ganhei um notebook bichado

Ganhei um notebook aparentemente novo, mas todo ruim, lento, mensagens de erro, e pedidos de atualização de programas desconhecidos.

Boa Noite! Silvana Alfredo

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

Vai aqui os relatórios,disponibilizados em Cjoint.com

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

Grato!

Boa Tarde! Silvana Alfredo

> Desinstale: 

C:\Program Files\TuneUp Utilities 2014
C:\Program Files\Baidu Security\Baidu Antivirus

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a na pasta Download! /!\ C:\Users\Usuario\Downloads /!\

start
CloseProcesses:
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-09-25] (Baidu, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2770409014-1854213450-1300532065-1004\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> {7DC0055E-1C76-479B-9C92-9D2459569A1F} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: BrowseMark -> {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} -> No File
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal", "https://www.google.com/"
CHR HKLM\...\Chrome\Extension: [hmmobpklocnejaagcklhmlnjdfpfjjib] - C:\Program Files\OpenLyrics\116.crx [2014-10-29]
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-09-25] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-09-25] (Baidu, Inc.)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [121184 2014-03-26] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [21152 2014-09-25] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [48448 2014-09-25] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [29504 2014-09-25] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [94976 2014-01-14] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [70496 2014-09-25] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [51584 2014-09-25] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [157504 2014-09-25] (Baidu, Inc.)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
2014-11-24 23:34 - 2014-11-24 23:34 - 00000197 _____ () C:\Windows\system32\2014-11-25-01-34-50.092-AvastVBoxSVC.exe-3312.log
2014-11-24 19:52 - 2014-11-24 19:52 - 00000197 _____ () C:\Windows\system32\2014-11-24-21-52-27.061-AvastVBoxSVC.exe-5156.log
2014-11-10 19:44 - 2014-11-10 19:44 - 00000197 _____ () C:\Windows\system32\2014-11-10-21-44-20.011-AvastVBoxSVC.exe-3548.log
2014-11-03 20:12 - 2014-11-03 20:12 - 00000247 _____ () C:\Windows\system32\2014-11-03-22-12-07.016-aswFe.exe-1192.log
2014-11-03 20:04 - 2014-11-03 20:11 - 00000247 _____ () C:\Windows\system32\2014-11-03-22-04-05.044-aswFe.exe-3572.log
2014-11-03 20:03 - 2014-11-03 20:03 - 00000197 _____ () C:\Windows\system32\2014-11-03-22-03-56.072-AvastVBoxSVC.exe-5204.log
2014-11-25 07:54 - 2012-10-26 09:52 - 01791807 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 23:31 - 2009-07-14 02:39 - 00082517 _____ () C:\Windows\setupact.log
2014-11-24 19:47 - 2012-10-26 12:17 - 00278450 _____ () C:\Windows\PFRO.log
2014-09-25 16:15 - 2014-09-25 16:15 - 00208744 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll
2014-01-21 12:17 - 2014-04-01 01:21 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
Task: {095E86B4-F159-4C6F-BA5F-953A838E5604} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Baidu Antivirus\BavUpdater.exe [2014-09-25] (Baidu, Inc.)
Task: {65036691-E3EA-40DF-AA66-F70C35A1EF2C} - System32\Tasks\pricemeterwatcher => C:\Users\geomapas\AppData\Local\PriceMeter\pricemeterw.exe [2014-04-13] (PriceMeter) <==== ATTENTION
Task: {A8C68EF4-3723-408E-A30D-445B9256479A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {CAFADBA0-E566-49C4-8FDD-3287240C76BF} - System32\Tasks\pricemetertask => C:\Users\geomapas\AppData\Local\PriceMeter\TEMP\pricemeter.exe <==== ATTENTION
Task: {E3028495-49A7-4B98-AE7F-C83C7EE8EDF8} - System32\Tasks\Digital Sites => C:\Users\geomapas\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\geomapas\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
emptytemp:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar. 
> Poste o relatório! (Fixlog.txt)

A+

Olá Segue o relatório depois de várias tentativas. Minha concexão com a internet está muito ruim com um tal de navegaki. Gostaria de eliminar pois está tanto no Explorer como no "suposto google", pois o símbolo é do google mas entra essa coisa.

Então depois de algumas tentativas segue abaixo:



=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-26 08:38:08)<=

"C:\Windows\WindowsUpdate.log" => File could not move.

==== End of Fixlog ====

Bom Dia! Silvana Alfredo

> O relatório veio incompleto,mas...não se preocupe,posteriormente voltaremos ao uso da FRST.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar". 

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+

# AdwCleaner v4.102 - Relatório criado 26/11/2014 às 09:15:35
# Atualizado 23/11/2014 por Xplode
# Database : 2014-11-25.1 [Live]
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : Usuario - ACER-001
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\PriceMeterLiveUpdate
Pasta Deletada : C:\Program Files\BrowseMark
Pasta Deletada : C:\Program Files\LyricsFinder
Pasta Deletada : C:\Users\geomapas\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\geomapas\AppData\Local\PriceMeterLiveUpdate
Pasta Deletada : C:\Users\geomapas\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\geomapas\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\geomapas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\pdfforge
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Systweak
Arquivo Deletada : C:\Windows\system32\roboot.exe

***** [ Tarefas ] *****


***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BrowseMark
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\BrowseMark
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\systweak

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17420

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [URL]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3367 octets] - [26/11/2014 09:11:57]
AdwCleaner[S0].txt - [3775 octets] - [26/11/2014 09:15:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3835 octets] ##########

Bom Dia! Silvana Alfredo

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ... 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

Ai vai

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x86
Ran by Usuario on 26/11/2014 at 9:25:24,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Program Files\baidu security"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/11/2014 at 9:29:30,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bom Dia! Silvana Alfredo

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

emptytemp;
resetieproxy;
resethosts;
autoclean;
chrdefaults;
Baidu;a
Baidu;z 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Olá

Não consigo abrir o arquivo para executá-lo pois apareceu uma unica vez uma caixa do baidu e depois fechou sozinha e não pude visualiza-la completamente para informar.

Aviso do WIN - RAR que o arquivo contem um erro e não pode ser executado.

Eu tinha desabilitado o Avast por uma hora e o ícone sumiu e não sei se continua desabilitado

Silvana Alfredo escreveu:Olá

Não consigo abrir o arquivo para executá-lo pois apareceu uma unica vez uma caixa do baidu e depois fechou sozinha e não pude visualiza-la completamente para informar.

Aviso do WIN - RAR que o arquivo contem um erro e não pode ser executado.

Eu tinha desabilitado o Avast por uma hora e o ícone sumiu e não sei se continua desabilitado

Olá! Silvana Alfredo

> Baixe o Zoek.exe e não o Zoek.rar ou Zoek.zip <<

A+

Segue relatório



Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Usuario on 26/11/2014 at 10:52:19,84.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26/11/2014 10:54:59 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\GUMA83F.tmp deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\boost_interprocess deleted successfully
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Usuario\AppData\Roaming\HpUpdate deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\Users\geomapas\AppData\Roaming\WB.CFG deleted
C:\Users\Usuario\Downloads\SoftonicDownloader_para_dropbox.exe deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Users\Usuario\AppData\Roaming\unins000.exe deleted

==== Folders Found ======================

2014-11-26 11:15:36 2014-11-26 11:15:36 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-11-26 11:15:42 2014-11-26 11:15:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-11-26 11:15:42 2014-11-26 11:15:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu
2014-11-26 11:15:42 2014-11-26 11:15:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu\Baidu Antivirus

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/11/2014 10:36]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"OpenLyrics@Sclido.co"="C:\Program Files\OpenLyrics\116.xpi" []

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[26/11/2014 10:36]

IEQ Campo Grande - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkedkkheeiebaeijcbghdppmbnigplb

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_pt-BRBR509"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Mozilla\Firefox\Extensions\OpenLyrics@Sclido.co deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UC7L2209 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=3 1105496 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\geomapas\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UC7L2209" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 26/11/2014 at 11:18:25,48 ======================

• Bom Dia! Silvana Alfredo
  
  
• Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Adlice Software ) ( 32 bits version )
  
  
• Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  > ( ... by Adlice Software ) ( 64 bits version )
  
  
• Salve-o no desktop! [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
  
• Feche aplicativos que estejam abertos!
  
• Execute RogueKiller.exe e aceite a Eula,caso solicite!
  
• Se o "Filtro SmartScreen" bloquear o anti-malware,clique em "Mais informações" >> "Executar de qualquer maneira"
  

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 

• Aguarde a finalização de seu Pre-scan,que se inicia automáticamente.
  

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

• Dê início ao diagnóstico,clicando no botão "Verificar". 
  
• Poste o relatório ao concluir: RKreport[1].txt
  
  
• A+
  

RogueKiller V10.0.8.0 [Nov 20 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Modo : Escanear -- Data : 11/26/2014 12:00:04

¤¤¤ Processos : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> Interrompido [TermProc]

¤¤¤ Registro : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Encontrado
[PUM.HomePage] HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main | Start Page : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 4 (Driver: Carregado) ¤¤¤
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 689e982ce80f7457f374af15b01d1ffa
[BSP] f613144728751a0a87fe609af50a758c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

/!\ Boa Tarde! Silvana Alfredo /!\

> Execute,novamente,a ferramenta RogueKiller.
> Clique em Verificar.
> Marque todas as caixinhas,indo a guia Registro.
> Clique Deletar!
> Poste o relatório!

A+

RogueKiller V10.0.8.0 [Nov 20 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Modo : Escanear -- Data : 11/26/2014 12:00:04

¤¤¤ Processos : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> Interrompido [TermProc]

¤¤¤ Registro : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Encontrado
[PUM.HomePage] HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main | Start Page : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 4 (Driver: Carregado) ¤¤¤
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 689e982ce80f7457f374af15b01d1ffa
[BSP] f613144728751a0a87fe609af50a758c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

RogueKiller V10.0.8.0 [Nov 20 2014] por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Modo : Deletar -- Data : 11/26/2014 15:52:58

¤¤¤ Processos : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\System32\svchost.exe[7] -> Interrompido [TermProc]

¤¤¤ Registro : 7 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files\Unlocker\UnlockerDriver5.sys) -> Não selecionado
[PUM.HomePage] HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main | Start Page : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> Não selecionado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Não selecionado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Não selecionado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE060D19-6145-4D4E-B445-E7BED150DF38} | DhcpNameServer : 200.204.0.10 200.204.0.138 [BRAZIL (BR)][BRAZIL (BR)] -> Não selecionado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Não selecionado
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Não selecionado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 4 (Driver: Carregado) ¤¤¤
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff99da79fa)

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 689e982ce80f7457f374af15b01d1ffa
[BSP] f613144728751a0a87fe609af50a758c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11262014_120004.log - RKreport_DEL_11262014_120214.log - RKreport_DEL_11262014_120249.log - RKreport_DEL_11262014_120314.log
RKreport_DEL_11262014_120325.log - RKreport_DEL_11262014_120340.log - RKreport_DEL_11262014_120403.log - RKreport_DEL_11262014_120420.log
RKreport_DEL_11262014_120428.log - RKreport_SCN_11262014_154739.log - RKreport_DEL_11262014_154808.log - RKreport_DEL_11262014_154827.log
RKreport_DEL_11262014_154834.log - RKreport_DEL_11262014_154841.log - RKreport_DEL_11262014_154851.log - RKreport_DEL_11262014_154856.log
RKreport_DEL_11262014_154902.log - RKreport_DEL_11262014_154908.log - RKreport_DEL_11262014_154911.log - RKreport_DEL_11262014_154915.log
RKreport_DEL_11262014_154918.log - RKreport_DEL_11262014_154923.log - RKreport_DEL_11262014_154927.log - RKreport_DEL_11262014_154932.log
RKreport_DEL_11262014_154936.log - RKreport_DEL_11262014_154939.log - RKreport_DEL_11262014_154942.log - RKreport_DEL_11262014_154947.log
RKreport_DEL_11262014_154951.log - RKreport_DEL_11262014_154959.log - RKreport_DEL_11262014_155004.log - RKreport_DEL_11262014_155008.log
RKreport_DEL_11262014_155017.log - RKreport_DEL_11262014_155020.log - RKreport_DEL_11262014_155026.log - RKreport_DEL_11262014_155030.log
RKreport_DEL_11262014_155035.log - RKreport_DEL_11262014_155041.log - RKreport_DEL_11262014_155047.log - RKreport_DEL_11262014_155054.log
RKreport_DEL_11262014_155118.log - RKreport_DEL_11262014_155155.log - RKreport_DEL_11262014_155210.log - RKreport_DEL_11262014_155216.log
RKreport_DEL_11262014_155220.log - RKreport_DEL_11262014_155224.log - RKreport_DEL_11262014_155235.log - RKreport_DEL_11262014_155244.log

/!\ Olá! Silvana Alfredo /!\

> Qual o motivo de tantos relatórios do RogueKiller? Vc tinha apenas,que marcar as caixinhas e clicar em Deletar.
> Poste novo relatório da ferramenta FRST.
> Ps: Desta vez não teremos o Addition.txt.
> Disponibilize-o em Cjoint.com e poste o link ao relatório!

A+

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Usuario (administrator) on ACER-001 on 26-11-2014 20:07:56
Running from C:\Users\Usuario\Desktop
Loaded Profile: Usuario (Available profiles: Usuario & geomapas)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
() C:\ProgramData\HP Photo Creations\Communicator.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-02] (Google Inc.)
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17880752 2012-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\...\Run: [Google Update] => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-26] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF9C52B4CCCD01
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
SearchScopes: HKLM -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2770409014-1854213450-1300532065-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 201.6.2.138 201.6.2.78

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2770409014-1854213450-1300532065-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2770409014-1854213450-1300532065-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2770409014-1854213450-1300532065-1000: gastecnologia.com.br/sf/cef -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-02]

Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Pesquisa do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (No Name) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkedkkheeiebaeijcbghdppmbnigplb [2013-05-03]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-26] (Avast Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [274200 2012-01-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl7654c6bf; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F53A69CF-DFE5-48EA-A46C-6BCDECC3DD0F}\MpKsl7654c6bf.sys [39464 2014-11-26] (Microsoft Corporation)
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [219240 2012-02-01] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21520 2012-02-14] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-26] (Avast Software)
S3 Spring; \??\C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 20:07 - 2014-11-26 20:07 - 00014289 _____ () C:\Users\Usuario\Desktop\FRST.txt
2014-11-26 20:07 - 2014-11-26 20:07 - 00000000 ____D () C:\Users\Usuario\Desktop\FRST-OlderVersion
2014-11-26 11:50 - 2014-11-26 15:55 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 11:44 - 2014-11-26 11:46 - 15196248 _____ () C:\Users\Usuario\Downloads\RogueKiller.exe
2014-11-26 11:11 - 2014-11-26 10:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-26 10:54 - 2014-11-26 11:18 - 00012730 _____ () C:\zoek-results.log
2014-11-26 10:52 - 2014-11-26 11:15 - 00000000 ____D () C:\zoek_backup
2014-11-26 10:51 - 2014-11-26 10:51 - 01294848 _____ () C:\Users\Usuario\Downloads\zoek.exe
2014-11-26 10:36 - 2014-11-26 10:36 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 10:36 - 2014-11-26 10:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 10:20 - 2014-11-26 10:21 - 04124246 _____ () C:\Users\Usuario\Downloads\zoek (1).zip
2014-11-26 10:16 - 2014-11-26 10:16 - 00000000 ____D () C:\Users\Usuario\Downloads\zoek
2014-11-26 10:14 - 2014-11-26 10:15 - 04124246 _____ () C:\Users\Usuario\Downloads\zoek.zip
2014-11-26 09:29 - 2014-11-26 09:29 - 00000759 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-11-26 09:25 - 2014-11-26 09:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-26 09:23 - 2014-11-26 09:24 - 01707532 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-11-26 09:21 - 2014-11-26 09:21 - 00000197 _____ () C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log
2014-11-26 09:11 - 2014-11-26 09:15 - 00000000 ____D () C:\AdwCleaner
2014-11-26 09:11 - 2014-11-26 09:11 - 02148864 _____ () C:\Users\Usuario\Desktop\AdwCleaner.exe
2014-11-26 08:54 - 2014-11-26 08:55 - 02118144 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2014-11-26 08:32 - 2014-11-26 08:32 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log
2014-11-26 08:29 - 2014-11-26 15:40 - 00062813 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00002298 _____ () C:\Windows\PFRO.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-11-26 08:08 - 2014-11-26 08:08 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log
2014-11-25 14:07 - 2014-11-25 14:07 - 242529036 _____ () C:\Windows\MEMORY.DMP
2014-11-25 14:07 - 2014-11-25 14:07 - 00148880 _____ () C:\Windows\Minidump\112514-27861-01.dmp
2014-11-25 14:07 - 2014-11-25 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-25 13:42 - 2014-11-25 13:42 - 00000000 __SHD () C:\Users\Usuario\AppData\Local\EmieBrowserModeList
2014-11-25 08:06 - 2014-11-25 08:08 - 00030732 _____ () C:\Users\Usuario\Downloads\Addition.txt
2014-11-25 08:03 - 2014-11-25 08:08 - 00031822 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-11-25 08:02 - 2014-11-26 20:08 - 00000000 ____D () C:\FRST
2014-11-25 07:59 - 2014-11-26 20:07 - 01109504 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe
2014-11-18 20:08 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:08 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 20:34 - 2014-11-07 17:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-16 20:34 - 2014-11-06 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-16 20:34 - 2014-11-06 01:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-16 20:34 - 2014-11-06 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-16 20:34 - 2014-11-06 00:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-16 20:34 - 2014-11-06 00:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-16 20:34 - 2014-11-06 00:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-16 20:34 - 2014-11-06 00:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-16 20:34 - 2014-11-06 00:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-16 20:34 - 2014-11-06 00:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-16 20:34 - 2014-11-06 00:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-16 20:34 - 2014-11-05 23:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-16 20:33 - 2014-11-06 01:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-16 20:33 - 2014-11-06 01:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-16 20:33 - 2014-11-06 01:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-16 20:33 - 2014-11-06 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-16 20:33 - 2014-11-06 01:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-16 20:33 - 2014-11-06 01:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-16 20:33 - 2014-11-06 01:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-16 20:33 - 2014-11-06 01:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-16 20:33 - 2014-11-06 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-16 20:33 - 2014-11-06 00:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-16 20:33 - 2014-11-06 00:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-16 20:33 - 2014-11-06 00:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-16 20:33 - 2014-11-06 00:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-16 20:33 - 2014-11-06 00:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-16 20:33 - 2014-11-06 00:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-16 20:33 - 2014-11-06 00:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-16 20:33 - 2014-11-05 23:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-16 20:33 - 2014-11-05 23:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 21:03 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:57 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:56 - 2014-10-13 23:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 20:56 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:55 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:55 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:52 - 2014-11-05 15:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:52 - 2014-11-05 15:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:52 - 2014-11-05 15:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:52 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:52 - 2014-10-09 22:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:52 - 2014-10-02 23:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 20:52 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 20:48 - 2014-10-13 23:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:48 - 2014-10-13 23:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:48 - 2014-10-13 23:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 20:48 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 20:48 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-10 21:06 - 2014-11-04 13:30 - 266163743 _____ () C:\Users\Usuario\Documents\video apocalipse.wmv
2014-11-03 19:51 - 2014-11-03 19:51 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-03 19:39 - 2014-11-03 19:39 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\AVAST Software
2014-10-29 20:44 - 2014-11-26 10:37 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-29 20:43 - 2014-11-26 10:36 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-29 20:43 - 2014-11-26 10:36 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-29 20:26 - 2014-11-26 10:36 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-29 20:26 - 2014-11-26 10:36 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 20:00 - 2012-11-06 15:12 - 00000328 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-26 20:00 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Skype
2014-11-26 20:00 - 2012-10-26 11:08 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 20:00 - 2012-10-26 11:06 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770409014-1854213450-1300532065-1000UA.job
2014-11-26 11:22 - 2009-07-14 02:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 11:22 - 2009-07-14 02:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 11:18 - 2012-11-02 18:52 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 11:18 - 2012-10-26 11:22 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-26 11:15 - 2009-07-14 02:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 11:07 - 2009-07-14 00:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-26 10:37 - 2012-11-02 18:52 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 10:37 - 2012-11-02 18:52 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 10:36 - 2012-11-02 18:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 10:36 - 2012-11-02 18:52 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-26 09:17 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-26 09:15 - 2012-10-26 10:05 - 00001126 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-26 08:06 - 2009-07-14 02:33 - 00415328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-25 14:09 - 2013-08-13 16:51 - 00000008 __RSH () C:\Users\Usuario\ntuser.pol
2014-11-25 14:09 - 2012-10-26 10:05 - 00000000 ____D () C:\Users\Usuario
2014-11-24 23:40 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-24 23:28 - 2014-05-07 11:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-24 23:28 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-11-24 23:11 - 2012-10-26 14:06 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-11-24 23:11 - 2012-10-26 14:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-24 23:08 - 2012-10-26 11:06 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770409014-1854213450-1300532065-1000Core.job
2014-11-24 20:24 - 2013-08-20 12:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-24 20:13 - 2012-10-26 17:37 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-24 19:55 - 2012-10-26 10:01 - 01634914 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 19:55 - 2009-07-14 06:31 - 00705782 _____ () C:\Windows\system32\prfh0416.dat
2014-11-24 19:55 - 2009-07-14 06:31 - 00147622 _____ () C:\Windows\system32\prfc0416.dat
2014-11-16 22:27 - 2012-11-02 18:52 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 20:27 - 2012-12-04 16:45 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Dropbox
2014-11-10 21:05 - 2012-10-26 14:06 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Microsoft Help
2014-10-30 09:24 - 2012-10-26 11:23 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 20:27 - 2012-11-02 18:50 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-10-29 20:27 - 2012-11-02 18:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-29 20:26 - 2009-07-14 00:04 - 00002577 _____ () C:\Windows\system32\config.nt

Some content of TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-29 21:30

==================== End Of Log ============================

Boa Noite! Silvana Alfredo

> Desinstale: C:\Program Files\Unlocker <<

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a no desktop! /!\  C:\Users\Usuario\Desktop /!\

start
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF9C52B4CCCD01
SearchScopes: HKLM -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 Spring; \??\C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [X]
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 11:44 - 2014-11-26 11:46 - 15196248 _____ () C:\Users\Usuario\Downloads\RogueKiller.exe
2014-11-26 09:29 - 2014-11-26 09:29 - 00000759 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-11-26 09:23 - 2014-11-26 09:24 - 01707532 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-11-26 09:21 - 2014-11-26 09:21 - 00000197 _____ () C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log
2014-11-26 09:11 - 2014-11-26 09:15 - 00000000 ____D () C:\AdwCleaner
2014-11-26 09:11 - 2014-11-26 09:11 - 02148864 _____ () C:\Users\Usuario\Desktop\AdwCleaner.exe
2014-11-26 08:32 - 2014-11-26 08:32 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log
2014-11-26 08:29 - 2014-11-26 15:40 - 00062813 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00002298 _____ () C:\Windows\PFRO.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-11-26 08:08 - 2014-11-26 08:08 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log
2014-11-26 11:18 - 2012-10-26 11:22 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-26 09:17 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
emptytemp:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar. 
> Poste o relatório! (Fixlog.txt)

A+

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Usuario at 2014-11-26 21:05:31 Run:3
Running from C:\Users\Usuario\Desktop
Loaded Profile: Usuario (Available profiles: Usuario & geomapas)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF9C52B4CCCD01
SearchScopes: HKLM -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 Spring; \??\C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [X]
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-11-26 11:50 - 2014-11-26 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-26 11:44 - 2014-11-26 11:46 - 15196248 _____ () C:\Users\Usuario\Downloads\RogueKiller.exe
2014-11-26 09:29 - 2014-11-26 09:29 - 00000759 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-11-26 09:23 - 2014-11-26 09:24 - 01707532 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-11-26 09:21 - 2014-11-26 09:21 - 00000197 _____ () C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log
2014-11-26 09:11 - 2014-11-26 09:15 - 00000000 ____D () C:\AdwCleaner
2014-11-26 09:11 - 2014-11-26 09:11 - 02148864 _____ () C:\Users\Usuario\Desktop\AdwCleaner.exe
2014-11-26 08:32 - 2014-11-26 08:32 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log
2014-11-26 08:29 - 2014-11-26 15:40 - 00062813 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00002298 _____ () C:\Windows\PFRO.log
2014-11-26 08:28 - 2014-11-26 11:15 - 00000224 _____ () C:\Windows\setupact.log
2014-11-26 08:08 - 2014-11-26 08:08 - 00000197 _____ () C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log
2014-11-26 11:18 - 2012-10-26 11:22 - 00000314 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-26 09:17 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
emptytemp:
end
*****************

HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
avast! Firewall => Error deleting Service
Spring => Service deleted successfully.
C:\Users\Todos os Usuários\RogueKiller => Moved successfully.
"C:\ProgramData\RogueKiller" => File/Directory not found.
C:\Users\Usuario\Downloads\RogueKiller.exe => Moved successfully.
C:\Users\Usuario\Desktop\JRT.txt => Moved successfully.
C:\Users\Usuario\Downloads\JRT.exe => Moved successfully.
C:\Windows\system32\2014-11-26-11-21-02.043-AvastVBoxSVC.exe-876.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Usuario\Desktop\AdwCleaner.exe => Moved successfully.
C:\Windows\system32\2014-11-26-10-32-01.045-AvastVBoxSVC.exe-2372.log => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\system32\2014-11-26-10-08-28.066-AvastVBoxSVC.exe-2228.log => Moved successfully.
C:\Windows\Tasks\GlaryInitialize.job => Moved successfully.
Could not move "C:\Windows\Tasks\SCHEDLGU.TXT" => Scheduled to move on reboot.
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 61 MB temporary data.

Boa Noite! Silvana Alfredo

> Baixe este script e salve-o no desktop com o nome ZAScript.

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Renomeie a ferramenta Zoek para ZA-Scan.
> Ps: A ferramenta Zoek,renomeada para ZA-Scan,tem que estar no desktop.
> Feche o navegador! << Importante!
> Desabilite seu antivírus,para que não detecte a ferramenta.
> Execute ZA-Scan e aguarde sua conclusão!
> Confirme o reboot e poste o relatório ao concluir! ( C:\zoek-results.txt )

A+

Era esse o relatatório?

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
"DllVersion_2.0"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus];r
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus];r
"uuurl"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster];r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}];r
"DllName"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[-HKEY_USERS\.DEFAULT\Software\Baidu];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
"url"=-;r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
"ucloud"=-;r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
"dcloud"=-;r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\Antivirus\web];r
"rcloud"=-;r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
[HKEY_USERS\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2770409014-1854213450-1300532065-1000\Software\Avast Software\WRC\SearchRules\baidu.com];r
"url"=-;r
[-HKEY_USERS\S-1-5-18\Software\Baidu];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe];r
C:\ProgramData\baidu\commondll\splitupload\DllVersion_2.0\FileSplitUpLoad.dll;f
C:\ProgramData\baidu\\commondll\splitupload\DllVersion_2.0;fs
C:\ProgramData\baidu\commondll\splitupload;fs
C:\ProgramData\baidu\commondll;fs
C:\ProgramData\baidu;fs

Silvana Alfredo escreveu:Era esse o relatatório?

Olá! Silvana Alfredo

> Não! Esse é o script que lhe passei. ( ZAScript.txt )
> Vc o baixou como ZAScript_1,mas deve renomeá-lo para ZAScript. E,também,Zoek para ZA-Scan.
> Ficou claro?

A+