Logo Hardware.com.br
Carcacinha
Carcacinha Membro Senior Registrado
258 Mensagens 10 Curtidas

[Resolvido] Extensão DeaulExprEss, vírus ??

#1 Por Carcacinha 12/02/2015 - 01:58
Imagem

Essas extensões ja removi elas do Chrome, mais elas estao sempre voltando! são responsaveis por encher as telas de propaganda além de deixar o navegador se arrastando

no Firefox elas chegaram aparecer, mais eu exclui e elas não voltaram..mais ja aconteceu de elas voltarem uma vez e eu excluir denovo..mais até agora nada delas no FF, ainda bem

mais no Chrome está insuportavel, então acredito q nao foi eliminado por completo

segue os relatorios FRST e Addition

FRST: http://cjoint.com/?3Bme6CC1Cfg
Addition: http://cjoint.com/?3Bme73VjhZm

agradeço quem puder ajudar para eliminação total disso !
telas virus removi extensao exclui chrome voltaram deaulexpress
Responder
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#2 Por caedurodrigu...
12/02/2015 - 08:13
Bom dia Carcacinha,

  • Baixe: <2cb63f5a3cb2891ffea3918328744eaf> (...par Xplode)
  • Ou aqui >>AdwCleaner<<
  • Salve-a na sua Desktop (área de trabalho).
  • Feche todos os programas e navegadores de internet abertos.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
    715687bce3607a295707796273fb2e69

    43c99d23e544ec749d16171b30fe4b3c

  • Clique em Examinar, para iniciar o escaneamento!

    c16bf206c6be4697bd007bbcc0ea8fc9
  • Ao término, clique em limpar
  • Copie o log ou clique "Relatório".
  • Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<


  • Baixe:<30e722672bdc2a82ab971d6946fd2de0> <(...by Oleg N. Scherbakov)>
  • Salve-o no desktop!
  • Desabilite seu antivírus!
  • Para Windows 7, clique direito em JRT.exe e execute-o como 06b357286306fefd312a9f88ba39d1e6
Imagem
Aguarde a conclusão e poste o relatório. ( JRT.txt )


Um grande abraço. bom_trabalho.gif
Carcacinha
Carcacinha Membro Senior Registrado
258 Mensagens 10 Curtidas
#3 Por Carcacinha
12/02/2015 - 12:33
Boa Tarde, caedurodrigues !

segue os dois relatorios abaixo!

abs


<strong><span style="color:#000000">- AdwCleaner[S0]</span></strong>



# AdwCleaner v4.110 - Logfile created 12/02/2015 at 11:20:38

# Updated 05/02/2015 by Xplode

# Database : 2015-02-09.1 [Server]

# Operating system : Windows 7 Professional Service Pack 1 (x86)

# Username : ADM - PC

# Running from : C:\Users\Public\Documents\Documents\Desktop\adwcleaner_4.110.exe

# Option : Cleaning



***** [ Services ] *****





***** [ Files / Folders ] *****



Folder Deleted : C:\ProgramData\50CoupioNs

Folder Deleted : C:\ProgramData\RRanddoumPriice

Folder Deleted : C:\ProgramData\13296897479561346519

Folder Deleted : C:\ProgramData\9a2f7b480000277c

Folder Deleted : C:\ProgramData\b88811cec40a7dd7

Folder Deleted : C:\Program Files\BITSaaver

Folder Deleted : C:\Program Files\CoupiExtension

Folder Deleted : C:\Program Files\DigiCOupoN

Folder Deleted : C:\Program Files\DiscountEXtensi

Folder Deleted : C:\Program Files\DowinSave

Folder Deleted : C:\Program Files\ReagularDeaalis

Folder Deleted : C:\Program Files\RegaularDealls

Folder Deleted : C:\Program Files\ShOeppDrop

Folder Deleted : C:\Users\Public\Documents\Documents\Mipony

Folder Deleted : C:\ProgramData\mcmgccpjebmfjgolahhkkjjiffmkiafo

Folder Deleted : C:\ProgramData\mjpfgiloplelemjfnlnecllialegdclg

File Deleted : C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default\user.js



***** [ Scheduled tasks ] *****





***** [ Shortcuts ] *****





***** [ Registry ] *****



Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\PIP

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}



***** [ Web browsers ] *****



-\\ Internet Explorer v11.0.9600.17631





-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)



[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.ArTTSblixGZWXbbS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\&quot>-1url.indexOf(\"warnalert11.com\&quot>-1url.index[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.BlIngZajG5kBKHCr.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\&quot>-1url.indexOf(\"warnalert11.com\&quot>-1url.index[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.MEVJzxOTD50CZSWt.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rTwHqds5qTC7pjC8qTsEqHk5\&quot>-1url.indexOf(\"acebook\&quot>-1[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.MiDffSt4BooRjhsp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\&quot>-1url.indexOf(\"warnalert11.com\&quot>-1url.index[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.cyX9VHLgikfMVw5B.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\&quot>-1url.indexOf(\"warnalert11.com\&quot>-1url.index[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.cyX9VHLgikfMVw5B.url", "hxxp://toolkitstyle.us/sync2/?q=hfZ9ofhTgShEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErjs8rTw8rdr5tMFHhd9FqjaFrTkGrHn6qjYMDMlGojUMAe4UojC5pjrHqjC4rdr6qjUHpdk9pj[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.lMnXaMRv9GiRVaYx.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\&quot>-1url.indexOf(\"warnalert11.com\&quot>-1url.index[...]

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);

[19aegtrn.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);



-\\ Google Chrome v39.0.2171.99



[C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}

[C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mcmgccpjebmfjgolahhkkjjiffmkiafo

[C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mjpfgiloplelemjfnlnecllialegdclg



*************************



AdwCleaner[R0].txt - [4840 bytes] - [12/02/2015 11:08:10]

AdwCleaner[R1].txt - [4899 bytes] - [12/02/2015 11:16:22]

AdwCleaner[S0].txt - [4963 bytes] - [12/02/2015 11:20:38]



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5022  bytes] ##########





------------------------------------------------------------------------------------------------------------------------

<strong>

- JRT</strong>



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Professional x86

Ran by ADM on 12/02/2015 at 11:23:54,64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









~~~ Services







~~~ Registry Values







~~~ Registry Keys







~~~ Files







~~~ Folders







~~~ FireFox



Successfully deleted the following from C:\Users\ADM\AppData\Roaming\mozilla\firefox\profiles\19aegtrn.default\prefs.js



user_pref("extensions.lMnXaMRv9GiRVaYx.epoch", "1421722021&quot;

user_pref("extensions.lMnXaMRv9GiRVaYx.url", "hxxp://secure-school.net/sync2/?q=hfZ9ofV9CShEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErjw5rjU8pdw9tMFHhd9FqjaFrjUErTn6rdwMDMlGojUMAe4

user_pref("extensions.xpiState", "{\"app-profile\":{\"[EMAIL]iobitascsurfingprotection@iobit.com[/EMAIL]\":{\"d\":\"C:\\\\Users\\\\ADM\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles

Emptied folder: C:\Users\ADM\AppData\Roaming\mozilla\firefox\profiles\19aegtrn.default\minidumps [21 files]







~~~ Event Viewer Logs were cleared











~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 12/02/2015 at 11:27:35,12

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Placa Mãe: TCN G41 - 775 - DDR3
Processador: Intel Core 2 Duo E4600

bom_trabalho.gif
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#4 Por caedurodrigu...
12/02/2015 - 12:40
Boa tarde Carcacinha,

  • Baixe:<dee34063e0aebc2b75fbd3b18cb7425azoek.exe><(...by Smeenk)>
  • Salve na sua área de trabalho!
  • Execute o arquivo Zoek.exe.
  • Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
    06b357286306fefd312a9f88ba39d1e6
  • Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;
QuickScan;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
emptyfolderscheck;delete


Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique Run Script!
Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

Um grande abraço. bom_trabalho.gif
Carcacinha
Carcacinha Membro Senior Registrado
258 Mensagens 10 Curtidas
#5 Por Carcacinha
12/02/2015 - 23:24
Segue o relatorio do Zoek, abs !


Zoek.exe v5.0.0.0 Updated 10-February-2015

Tool run by ADM on 12/02/2015 at 21:43:47,20.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Public\Documents\Documents\Desktop\zoek.exe [Scan all users] [Script inserted]



==== Older Logs ======================



C:\zoek-results2015-02-12-233800.log   620 bytes



==== System Restore Info ======================



12/02/2015 21:45:34 Zoek.exe System Restore Point Created Succesfully.



==== Deleting CLSID Registry Keys ======================





==== Deleting CLSID Registry Values ======================





==== Deleting Services ======================





==== FireFox Fix ======================



ProfilePath: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default



user.js not found

---- Lines extensions.ArTTSblixGZWXbbS removed from prefs.js ----

user_pref("extensions.ArTTSblixGZWXbbS.epoch", "1422245077&quot;

user_pref("extensions.ArTTSblixGZWXbbS.url", "<a href="http://getsrv.info/sync2/?q=hfZ9ofl4DchEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErjs8rdrFrdn4tMFHhd9FqjaFrTkE" target="_blank">http://getsrv.info/sync2/?q=hfZ9ofl4DchEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErjs8rdrFrdn4tMFHhd9FqjaFrTkE</a>

---- Lines extensions.BlIngZajG5kBKHCr removed from prefs.js ----

user_pref("extensions.BlIngZajG5kBKHCr.epoch", "1423141187&quot;

user_pref("extensions.BlIngZajG5kBKHCr.url", "<a href="http://jpiservice.info/sync2/?q=hfZ9oeDMhchEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErTa9rdU9rTw8tMFHhd9FqjaG" target="_blank">http://jpiservice.info/sync2/?q=hfZ9oeDMhchEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErTa9rdU9rTw8tMFHhd9FqjaG</a>

---- Lines extensions.MEVJzxOTD50CZSWt removed from prefs.js ----

user_pref("extensions.MEVJzxOTD50CZSWt.epoch", "1423454833&quot;

user_pref("extensions.MEVJzxOTD50CZSWt.url", "<a href="http://techwebbjobnew.info/sync2/?q=hfZ9oehUBeCHtNbPhd9GrjwFtMqLDe49CNU0nVsMCMlNhd9FqjaGrdYErTsErTkMBzqU" target="_blank">http://techwebbjobnew.info/sync2/?q=hfZ9oehUBeCHtNbPhd9GrjwFtMqLDe49CNU0nVsMCMlNhd9FqjaGrdYErTsErTkMBzqU</a>

---- Lines extensions.MiDffSt4BooRjhsp removed from prefs.js ----

user_pref("extensions.MiDffSt4BooRjhsp.epoch", "1421722021&quot;

user_pref("extensions.MiDffSt4BooRjhsp.url", "<a href="http://solutionget.info/sync2/?q=hfZ9oflKAfqZBylHrGhEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErjw5rjU8qHw7tMF" target="_blank">http://solutionget.info/sync2/?q=hfZ9oflKAfqZBylHrGhEAen0rTwFrihTB6lKDzt4oktitNtVh7n0rjkErjw5rjU8qHw7tMF</a>

---- Lines extensions.cyX9VHLgikfMVw5B removed from prefs.js ----

user_pref("extensions.cyX9VHLgikfMVw5B.epoch", "1422316079&quot;

---- FireFox user.js and prefs.js backups ----



user_20131209_2116_.backup

prefs_022015_2158_.backup



==== Batch Command(s) Run By Tool======================





==== Deleting Files \ Folders ======================



C:\Users\ADM\AppData\Local\Aplicativo Credicard deleted

C:\Users\ADM\AppData\Roaming\appdataFr3.bin deleted

C:\Users\ADM\AppData\Roaming\ProductData deleted

C:\PROGRA~2\ProductData deleted

C:\Users\ADM\AppData\LocalLow\ADSRemoval deleted



==== Files Recently Created / Modified ======================



====== C:\Windows ====

====== C:\Users\ADM\AppData\Local\Temp ====

2015-02-12 14:23:44   E0DC8C6BBC787B972A9A468648DBFD85   1008128   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\libiconv2.dll

2015-02-12 14:23:44   D202BAA425176287017FFE1FB5D1B77C   103424   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\libintl3.dll

2015-02-12 14:23:44   57CAC848FA14AE38F14F9441F8933282   140288   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\pcre3.dll

2015-02-12 14:23:44   547C43567AB8C08EB30F6C6BACB479A3   79360   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\regex2.dll

====== Java Cache =====

====== C:\Windows\system32 =====

2015-02-11 18:28:31   4FD3763F3917201856B0CBCE310003EA   4300800   ----a-w-   C:\Windows\System32\jscript9.dll

2015-02-11 18:28:31   01BD2653F2185218837CF4A175617F8A   620032   ----a-w-   C:\Windows\System32\jscript9diag.dll

2015-02-10 22:45:51   15E13FB1C22A47A128965287194D1906   2380288   ----a-w-   C:\Windows\System32\win32k.sys

2015-02-10 22:45:48   F2A743912D404A8866362836CFE7A648   686080   ----a-w-   C:\Windows\System32\adtschema.dll

2015-02-10 22:45:48   F29BC66CE4A5507A49FB20744A056E61   22016   ----a-w-   C:\Windows\System32\secur32.dll

2015-02-10 22:45:48   CEFE50761B7681715C66AE3488363985   100352   ----a-w-   C:\Windows\System32\sspicli.dll

2015-02-10 22:45:48   BF08DE8E4FA1F143D41B3241F7FCE5F6   22528   ----a-w-   C:\Windows\System32\lsass.exe

2015-02-10 22:45:48   ACF312F6CCFC9249F739BF439DD4B80C   15872   ----a-w-   C:\Windows\System32\sspisrv.dll

2015-02-10 22:45:48   4E6934926B4C923CC0FF61C6D77814EF   50176   ----a-w-   C:\Windows\System32\auditpol.exe

2015-02-10 22:45:48   4775E1A0E15BF148098C35A19135F881   1061376   ----a-w-   C:\Windows\System32\lsasrv.dll

2015-02-10 22:45:48   43791D2F736C4E9BE9FE0B33A1E92A5D   60416   ----a-w-   C:\Windows\System32\msobjs.dll

2015-02-10 22:45:47   36F152AE2F64B12771A44EA77124332B   146432   ----a-w-   C:\Windows\System32\msaudite.dll

2015-02-10 22:44:41   6D227897A458DA8A9518DACDC88F1947   3917760   ----a-w-   C:\Windows\System32\ntoskrnl.exe

2015-02-10 22:44:41   62C93E47A424A8EC79F3CF1719A2DCC6   3972544   ----a-w-   C:\Windows\System32\ntkrnlpa.exe

2015-02-10 22:43:55   A208DAC2932649CFF82A6A684D8BB1F6   571904   ----a-w-   C:\Windows\System32\oleaut32.dll

2015-02-10 22:43:51   B63A6FF4339C9B701A93D3973C7FB6D2   550912   ----a-w-   C:\Windows\System32\kerberos.dll

2015-02-10 22:43:51   7C893DBA0A58855A99DA68B751FD223B   248832   ----a-w-   C:\Windows\System32\schannel.dll

2015-02-10 22:43:50   F3F6BE20A03215209B61CA85B4A83E1F   65536   ----a-w-   C:\Windows\System32\TSpkg.dll

2015-02-10 22:43:50   C256EFD3655EC782F8094E96094E8F9E   17408   ----a-w-   C:\Windows\System32\credssp.dll

2015-02-10 22:43:50   A12D64A94EC57079C2D96A741CB4FF53   172032   ----a-w-   C:\Windows\System32\wdigest.dll

2015-02-10 22:43:50   7D94A9161E8432B8521E60E064B1D737   259584   ----a-w-   C:\Windows\System32\msv1_0.dll

2015-02-10 22:43:50   3BB446DE24501FEA5FDB9A9DB23A22AE   221184   ----a-w-   C:\Windows\System32\ncrypt.dll

2015-02-10 22:43:35   94B1F7CE1AAA5542923E0AD63C4D0050   60416   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll

2015-02-10 22:43:34   B0F7BD3492C2D60A70F15AEADCE1E2A6   47616   ----a-w-   C:\Windows\System32\ieetwproxystub.dll

2015-02-10 22:43:34   71189E2787179666BDCD1374AE92BF62   102912   ----a-w-   C:\Windows\System32\ieetwcollector.exe

2015-02-10 22:43:33   E1A4D24281526DDFEA418F729CDA9DC6   30720   ----a-w-   C:\Windows\System32\iernonce.dll

2015-02-10 22:43:33   C4F2424A0671907FD3AC44EBE43C3C66   667648   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe

2015-02-10 22:43:33   73AFBF165241EB4502CD15107AA12CBA   684544   ----a-w-   C:\Windows\System32\ie4uinit.exe

2015-02-10 22:43:32   8E8137569741D3693F88DDF94CC38C20   1307136   ----a-w-   C:\Windows\System32\urlmon.dll

2015-02-10 22:43:32   74EA6C792F57E453261DA210C1BCEB53   342712   ----a-w-   C:\Windows\System32\iedkcs32.dll

2015-02-10 22:43:32   55A84600EAAF8F1D3F0E6206E2EF6D48   47104   ----a-w-   C:\Windows\System32\jsproxy.dll

2015-02-10 22:43:32   28B2D3CB1B4306D476200D80AF7D87AD   115712   ----a-w-   C:\Windows\System32\ieUnatt.exe

2015-02-10 22:43:31   FD6AF61AF029B9BC2CF4EFF57CDD5821   710144   ----a-w-   C:\Windows\System32\ieapfltr.dll

2015-02-10 22:43:31   EF05E63ACC834470A07A2E73D519B5FA   418304   ----a-w-   C:\Windows\System32\dxtmsft.dll

2015-02-10 22:43:31   8FBC9680719ACDA9351B67D906C682F4   688640   ----a-w-   C:\Windows\System32\msfeeds.dll

2015-02-10 22:43:30   47B26D89EF9973E2DD586D0C827F61A9   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb

2015-02-10 22:43:29   AD3F5926EC2C1F21FB45D1CDED6E2A47   2052608   ----a-w-   C:\Windows\System32\inetcpl.cpl

2015-02-10 22:43:29   6F10743069DFFC56DEE079204960844E   168960   ----a-w-   C:\Windows\System32\msrating.dll

2015-02-10 22:43:28   F285D499EC42969D963CA49EADA63218   1888256   ----a-w-   C:\Windows\System32\wininet.dll

2015-02-10 22:43:28   5FB7E9786F70F4072663746072C9E6CE   62464   ----a-w-   C:\Windows\System32\iesetup.dll

2015-02-10 22:43:28   44791AA90DF93DD79E63ED3A38657964   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll

2015-02-10 22:43:27   6FA05244FD2E40A3DC08337146B3C425   285696   ----a-w-   C:\Windows\System32\dxtrans.dll

2015-02-10 22:43:25   994E7459260D315573DD72783D1B78A7   478208   ----a-w-   C:\Windows\System32\ieui.dll

2015-02-10 22:43:24   78A1A938D51D4F83A772123B93EE1612   12829184   ----a-w-   C:\Windows\System32\ieframe.dll

2015-02-10 22:43:22   D87759889FE7BCAE4461439139E62BAA   76288   ----a-w-   C:\Windows\System32\mshtmled.dll

2015-02-10 22:43:21   180168942E4A133C55E7BBF17DA3C142   1155072   ----a-w-   C:\Windows\System32\mshtmlmedia.dll

2015-02-10 22:43:20   3B9EF1B8E154D202D32A7765E2F33554   64000   ----a-w-   C:\Windows\System32\MshtmlDac.dll

2015-02-10 22:43:19   9A91F9B5035F54C2D0BA92CF9B16EE34   2277888   ----a-w-   C:\Windows\System32\iertutil.dll

2015-02-10 22:43:18   61C74D794C14E9FC94D93F5F0F72A3F9   19740160   ----a-w-   C:\Windows\System32\mshtml.dll

2015-02-10 22:43:17   9DEE691C8FDBC2DE6957F1AE873C78FC   503296   ----a-w-   C:\Windows\System32\vbscript.dll

2015-02-10 22:39:29   E365C7B3EBB96451D3C9DF6B6B6900C2   179200   ----a-w-   C:\Windows\System32\wintrust.dll

2015-02-10 22:39:29   623E143F2DF17C0106A9988F5D7DC878   143872   ----a-w-   C:\Windows\System32\cryptsvc.dll

2015-02-10 22:39:29   0C96A745A76C7DD75C5503E86D968E49   1174528   ----a-w-   C:\Windows\System32\crypt32.dll

2015-02-10 22:39:10   B3BC38B886CA53C92D52EF724A9F0D45   308224   ----a-w-   C:\Windows\System32\scesrv.dll

2015-02-10 22:39:07   793F6658ED65839FDB2957A4884CB63C   1230336   ----a-w-   C:\Windows\System32\WindowsCodecs.dll

====== C:\Windows\system32\drivers =====

2015-02-12 22:29:12   4DBBAECB855EC9CB3A5D960B96686C33   48736   ----a-w-   C:\Windows\System32\drivers\PSKMAD.sys

2015-02-10 22:45:48   F516F1167EFBBC5ABC90687C94497869   369968   ----a-w-   C:\Windows\System32\drivers\cng.sys

2015-02-10 22:45:48   EF88BAC2B489D9C46F4E41ACF0219CD0   67520   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys

2015-02-10 22:45:48   49D70660EE8266988C1F99A0297A1430   136640   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys

2015-01-26 00:22:00   03F899F521D2AAED1C55008F734DF252   116224   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys

====== C:\Windows\Tasks ======

2015-01-26 00:31:44   07E2DC8C3BE4392761A0F37910899FA1   3840   ----a-w-   C:\Windows\system32\Tasks\Adobe Flash Player Updater

2015-01-26 00:03:21   0539C7A7DA6FB4486D3B66312D70E456   2838   ----a-w-   C:\Windows\system32\Tasks\ASC8_SkipUac_ADM

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-02-08 02:31:12   --------   d-----w-   C:\Program Files\ezAutoCorrect for GMail

2015-02-05 02:16:03   79   ----a-w-   C:\Program Files\prefs.js

2015-02-04 10:01:29   --------   d-----w-   C:\Program Files\TransferBigFilescom Gmail Extension

2015-02-01 03:52:20   --------   d-----w-   C:\Program Files\Tumblr Collage

2015-01-27 04:13:43   --------   d-----w-   C:\Program Files\Common Files\Skype

2015-01-27 04:13:42   --------   d-----r-   C:\Program Files\Skype

2015-01-25 22:10:40   --------   d-----w-   C:\Program Files\OverTask

2015-01-25 17:48:58   --------   d-----w-   C:\Program Files\Common Files\Java

2015-01-19 21:29:43   --------   d-----w-   C:\Program Files\Counter-Strike 1.6

2015-01-18 19:58:50   --------   d-----w-   C:\Program Files\Clear Cache

======= C: =====

====== C:\Users\ADM\AppData\Roaming ======

2015-01-27 04:13:58   --------   d-----w-   C:\Users\ADM\AppData\Local\Skype

2015-01-27 04:13:56   --------   d-----w-   C:\Users\ADM\AppData\Roaming\Skype

2015-01-19 21:32:10   --------   d-----w-   C:\Users\ADM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

====== C:\Users\ADM ======

2015-02-12 09:21:41   --------   d-----r-   C:\Users\ADM\Favorites

2015-02-04 19:02:50   79F9311AC6A5009FEF1A5756A0A529D3   381799   ----a-w-   C:\Users\TODOSO~1\AdPunisher\AdPunisher.exe

2015-02-04 19:02:50   --------   d-----w-   C:\Users\TODOSO~1\AdPunisher

2015-02-04 19:02:50   --------   d-----w-   C:\ProgramData\AdPunisher

2015-01-27 04:13:45   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-01-27 04:13:36   --------   d-----w-   C:\Users\TODOSO~1\Skype

2015-01-27 04:13:36   --------   d-----w-   C:\ProgramData\Skype

2015-01-19 21:31:16   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6



====== C: exe-files ==

2015-02-12 14:34:13   8F077F1BC046A1182467135A2BE123F8   544   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$I7UH1GL.exe

2015-02-12 14:34:12   CC6B3109C71A94DCF31E0DD6DB225B31   544   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$IS243D1.exe

2015-02-12 13:49:38   AF6E966D1F38287EF4D33B246CCC3A33   1388274   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$R7UH1GL.exe

2015-02-12 12:40:37   B5998562E394D9DB672D012D4E670790   2112512   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$RS243D1.exe

2015-02-12 04:01:52   54F3121E7A84E4DE6460D60A8BA62901   544   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$INRWJ8W.exe

2015-02-12 03:42:05   ACF6321F5AD3A022DFC0C2CECA40E6E3   1125376   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$RNRWJ8W.exe

2015-02-10 22:45:48   BF08DE8E4FA1F143D41B3241F7FCE5F6   22528   ----a-w-   C:\Windows\System32\lsass.exe

2015-02-10 22:45:48   4E6934926B4C923CC0FF61C6D77814EF   50176   ----a-w-   C:\Windows\System32\auditpol.exe

2015-02-10 22:44:41   6D227897A458DA8A9518DACDC88F1947   3917760   ----a-w-   C:\Windows\System32\ntoskrnl.exe

2015-02-10 22:44:41   62C93E47A424A8EC79F3CF1719A2DCC6   3972544   ----a-w-   C:\Windows\System32\ntkrnlpa.exe

2015-02-10 22:43:34   71189E2787179666BDCD1374AE92BF62   102912   ----a-w-   C:\Windows\System32\ieetwcollector.exe

2015-02-10 22:43:33   C4F2424A0671907FD3AC44EBE43C3C66   667648   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe

2015-02-10 22:43:33   73AFBF165241EB4502CD15107AA12CBA   684544   ----a-w-   C:\Windows\System32\ie4uinit.exe

2015-02-10 22:43:32   D674809F9EC7D6A409F553C0DF91E825   221184   ----a-w-   C:\Program Files\Internet Explorer\ielowutil.exe

2015-02-10 22:43:32   28B2D3CB1B4306D476200D80AF7D87AD   115712   ----a-w-   C:\Windows\System32\ieUnatt.exe

2015-02-10 22:43:29   8111C559DAD3A40200AE916874E7E62A   468992   ----a-w-   C:\Program Files\Internet Explorer\ieinstal.exe

2015-02-10 22:43:28   363BC25BACB34E9D40441968B1B3D5BE   815288   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe

2015-02-06 03:32:29   79F9311AC6A5009FEF1A5756A0A529D3   381799   ----a-w-   C:\$Recycle.Bin\S-1-5-21-154245746-4024786111-2166681138-1000\$R649MEA\Supreme AdBlocker.exe

=== C: other files ==

2015-02-12 22:29:12   4DBBAECB855EC9CB3A5D960B96686C33   48736   ----a-w-   C:\Windows\System32\drivers\PSKMAD.sys

2015-02-12 14:23:44   F56A319979F631C141F5FF02DF87FDB1   43563   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\prelim.bat

2015-02-12 14:23:44   E49F9C309DC32E854A081507B89EBE39   11201   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\runvalues.bat

2015-02-12 14:23:44   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\TDL4.bat

2015-02-12 14:23:44   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\medfos.bat

2015-02-12 14:23:44   AA0C656F898523BEDF2DA6923197BB80   1264   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\surfvox.bat

2015-02-12 14:23:44   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\searchlnk.bat

2015-02-12 14:23:44   8BA81DD47CF392BEBEE506E3789F9FBA   14924   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\get.bat

2015-02-12 14:23:44   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\firefox.bat

2015-02-12 14:23:44   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\ev_clear.bat

2015-02-12 14:23:44   56CE326F6AAE3CF1709D332C04E8F9F1   191237   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\misc.bat

2015-02-12 14:23:44   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\ask.bat

2015-02-12 14:23:44   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\iexplore.bat

2015-02-12 14:23:44   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\delfolders.bat

2015-02-12 14:23:44   080CFDE64F31E7B50EECF4552033E84D   9937   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\mws.bat

2015-02-12 14:23:44   048407135C9B1FB6A355E256BD96160D   14192   ----a-w-   C:\Users\ADM\AppData\Local\Temp\jrt\chrome.bat

2015-02-10 22:45:51   15E13FB1C22A47A128965287194D1906   2380288   ----a-w-   C:\Windows\System32\win32k.sys

2015-02-10 22:45:48   F516F1167EFBBC5ABC90687C94497869   369968   ----a-w-   C:\Windows\System32\drivers\cng.sys

2015-02-10 22:45:48   EF88BAC2B489D9C46F4E41ACF0219CD0   67520   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys

2015-02-10 22:45:48   49D70660EE8266988C1F99A0297A1430   136640   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys



==== Startup Registry Enabled ======================



[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"



[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"



[HKEY_USERS\S-1-5-21-154245746-4024786111-2166681138-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

"Advanced SystemCare 8"="C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"



[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"



[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"AMD AVT"="Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

"PSUAMain"="C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray"

"mylbx"="C:\Program Files\My Lockbox\mylbx.exe /a"



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"

"Advanced SystemCare 8"="C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"



==== Task Scheduler Jobs ======================



C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 09:41]

C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [11/11/2014 13:21]



==== Other Scheduled Tasks ======================



"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\ASC8_SkipUac_ADM" ["C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac]

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\system32\tasks\JetCleanLoginCheckUpdate" [C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]



==== Firefox Start and Search pages ======================



ProfilePath: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default

user_pref("browser.startup.homepage", "<a href="'http://www.terra.com.br'" target="_blank">www.terra.com.br</a>&quot;



==== Firefox Extensions ======================



ProfilePath: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default

- Undetermined - {b9615918-d3de-44a4-ab65-76df7ea1f1c1}

- Undetermined - [EMAIL]translator@zoli.bod[/EMAIL]

- Undetermined - [EMAIL]iobitascsurfingprotection@iobit.com[/EMAIL]

- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\[EMAIL]iobitascsurfingprotection@iobit.com[/EMAIL]

- DolarHoje - %ProfilePath%\extensions\[EMAIL]jid0-7gwDdlcXMu0AyBsMQvCuZ1XMDbE@jetpack.xpi[/EMAIL]

- Google Translator for Firefox - %ProfilePath%\extensions\[EMAIL]translator@zoli.bod.xpi[/EMAIL]

- ProfilePassword-Firefox - %ProfilePath%\extensions\{b9615918-d3de-44a4-ab65-76df7ea1f1c1}.xpi



AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi



==== Firefox Plugins ======================



Profilepath: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default

C62322C77D1AAB77B1CF1130FCC3673A   - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll -   Shockwave Flash

225D76851EFC6144B4BAD941B3E8989D   - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll -   Java(TM) Platform SE 8 U31

B66B4D28D7D0C6322FF235C782CD6B76   - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll -   Java Deployment Toolkit 8.0.310.13

AD76B0F3348914E133455E52743C839D   - C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll -   Shockwave for Director / Shockwave for Director

0806948270D853B709CCBBF38AF167E4   - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -   Adobe Acrobat

9DF0C4F0CEF60158614EDD1B3AB441EE   - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat

D2377C9458EFEB094E38B8C874AA214C   - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll -   Google Update





==== Chromium Look ======================



Google Chrome Version: 39.0.2171.99 (Possible outdated, latest Stable version: 40.0.2214.111)



HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]



Google Drive - ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia



==== Chromium Fix ======================



C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_br.ask.com_0.localstorage deleted successfully

C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_br.ask.com_0.localstorage-journal deleted successfully



==== Set IE to Default ======================



Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"



New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"



==== All HKCU SearchScopes ======================



HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"



==== Deleting Registry Keys ======================



HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully



==== Empty IE Cache ======================



C:\Users\ADM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\ADM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully



==== Empty FireFox Cache ======================



C:\Users\ADM\AppData\Local\Mozilla\Firefox\Profiles\19aegtrn.default\cache2 emptied successfully



==== Empty Chrome Cache ======================



C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully



==== Empty All Flash Cache ======================



Flash Cache Emptied Successfully



==== Empty All Java Cache ======================



Java Cache cleared successfully



==== C:\zoek_backup content ======================



C:\zoek_backup (files=93 folders=7 80891519 bytes)



==== Empty Temp Folders ======================



C:\Users\ADM\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot



==== After Reboot ======================



==== Empty Temp Folders ======================



C:\Windows\Temp successfully emptied

C:\Users\ADM\AppData\Local\Temp successfully emptied



==== Empty Recycle Bin ======================



C:\$RECYCLE.BIN successfully emptied



==== Deleting Files / Folders ======================



"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted



==== EOF on 12/02/2015 at 22:22:31,75 ======================
Placa Mãe: TCN G41 - 775 - DDR3
Processador: Intel Core 2 Duo E4600

bom_trabalho.gif
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#6 Por caedurodrigu...
13/02/2015 - 00:42
Boa noite Carcacinha,

  • Baixe: <ZHPDiag ><5fae498c5cd6c951142509fbc9efda13> ( ...Nicolas Coolman)
  • Salve-o no Disco local (C ou D).
  • Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.

    e0baac1fc96e2b6998362b4e757228c9
  • Execute o ícone do pergaminho!

    74bd92827a56ccef3293e039379d6b90
  • Clique na opção "COMPLETA" e aguarde a conclusão.
  • Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
  • Obs: O relatório por ser extenso deve ser postado em um desses sites:
  • Acesse: <b7cb62cfb007715d3990c0ffc7a9f4ee>
  • Ou acesse:<317c011bca045ff7fc0b26f3766d4d22>
  • Ou anexe-o ao fórum.


Um grande abraço. bom_trabalho.gif
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#8 Por caedurodrigu...
13/02/2015 - 01:49
Está muito tarde Carcacinha, amanhã eu retorno com o script de remoção. Um grande abraço.

Bom dia Carcacinha,


  • Execute este script na ferramenta ZHPFix.
  • Copie estas informações que estão em vermelho para o Bloco de notas.
  • Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  • À seguir, minimize o Bloco de notas.

Script ZHPFix
SysRestore
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.AutoKMS
[HKLM\Software\ced2da43-4668-0661-09b2-d62fb5ba45d0] =>PUP.CrossRider
O43 - CFD: 07/11/2014 - 20:11:13 - [] ----D C:\Users\ADM\AppData\Local\Apps
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
[HKLM\Software\ced2da43-4668-0661-09b2-d62fb5ba45d0] =>PUP.CrossRider^
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
ShortcutFix


Abra a ferramenta ZHPFix. <d2512a7bebda302928ef9e5bd9206047>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!


Um grande abraço. bom_trabalho.gif

bda2ffa2e92f7f2a44c02bfd0ae2986b
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
Carcacinha
Carcacinha Membro Senior Registrado
258 Mensagens 10 Curtidas
#9 Por Carcacinha
13/02/2015 - 11:33
Bom Dia caedurodrigues !

segue relatorio ZHPFix, abraços !

Rapport de ZHPFix 2015.1.15.1 par Nicolas Coolman, Update du 15/01/2015
Fichier d'export Registre :
Run by ADM at 13/02/2015 10:29:30
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\ced2da43-4668-0661-09b2-d62fb5ba45d0

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : TCP Query User{4EBB041C-2902-4204-8C44-D0874F3A4056}C:\users\public\documents\documents\matheus\counter-strike 1.6\hl.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{89735359-D765-4BB2-A6DB-8256A2310F21}C:\users\public\documents\documents\matheus\counter-strike 1.6\hl.exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (7)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\autokms.job
ELIMINÉ Temporários windows (9) (27.179 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
4 : Valores do Registo
3 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 27s

========== Caminho do ficheiro do relatório ==========
C:\Users\ADM\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/02/2015 10:29:35 [1487]
Placa Mãe: TCN G41 - 775 - DDR3
Processador: Intel Core 2 Duo E4600

bom_trabalho.gif
Carcacinha
Carcacinha Membro Senior Registrado
258 Mensagens 10 Curtidas
#11 Por Carcacinha
13/02/2015 - 13:34
Segue os relatorios !

- FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2015
Ran by ADM (administrator) on PC on 13-02-2015 12:29:16
Running from C:\Users\Public\Documents\Documents\Desktop
Loaded Profiles: ADM (Available profiles: ADM)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2303752 2014-10-08] (FSPro Labs)
HKU\S-1-5-21-154245746-4024786111-2166681138-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-154245746-4024786111-2166681138-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2426144 2014-11-25] (IObit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-154245746-4024786111-2166681138-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-154245746-4024786111-2166681138-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default
FF Homepage: www.terra.com.br
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default\Extensions\[email]iobitascsurfingprotection@iobit.com[/email] [2014-11-28]
FF Extension: DolarHoje - C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default\Extensions\[email]jid0-7gwDdlcXMu0AyBsMQvCuZ1XMDbE@jetpack.xpi[/email] [2014-12-12]
FF Extension: Google Translator for Firefox - C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default\Extensions\[email]translator@zoli.bod.xpi[/email] [2014-11-14]
FF Extension: ProfilePassword-Firefox - C:\Users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\19aegtrn.default\Extensions\{b9615918-d3de-44a4-ab65-76df7ea1f1c1}.xpi [2014-11-13]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googlestick_out_tongue.pngageClassification}{google:searchVersion}{google:sessionToken}{googlestick_out_tongue.pngrefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-07]
CHR Extension: (YouTube) - C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-07]
CHR Extension: (Pesquisa do Google) - C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07]
CHR Extension: (Gmail) - C:\Users\ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-26] (IObit)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [51760 2011-06-03] (FSPro Labs)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 05:55 - 2015-02-13 08:47 - 00000020 _____ () C:\Users\ADM\AppData\Roaming\appdataFr3.bin
2015-02-13 05:48 - 2014-03-25 10:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-13 00:18 - 2015-02-13 00:18 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-02-13 00:15 - 2015-02-13 10:29 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\ZHP
2015-02-13 00:15 - 2015-02-13 00:18 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-02-13 00:14 - 2015-02-13 00:14 - 06874603 _____ (Nicolas Coolman ) C:\ZHPDiag2.exe
2015-02-12 22:25 - 2015-02-13 11:31 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 22:25 - 2015-02-13 05:48 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 22:23 - 2015-02-12 22:23 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\ProductData
2015-02-12 22:06 - 2015-02-12 21:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-12 20:36 - 2015-02-12 22:22 - 00025167 _____ () C:\zoek-results.log
2015-02-12 20:33 - 2015-02-12 22:22 - 00000000 ____D () C:\zoek_backup
2015-02-12 11:07 - 2015-02-12 11:20 - 00000000 ____D () C:\AdwCleaner
2015-02-12 06:13 - 2015-02-13 05:47 - 00000392 _____ () C:\Windows\setupact.log
2015-02-12 06:13 - 2015-02-12 22:22 - 00001016 _____ () C:\Windows\PFRO.log
2015-02-12 06:13 - 2015-02-12 06:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-12 00:42 - 2015-02-13 12:29 - 00000000 ____D () C:\FRST
2015-02-11 15:28 - 2015-01-23 00:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 15:28 - 2015-01-23 00:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-10 19:45 - 2015-01-15 04:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:45 - 2015-01-15 04:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 19:45 - 2015-01-15 04:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 19:45 - 2015-01-15 04:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 19:45 - 2015-01-15 04:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 19:45 - 2015-01-15 04:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 19:45 - 2015-01-15 04:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 19:45 - 2015-01-15 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 19:45 - 2015-01-15 04:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 19:45 - 2015-01-15 04:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 19:45 - 2015-01-15 04:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 19:45 - 2015-01-15 01:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 19:45 - 2015-01-08 22:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 19:44 - 2015-01-14 02:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-10 19:44 - 2015-01-14 02:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:43 - 2015-01-14 02:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:43 - 2015-01-11 23:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:43 - 2015-01-11 23:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 19:43 - 2015-01-11 23:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 19:43 - 2015-01-11 23:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:43 - 2015-01-11 23:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 19:43 - 2015-01-11 23:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 19:43 - 2015-01-11 23:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:43 - 2015-01-11 23:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:43 - 2015-01-11 23:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 19:43 - 2015-01-11 22:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 19:43 - 2015-01-11 22:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 19:43 - 2015-01-11 22:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 19:43 - 2015-01-11 22:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 19:43 - 2015-01-11 22:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:43 - 2015-01-11 22:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:43 - 2015-01-11 22:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:43 - 2015-01-11 22:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 19:43 - 2015-01-11 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:43 - 2015-01-11 22:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 19:43 - 2015-01-11 22:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:43 - 2015-01-11 22:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:43 - 2015-01-11 22:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:43 - 2015-01-11 22:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 19:43 - 2015-01-11 22:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:43 - 2015-01-11 22:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:43 - 2015-01-11 21:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:43 - 2015-01-11 21:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 19:43 - 2015-01-10 03:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 19:43 - 2014-11-26 00:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:39 - 2015-01-12 23:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:39 - 2014-12-12 02:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 19:39 - 2014-12-07 23:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:39 - 2014-07-06 22:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 19:39 - 2014-07-06 22:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-07 23:31 - 2015-02-07 23:32 - 00000000 ____D () C:\Program Files\ezAutoCorrect for GMail
2015-02-04 23:16 - 2015-02-04 23:16 - 00000079 _____ () C:\Program Files\prefs.js
2015-02-04 16:02 - 2015-02-04 16:02 - 00000000 ____D () C:\Users\Todos os Usuários\AdPunisher
2015-02-04 16:02 - 2015-02-04 16:02 - 00000000 ____D () C:\ProgramData\AdPunisher
2015-02-04 07:01 - 2015-02-04 07:01 - 00000000 ____D () C:\Program Files\TransferBigFilescom Gmail Extension
2015-02-01 00:52 - 2015-02-01 00:52 - 00000000 ____D () C:\Program Files\Tumblr Collage
2015-01-27 01:13 - 2015-01-27 01:18 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\Skype
2015-01-27 01:13 - 2015-01-27 01:15 - 00000000 ___RD () C:\Program Files\Skype
2015-01-27 01:13 - 2015-01-27 01:13 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2015-01-27 01:13 - 2015-01-27 01:13 - 00000000 ____D () C:\Users\ADM\AppData\Local\Skype
2015-01-27 01:13 - 2015-01-27 01:13 - 00000000 ____D () C:\ProgramData\Skype
2015-01-27 01:13 - 2015-01-27 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-27 01:13 - 2015-01-27 01:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-26 14:33 - 2015-02-04 23:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 10:15 - 2007-05-27 12:36 - 00000000 ____D () C:\cs_rio_-_1.6
2015-01-25 21:22 - 2015-01-25 21:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 21:22 - 2015-01-25 21:22 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 21:21 - 2015-01-25 21:21 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 21:21 - 2015-01-25 21:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-25 21:05 - 2015-02-13 12:17 - 01741862 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 19:10 - 2015-01-25 19:10 - 00000000 ____D () C:\Program Files\OverTask
2015-01-25 14:48 - 2015-01-25 14:48 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-19 18:32 - 2015-01-19 18:32 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-19 18:31 - 2015-01-19 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2015-01-19 18:29 - 2015-01-19 18:31 - 00000000 ____D () C:\Program Files\Counter-Strike 1.6
2015-01-18 16:58 - 2015-01-19 11:30 - 00000000 ____D () C:\Program Files\Clear Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 12:17 - 2014-11-11 13:00 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 07:52 - 2009-07-14 01:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 07:52 - 2009-07-14 01:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 05:47 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 22:33 - 2014-11-07 20:14 - 00002134 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 08:54 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 06:21 - 2014-11-07 19:13 - 00000000 ____D () C:\Users\ADM
2015-02-11 18:46 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-11 01:42 - 2009-07-14 01:33 - 00374912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 01:40 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-02-11 01:24 - 2014-11-11 11:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:20 - 2014-11-11 11:08 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 09:41 - 2014-11-11 13:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 09:41 - 2014-11-11 13:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 20:13 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-03 20:12 - 2014-11-28 23:49 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\IObit
2015-02-03 20:12 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\registration
2015-02-03 20:12 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-31 18:15 - 2014-11-11 13:12 - 00000000 ____D () C:\Users\ADM\AppData\Local\Microsoft Help
2015-01-27 00:54 - 2009-07-14 01:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-26 20:43 - 2014-11-11 13:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 21:53 - 2014-11-28 23:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:29 - 2014-11-11 12:59 - 00000000 ____D () C:\Users\ADM\AppData\Local\Adobe
2015-01-25 21:05 - 2014-12-20 21:13 - 42565632 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-01-25 21:05 - 2014-12-20 21:13 - 00274432 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-01-25 21:05 - 2014-12-20 21:13 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2015-01-25 21:05 - 2014-12-20 21:13 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-01-25 16:10 - 2014-11-11 12:58 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2015-01-25 16:10 - 2014-11-11 12:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 14:49 - 2014-11-11 12:58 - 00000000 ____D () C:\Program Files\Java
2015-01-25 14:48 - 2014-11-11 12:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-25 06:53 - 2011-04-12 01:47 - 01275626 _____ () C:\Windows\system32\prfh0416.dat
2015-01-25 06:53 - 2011-04-12 01:47 - 00691546 _____ () C:\Windows\system32\prfc0416.dat
2015-01-25 06:53 - 2010-11-20 18:01 - 00006210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 18:32 - 2014-11-07 19:13 - 00000000 ____D () C:\Users\ADM\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-02-04 23:16 - 2015-02-04 23:16 - 0000079 _____ () C:\Program Files\prefs.js
2015-02-13 05:55 - 2015-02-13 08:47 - 0000020 _____ () C:\Users\ADM\AppData\Roaming\appdataFr3.bin
2014-11-07 20:28 - 2014-11-07 20:30 - 0000353 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 11:23

==================== End Of Log ============================

- Addition


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2015
Ran by ADM at 2015-02-13 12:29:52
Running from C:\Users\Public\Documents\Documents\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
AMD Catalyst Install Manager (HKLM\...\{1F897E00-83A6-4133-54E1-58F8D35E61C2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Aplicativo Credicard (HKLM\...\{245BB5B9-6211-4CFA-9B20-995025D2CFC5}) (Version: 1.1.36 - Credicard)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version: - )
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JetClean (HKLM\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Megacubo 10 (HKLM\...\Megacubo_is1) (Version: 10.9.9 - www.megacubo.net)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 35.0.1 (x86 pt-BR)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
My Lockbox 3.5 (HKLM\...\My Lockbox_is1) (Version: 3.5 - )
Nero 7 Essentials (HKLM\...\{F87DA817-8D53-42CC-AA45-93A100341046}) (Version: 7.02.3907 - Nero AG)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
ZHPDiag 2015 (HKLM\...\ZHPDiag_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

03-02-2015 20:07:43 Windows Update
03-02-2015 20:08:10 Operação de restauração
04-02-2015 06:10:53 Windows Update
10-02-2015 19:35:52 Windows Update
10-02-2015 20:32:14 Revo Uninstaller's restore point - ManticoreTribble
10-02-2015 20:33:39 Revo Uninstaller's restore point - Supreme AdBlocker
11-02-2015 01:17:23 Windows Update
12-02-2015 01:06:33 Windows Update
12-02-2015 20:36:13 zoek.exe restore point
12-02-2015 21:45:06 zoek.exe restore point
13-02-2015 10:29:15 ZHPFix Restore System Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2009-06-10 18:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01E102A5-7D21-44DB-9BE7-315A149FCD6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {08C81107-97BD-4D92-A739-988CC3355152} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8E517850-0C7C-4670-B5E9-DBA9A7F891C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {CD04A3DF-5118-48A8-85D2-B2850411E4F4} - \Uninstaller_SkipUac_ADM No Task File <==== ATTENTION
Task: {D0E37D4C-D88D-4585-9E10-E9811794DCA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {D20AFB2F-2152-41BB-9620-B59E5C27F95B} - \ASC8_PerformanceMonitor No Task File <==== ATTENTION
Task: {DDB9488F-C947-47FE-A8A7-F3B361491EE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E8F8DF2E-A35A-4553-BDFD-F2C8648E190F} - System32\Tasks\ASC8_SkipUac_ADM => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2014-11-26] (IObit)
Task: {F7AA2DE6-5667-45AC-8613-DCDE62470216} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-28 23:49 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2013-04-12 14:23 - 2013-04-12 14:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2014-11-28 23:49 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2014-12-12 19:25 - 2014-12-12 19:25 - 00050688 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2012-06-11 11:45 - 2012-06-11 11:45 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-154245746-4024786111-2166681138-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ADM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

ADM (S-1-5-21-154245746-4024786111-2166681138-1000 - Administrator - Enabled) => C:\Users\ADM
Administrador (S-1-5-21-154245746-4024786111-2166681138-500 - Administrator - Disabled)
Convidado (S-1-5-21-154245746-4024786111-2166681138-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-154245746-4024786111-2166681138-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teclado Padrão PS/2
Description: Teclado Padrão PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (teclados padrões)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 00:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: firefox.exe, versão: 35.0.1.5500, carimbo de hora: 0x54c1fdbc
Nome do módulo de falhas: mfreadwrite.dll, versão: 12.0.7601.17514, carimbo de hora: 0x4ce7b890
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0002d2a4
Identificação do processo com falha: 0x1598
Hora de início do aplicativo com falha: 0xfirefox.exe0
Caminho do aplicativo com falha: firefox.exe1
FCaminho do módulo de falhas: firefox.exe2
Identificação do Relatório: firefox.exe3

Error: (02/13/2015 00:24:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: firefox.exe, versão: 35.0.1.5500, carimbo de hora: 0x54c1fdbc
Nome do módulo de falhas: dbghelp.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x54c868cc
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5e47d2a4
Identificação do processo com falha: 0x470
Hora de início do aplicativo com falha: 0xfirefox.exe0
Caminho do aplicativo com falha: firefox.exe1
FCaminho do módulo de falhas: firefox.exe2
Identificação do Relatório: firefox.exe3

Error: (02/13/2015 11:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: firefox.exe, versão: 35.0.1.5500, carimbo de hora: 0x54c1fdbc
Nome do módulo de falhas: dbghelp.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x54c868cc
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5a4cd2a4
Identificação do processo com falha: 0xc40
Hora de início do aplicativo com falha: 0xfirefox.exe0
Caminho do aplicativo com falha: firefox.exe1
FCaminho do módulo de falhas: firefox.exe2
Identificação do Relatório: firefox.exe3

Error: (02/13/2015 10:29:11 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {150c43fd-90c0-4e20-b3a6-b51f4a13482e}

Error: (02/13/2015 10:28:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: firefox.exe, versão: 35.0.1.5500, carimbo de hora: 0x54c1fdbc
Nome do módulo de falhas: dbghelp.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x54c868cc
Código de exceção: 0xc0000005
Deslocamento com falha: 0x614cd2a4
Identificação do processo com falha: 0xdac
Hora de início do aplicativo com falha: 0xfirefox.exe0
Caminho do aplicativo com falha: firefox.exe1
FCaminho do módulo de falhas: firefox.exe2
Identificação do Relatório: firefox.exe3

Error: (02/13/2015 05:48:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 00:58:37 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente. O Windows fechou o programa Firefox por causa desse erro.

Programa: Firefox
Arquivo:

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: 00000000
Tipo de disco: 0

Error: (02/13/2015 00:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: firefox.exe, versão: 35.0.1.5500, carimbo de hora: 0x54c1fdbc
Nome do módulo de falhas: dwrite.dll, versão: 6.2.9200.16492, carimbo de hora: 0x50f31984
Código de exceção: 0xc000001d
Deslocamento com falha: 0x000bd2a4
Identificação do processo com falha: 0x318
Hora de início do aplicativo com falha: 0xfirefox.exe0
Caminho do aplicativo com falha: firefox.exe1
FCaminho do módulo de falhas: firefox.exe2
Identificação do Relatório: firefox.exe3

Error: (02/13/2015 00:15:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: firefox.exe, versão: 35.0.1.5500, carimbo de hora: 0x54c1fdbc
Nome do módulo de falhas: dbghelp.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x54c868cc
Código de exceção: 0xc0000005
Deslocamento com falha: 0x674ed2a4
Identificação do processo com falha: 0x1414
Hora de início do aplicativo com falha: 0xfirefox.exe0
Caminho do aplicativo com falha: firefox.exe1
FCaminho do módulo de falhas: firefox.exe2
Identificação do Relatório: firefox.exe3

Error: (02/12/2015 10:22:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/13/2015 05:48:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para FailureActions com o seguinte erro:
%%5

Error: (02/12/2015 10:22:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para FailureActions com o seguinte erro:
%%5

Error: (02/12/2015 09:58:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/12/2015 09:58:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.


Microsoft Office Sessions:
=========================
Error: (02/13/2015 00:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcmfreadwrite.dll12.0.7601.175144ce7b890c00000050002d2a4159801d047a126336a30C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\mfreadwrite.dllc1af23b8-b394-11e4-92c9-00248ccf2999

Error: (02/13/2015 00:24:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcdbghelp.dll_unloaded0.0.0.054c868ccc00000055e47d2a447001d047a03478bed1C:\Program Files\Mozilla Firefox\firefox.exedbghelp.dll64b3f9a4-b394-11e4-92c9-00248ccf2999

Error: (02/13/2015 11:05:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcdbghelp.dll_unloaded0.0.0.054c868ccc00000055a4cd2a4c4001d0479126057f98C:\Program Files\Mozilla Firefox\firefox.exedbghelp.dll5903c418-b389-11e4-92c9-00248ccf2999

Error: (02/13/2015 10:29:11 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {150c43fd-90c0-4e20-b3a6-b51f4a13482e}

Error: (02/13/2015 10:28:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcdbghelp.dll_unloaded0.0.0.054c868ccc0000005614cd2a4dac01d0478838cd130fC:\Program Files\Mozilla Firefox\firefox.exedbghelp.dll2312b902-b384-11e4-92c9-00248ccf2999

Error: (02/13/2015 05:48:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 00:58:37 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Firefox000000000

Error: (02/13/2015 00:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcdwrite.dll6.2.9200.1649250f31984c000001d000bd2a431801d0473c686fb06cC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\dwrite.dll95fcbc65-b334-11e4-b6d9-00248ccf2999

Error: (02/13/2015 00:15:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcdbghelp.dll_unloaded0.0.0.054c868ccc0000005674ed2a4141401d0472ba0b0c2a3C:\Program Files\Mozilla Firefox\firefox.exedbghelp.dll8e4dfef5-b32e-11e4-b6d9-00248ccf2999

Error: (02/12/2015 10:22:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 3583.18 MB
Available physical RAM: 2825.02 MB
Total Pagefile: 7164.65 MB
Available Pagefile: 5900.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.16 MB

==================== Drives ================================

Drive c: (SISTEMA) (Fixed) (Total:477.7 GB) (Free:421.06 GB) NTFS
Drive d: (MVIRTUAL) (Fixed) (Total:10.6 GB) (Free:10.51 GB) NTFS
Drive e: (BACKUP) (Fixed) (Total:443.21 GB) (Free:390.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1E331E33)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C383C383)
Partition 1: (Not Active) - (Size=477.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.8 GB) - (Type=OF Extended)

==================== End Of Log ============================
Placa Mãe: TCN G41 - 775 - DDR3
Processador: Intel Core 2 Duo E4600

bom_trabalho.gif
caedurodrigues
caedurodrigu... Tô em todas Registrado
710 Mensagens 257 Curtidas
#12 Por caedurodrigu...
13/02/2015 - 19:41
Boa Carcacinha, você está utilizando uma versão de desenvolvimento do Google Chrome, desinstale e baixe a versão estável.

veja.png CHR dev: Chrome dev build detected! <======= ATTENTION<<

  • Copie estas informações que estão em vermelho,para o Bloco de Notas.
  • Salve-a com o nome fixlist.txt
  • Salve-a no mesmo local em que se encontra a FRST

start
CloseProcesses:
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-154245746-4024786111-2166681138-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googlestick_out_tongue.pngageClassification}{google:searchVersion}{google:sessionToken}{googlestick_out_tongue.pngrefetchQuery}sugkey={google:suggestAPIKeyParameter}
2015-02-13 00:18 - 2015-02-13 00:18 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-02-13 00:15 - 2015-02-13 10:29 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\ZHP
2015-02-13 00:15 - 2015-02-13 00:18 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-02-13 00:14 - 2015-02-13 00:14 - 06874603 _____ (Nicolas Coolman ) C:\ZHPDiag2.exe
2015-02-12 22:06 - 2015-02-12 21:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-12 20:36 - 2015-02-12 22:22 - 00025167 _____ () C:\zoek-results.log
2015-02-12 20:33 - 2015-02-12 22:22 - 00000000 ____D () C:\zoek_backup
2015-02-12 11:07 - 2015-02-12 11:20 - 00000000 ____D () C:\AdwCleaner
2015-02-12 06:13 - 2015-02-13 05:47 - 00000392 _____ () C:\Windows\setupact.log
2015-02-12 06:13 - 2015-02-12 22:22 - 00001016 _____ () C:\Windows\PFRO.log
2015-02-12 06:13 - 2015-02-12 06:13 - 00000000 _____ () C:\Windows\setuperr.log
Task: {CD04A3DF-5118-48A8-85D2-B2850411E4F4} - \Uninstaller_SkipUac_ADM No Task File <==== ATTENTION
Task: {D20AFB2F-2152-41BB-9620-B59E5C27F95B} - \ASC8_PerformanceMonitor No Task File <==== ATTENTION
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

Um grande abraço.

Imagem
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
Carcacinha
Carcacinha Membro Senior Registrado
258 Mensagens 10 Curtidas
#15 Por Carcacinha
13/02/2015 - 20:26
rs tranquilo !!

segue o relatorio Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2015
Ran by ADM at 2015-02-13 19:20:25 Run:1
Running from C:\Users\Public\Documents\Documents\Desktop
Loaded Profiles: ADM (Available profiles: ADM)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-154245746-4024786111-2166681138-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googlestick_out_tongue.pngageClassification}{google:searchVersion}{google:sessionToken}{googlestick_out_tongue.pngrefetchQuery}sugkey={google:suggestAPIKeyParameter}
2015-02-13 00:18 - 2015-02-13 00:18 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-02-13 00:15 - 2015-02-13 10:29 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\ZHP
2015-02-13 00:15 - 2015-02-13 00:18 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-13 00:15 - 2015-02-13 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-02-13 00:14 - 2015-02-13 00:14 - 06874603 _____ (Nicolas Coolman ) C:\ZHPDiag2.exe
2015-02-12 22:06 - 2015-02-12 21:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-12 20:36 - 2015-02-12 22:22 - 00025167 _____ () C:\zoek-results.log
2015-02-12 20:33 - 2015-02-12 22:22 - 00000000 ____D () C:\zoek_backup
2015-02-12 11:07 - 2015-02-12 11:20 - 00000000 ____D () C:\AdwCleaner
2015-02-12 06:13 - 2015-02-13 05:47 - 00000392 _____ () C:\Windows\setupact.log
2015-02-12 06:13 - 2015-02-12 22:22 - 00001016 _____ () C:\Windows\PFRO.log
2015-02-12 06:13 - 2015-02-12 06:13 - 00000000 _____ () C:\Windows\setuperr.log
Task: {CD04A3DF-5118-48A8-85D2-B2850411E4F4} - \Uninstaller_SkipUac_ADM No Task File <==== ATTENTION
Task: {D20AFB2F-2152-41BB-9620-B59E5C27F95B} - \ASC8_PerformanceMonitor No Task File <==== ATTENTION
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************

Processes closed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-154245746-4024786111-2166681138-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
C:\PhysicalDisk0_MBR.bin => Moved successfully.
C:\Users\ADM\AppData\Roaming\ZHP => Moved successfully.
C:\Program Files\ZHPDiag => Moved successfully.
C:\Users\Todos os Usuários\ProductData => Moved successfully.
"C:\ProgramData\ProductData" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => Moved successfully.
C:\ZHPDiag2.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD04A3DF-5118-48A8-85D2-B2850411E4F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD04A3DF-5118-48A8-85D2-B2850411E4F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_ADM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D20AFB2F-2152-41BB-9620-B59E5C27F95B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D20AFB2F-2152-41BB-9620-B59E5C27F95B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_PerformanceMonitor" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1AF2CB89-5AD2-4D07-9DDA-43A5179CB3BF}.
Unable to cancel {DEF92C8C-6D03-438E-BA00-6C464739B407}.
{A9BE1A50-AA01-4105-A1B8-BFF9A4953736} canceled.
{156193F6-FB81-448A-A714-9266070A765F} canceled.
2 out of 4 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => Removed 813.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:20:42 ====
Placa Mãe: TCN G41 - 775 - DDR3
Processador: Intel Core 2 Duo E4600

bom_trabalho.gif
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal