/cef -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-02]

Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Pesquisa do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (No Name) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkedkkheeiebaeijcbghdppmbnigplb [2013-05-03]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-26] (Avast Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [274200 2012-01-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl7654c6bf; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F53A69CF-DFE5-48EA-A46C-6BCDECC3DD0F}\MpKsl7654c6bf.sys [39464 2014-11-26] (Microsoft Corporation)
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [219240 2012-02-01] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21520 2012-02-14] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-26] (Avast Software)
S3 Spring; \??\C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 20:07 - 2014-11-26 20:07 - 00014289 _____ () C:\Users\Usuario\Desktop\FRST.txt
2014-11-26 20:07 - 2014-11-26 20:07 - 00000000 ____D () C:\Users\Usuario\Desktop\FRST-OlderVersion
2014-11-26 11:50 - 2014-11-26 15:55 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 11:44 - 2014-11-26 11:46 - 15196248 _____ () C:\Users\Usuario\Downloads\RogueKiller.exe
2014-11-26 11:11 - 2014-11-26 10:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-26 10:54 - 2014-11-26 11:18 - 00012730 _____ () C:\zoek-results.log
2014-11-26 10:52 - 2014-11-26 11:15 - 00000000 ____D () C:\zoek_backup
2014-11-26 10:51 - 2014-11-26 10:51 - 01294848 _____ () C:\Users\Usuario\Downloads\zoek.exe
2014-11-26 10:36 - 2014-11-26 10:36 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 10:36 - 2014-11-26 10:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 10:20 - 2014-11-26 10:21 - 04124246 _____ () C:\Users\Usuario\Downloads\zoek (1).zip
2014-11-26 10:16 - 2014-11-26 10:16 - 00000000 ____D () C:\Users\Usuario\Downloads\zoek
2014-11-26 10:14 - 2014-11-26 10:15 - 04124246 _____ () C:\Users\Usuario\Downloads\zoek.zip
2014-11-26 09:29 - 2014-11-26 09:29 - 00000759 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-11-26 09:25 - 2014-11-26 09:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-26 09:23 - 2014-11-26 09:24 - 01707532 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-11-26 09:21 - 2014-11-26 09:21 - 00000197 _____ () C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log
2014-11-26 09:11 - 2014-11-26 09:15 - 00000000 ____D () C:\AdwCleaner
2014-11-26 09:11 - 2014-11-26 09:11 - 02148864 _____ () C:\Users\Usuario\Desktop\AdwCleaner.exe
2014-11-26 08:54 - 2014-11-26 08:55 - 02118144 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2014-11-26 08:32 - 2014-11-26 08:32 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log
2014-11-26 08:29 - 2014-11-26 15:40 - 00062813 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00002298 _____ () C:\Windows\PFRO.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-11-26 08:08 - 2014-11-26 08:08 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log
2014-11-25 14:07 - 2014-11-25 14:07 - 242529036 _____ () C:\Windows\MEMORY.DMP
2014-11-25 14:07 - 2014-11-25 14:07 - 00148880 _____ () C:\Windows\Minidump\112514-27861-01.dmp
2014-11-25 14:07 - 2014-11-25 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-25 13:42 - 2014-11-25 13:42 - 00000000 __SHD () C:\Users\Usuario\AppData\Local\EmieBrowserModeList
2014-11-25 08:06 - 2014-11-25 08:08 - 00030732 _____ () C:\Users\Usuario\Downloads\Addition.txt
2014-11-25 08:03 - 2014-11-25 08:08 - 00031822 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-11-25 08:02 - 2014-11-26 20:08 - 00000000 ____D () C:\FRST
2014-11-25 07:59 - 2014-11-26 20:07 - 01109504 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe
2014-11-18 20:08 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:08 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 20:34 - 2014-11-07 17:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-16 20:34 - 2014-11-06 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-16 20:34 - 2014-11-06 01:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-16 20:34 - 2014-11-06 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-16 20:34 - 2014-11-06 00:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-16 20:34 - 2014-11-06 00:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-16 20:34 - 2014-11-06 00:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-16 20:34 - 2014-11-06 00:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-16 20:34 - 2014-11-06 00:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-16 20:34 - 2014-11-06 00:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-16 20:34 - 2014-11-06 00:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-16 20:34 - 2014-11-05 23:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-16 20:33 - 2014-11-06 01:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-16 20:33 - 2014-11-06 01:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-16 20:33 - 2014-11-06 01:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-16 20:33 - 2014-11-06 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-16 20:33 - 2014-11-06 01:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-16 20:33 - 2014-11-06 01:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-16 20:33 - 2014-11-06 01:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-16 20:33 - 2014-11-06 01:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-16 20:33 - 2014-11-06 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-16 20:33 - 2014-11-06 00:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-16 20:33 - 2014-11-06 00:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-16 20:33 - 2014-11-06 00:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-16 20:33 - 2014-11-06 00:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-16 20:33 - 2014-11-06 00:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-16 20:33 - 2014-11-06 00:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-16 20:33 - 2014-11-06 00:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-16 20:33 - 2014-11-05 23:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-16 20:33 - 2014-11-05 23:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:57 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:56 - 2014-10-13 23:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 20:56 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:55 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:55 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:52 - 2014-11-05 15:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:52 - 2014-11-05 15:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:52 - 2014-11-05 15:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:52 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:52 - 2014-10-09 22:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:52 - 2014-10-02 23:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 20:48 - 2014-10-13 23:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:48 - 2014-10-13 23:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:48 - 2014-10-13 23:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 20:48 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 20:48 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-10 21:06 - 2014-11-04 13:30 - 266163743 _____ () C:\Users\Usuario\Documents\video apocalipse.wmv
2014-11-03 19:51 - 2014-11-03 19:51 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-03 19:39 - 2014-11-03 19:39 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\AVAST Software
2014-10-29 20:44 - 2014-11-26 10:37 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-29 20:43 - 2014-11-26 10:36 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-29 20:43 - 2014-11-26 10:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-29 20:26 - 2014-11-26 10:36 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-29 20:26 - 2014-11-26 10:36 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 20:00 - 2012-11-06 15:12 - 00000328 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-26 20:00 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Skype
2014-11-26 20:00 - 2012-10-26 11:08 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 20:00 - 2012-10-26 11:06 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770409014-1854213450-1300532065-1000UA.job
2014-11-26 11:22 - 2009-07-14 02:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 11:22 - 2009-07-14 02:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 11:18 - 2012-11-02 18:52 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 11:18 - 2012-10-26 11:22 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-26 11:15 - 2009-07-14 02:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 11:07 - 2009-07-14 00:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-26 10:37 - 2012-11-02 18:52 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 10:37 - 2012-11-02 18:52 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 10:36 - 2012-11-02 18:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 10:36 - 2012-11-02 18:52 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-26 09:17 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-26 09:15 - 2012-10-26 10:05 - 00001126 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-26 08:06 - 2009-07-14 02:33 - 00415328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-25 14:09 - 2013-08-13 16:51 - 00000008 __RSH () C:\Users\Usuario\ntuser.pol
2014-11-25 14:09 - 2012-10-26 10:05 - 00000000 ____D () C:\Users\Usuario
2014-11-24 23:40 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-24 23:28 - 2014-05-07 11:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-24 23:28 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-11-24 23:11 - 2012-10-26 14:06 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-11-24 23:11 - 2012-10-26 14:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-24 23:08 - 2012-10-26 11:06 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770409014-1854213450-1300532065-1000Core.job
2014-11-24 20:24 - 2013-08-20 12:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-24 20:13 - 2012-10-26 17:37 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-24 19:55 - 2012-10-26 10:01 - 01634914 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 19:55 - 2009-07-14 06:31 - 00705782 _____ () C:\Windows\system32\prfh0416.dat
2014-11-24 19:55 - 2009-07-14 06:31 - 00147622 _____ () C:\Windows\system32\prfc0416.dat
2014-11-16 22:27 - 2012-11-02 18:52 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 20:27 - 2012-12-04 16:45 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Dropbox
2014-11-10 21:05 - 2012-10-26 14:06 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Microsoft Help
2014-10-30 09:24 - 2012-10-26 11:23 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 20:27 - 2012-11-02 18:50 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-10-29 20:27 - 2012-11-02 18:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-29 20:26 - 2009-07-14 00:04 - 00002577 _____ () C:\Windows\system32\config.nt

Some content of TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-29 21:30

==================== End Of Log ============================
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 20:47

Boa Noite! Silvana Alfredo

> Desinstale: C:\Program Files\Unlocker <<

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a no desktop! /!\  C:\Users\Usuario\Desktop /!\

start
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF9C52B4CCCD01
SearchScopes: HKLM -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 Spring; \??\C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [X]
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 11:44 - 2014-11-26 11:46 - 15196248 _____ () C:\Users\Usuario\Downloads\RogueKiller.exe
2014-11-26 09:29 - 2014-11-26 09:29 - 00000759 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-11-26 09:23 - 2014-11-26 09:24 - 01707532 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-11-26 09:21 - 2014-11-26 09:21 - 00000197 _____ () C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log
2014-11-26 09:11 - 2014-11-26 09:15 - 00000000 ____D () C:\AdwCleaner
2014-11-26 09:11 - 2014-11-26 09:11 - 02148864 _____ () C:\Users\Usuario\Desktop\AdwCleaner.exe
2014-11-26 08:32 - 2014-11-26 08:32 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log
2014-11-26 08:29 - 2014-11-26 15:40 - 00062813 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00002298 _____ () C:\Windows\PFRO.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-11-26 08:08 - 2014-11-26 08:08 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log
2014-11-26 11:18 - 2012-10-26 11:22 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-26 09:17 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
emptytemp:
end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar
> Poste o relatório! (Fixlog.txt)

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 21:25

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Usuario at 2014-11-26 21:05:31 Run:3
Running from C:\Users\Usuario\Desktop
Loaded Profile: Usuario (Available profiles: Usuario & geomapas)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF9C52B4CCCD01
SearchScopes: HKLM -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 Spring; \??\C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [X]
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 11:44 - 2014-11-26 11:46 - 15196248 _____ () C:\Users\Usuario\Downloads\RogueKiller.exe
2014-11-26 09:29 - 2014-11-26 09:29 - 00000759 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-11-26 09:23 - 2014-11-26 09:24 - 01707532 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-11-26 09:21 - 2014-11-26 09:21 - 00000197 _____ () C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log
2014-11-26 09:11 - 2014-11-26 09:15 - 00000000 ____D () C:\AdwCleaner
2014-11-26 09:11 - 2014-11-26 09:11 - 02148864 _____ () C:\Users\Usuario\Desktop\AdwCleaner.exe
2014-11-26 08:32 - 2014-11-26 08:32 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log
2014-11-26 08:29 - 2014-11-26 15:40 - 00062813 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00002298 _____ () C:\Windows\PFRO.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-11-26 08:08 - 2014-11-26 08:08 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log
2014-11-26 11:18 - 2012-10-26 11:22 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-26 09:17 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
emptytemp:
end
*****************

HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
avast! Firewall => Error deleting Service
Spring => Service deleted successfully.
C:\Users\Todos os Usuários\RogueKiller => Moved successfully.
"C:\ProgramData\RogueKiller" => File/Directory not found.
C:\Users\Usuario\Downloads\RogueKiller.exe => Moved successfully.
C:\Users\Usuario\Desktop\JRT.txt => Moved successfully.
C:\Users\Usuario\Downloads\JRT.exe => Moved successfully.
C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Usuario\Desktop\AdwCleaner.exe => Moved successfully.
C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log => Moved successfully.
C:\Windows\Tasks\GlaryInitialize.job => Moved successfully.
Could not move "C:\Windows\Tasks\SCHEDLGU.TXT" => Scheduled to move on reboot.
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 61 MB temporary data.
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qua 26 Nov 2014, 21:55

Boa Noite! Silvana Alfredo

> Baixe este script e salve-o no desktop com o nome ZAScript.

< ZAScript >

> Renomeie a ferramenta Zoek para ZA-Scan.
> Ps: A ferramenta Zoek,renomeada para ZA-Scan,tem que estar no desktop.
> Feche o navegador! << Importante!
> Desabilite seu antivírus,para que não detecte a ferramenta.
> Execute ZA-Scan e aguarde sua conclusão!
> Confirme o reboot e poste o relatório ao concluir! ( C:\zoek-results.txt )

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Silvana Alfredo em Qua 26 Nov 2014, 23:53

Era esse o relatatório?

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
"DllVersion_2.0"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus];r
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus];r
"uuurl"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster];r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}];r
"DllName"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[-HKEY_USERS\.DEFAULT\Software\Baidu];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
"url"=-;r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
"ucloud"=-;r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
"dcloud"=-;r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
"rcloud"=-;r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
"url"=-;r
[-HKEY_USERS\S-1-5-18\Software\Baidu];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe];r
C:\ProgramData\baidu\commondll\splitupload\DllVersion_2.0\FileSplitUpLoad.dll;f
C:\ProgramData\baidu\\commondll\splitupload\DllVersion_2.0;fs
C:\ProgramData\baidu\commondll\splitupload;fs
C:\ProgramData\baidu\commondll;fs
C:\ProgramData\baidu;fs
avatar
Silvana Alfredo
Membro
Membro

Mensagens : 57
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 57
Localização : São Paulo

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por joram em Qui 27 Nov 2014, 00:57

Silvana Alfredo escreveu:Era esse o relatatório?
Olá! Silvana Alfredo

> Não! Esse é o script que lhe passei. ( ZAScript.txt )
> Vc o baixou como ZAScript_1,mas deve renomeá-lo para ZAScript. E,também,Zoek para ZA-Scan.
> Ficou claro?

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: ganhei um notebook bichado

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum