Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying pop up spam ad in the bottom right corner


  • Please log in to reply
18 replies to this topic

#1 fireber

fireber

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 20 May 2015 - 09:32 PM

I have been getting small but very annoying pop ups in my browsers ( ie, chrome and firefox) for some time now. I did all the basics, tried to unistall programs  and extensions that I did not recognise without much success. Most of the ads are in russian too... Heres a screenshot of the pop up.

vfw9aq.jpg

Thanks in advance

 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 12:24 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 04:46 PM

Thanks for the quick reply! Here are the logs requested. Some of them are in portuguese, but I did not have the option to intall them in english. I hope this is fine... Escan 21 mai 2015 11:46:33 [143c] - ********************************************************** 21 mai 2015 11:46:33 [143c] - eScan AntiVírus & Spyware Toolkit utilitário. 21 mai 2015 11:46:33 [143c] - Copyright © 2003-2006, MicroWorld Technologies Inc. 21 mai 2015 11:46:33 [143c] - ********************************************************** 21 mai 2015 11:46:33 [143c] - Source: C:\Users\Bernardo\Desktop\mwav.exe 21 mai 2015 11:46:33 [143c] - Versão 14.0.178 (C:\USERS\BERNARDO\APPDATA\LOCAL\TEMP\MEXE.COM) 21 mai 2015 11:46:33 [143c] - Ficheiro de Registo: C:\Users\Bernardo\AppData\Local\Temp\MWAV.LOG 21 mai 2015 11:46:33 [143c] - MWAV Registered: TRUE 21 mai 2015 11:46:33 [143c] - User Account: Bernardo (Administrator Mode) 21 mai 2015 11:46:33 [143c] - OS Type: Windows Workstation [InstallType: Client] 21 mai 2015 11:46:33 [143c] - OS: Windows 8.1 64-Bit [OS Install Date: 20 Jun 2014 11:10:14] 21 mai 2015 11:46:33 [143c] - Ver: Personal Build 9200 21 mai 2015 11:46:33 [143c] - System Up Time: 3 Hours, 19 Minutes, 47 Seconds 21 mai 2015 11:46:33 [143c] - Parent Process Name : C:\Users\Bernardo\Desktop\mwav.exe 21 mai 2015 11:46:33 [143c] - Windows Root Folder: C:\Windows 21 mai 2015 11:46:33 [143c] - Windows Sys32 Folder: C:\Windows\system32 21 mai 2015 11:46:33 [143c] - DHCP NameServer: 80.82.64.136 8.8.8.8 192.168.1.1 21 mai 2015 11:46:33 [143c] - Interface0 DHCPNameServer: 80.82.64.136 8.8.8.8 192.168.1.1 21 mai 2015 11:46:33 [143c] - Local Fixed Drives: c:\ 21 mai 2015 11:46:33 [143c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware) 21 mai 2015 11:46:33 [143c] - [CREATED ZIP FILE: C:\Users\Bernardo\AppData\Local\Temp\pinfect.zip] 21 mai 2015 11:46:34 [143c] - Última Data dos ficheiros em MWAV: Mon Mar 2 17:13:53 2015. 21 mai 2015 11:46:36 [143c] - ** Changed Value of "Path" 21 mai 2015 11:46:36 [143c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Bernardo\AppData\Local\Temp\ESCANDB.LOG] 21 mai 2015 11:46:36 [143c] - Loaded/Created FileScan Cache Database... 21 mai 2015 11:46:36 [143c] - Loading AV Library [DB]... 21 mai 2015 11:47:22 [143c] - ArchiveScan: DISABLED 21 mai 2015 11:47:23 [143c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT]. 21 mai 2015 11:47:23 [143c] - MWAV doing self scanning... 21 mai 2015 11:47:23 [143c] - MWAV files are clean. 21 mai 2015 11:47:26 [143c] - ArchiveScan: DISABLED 21 mai 2015 11:47:26 [143c] - Data da Base de Dados de Vírus: 02 Mar 2015 21 mai 2015 11:47:26 [143c] - Contador da Base de Dados de Vírus: 6701505 21 mai 2015 11:47:26 [143c] - Sign Version: 7.59505 [518257] 21 mai 2015 11:47:36 [143c] - Uninitializing Scanner (3)... 21 mai 2015 11:47:36 [143c] - Freeing Libraries (3)... 21 mai 2015 11:47:36 [143c] - AV Library Unloaded (3)... 21 mai 2015 11:47:36 [143c] - Exiting App... 21 mai 2015 11:47:40 [10b8] - ********************************************************** 21 mai 2015 11:47:40 [10b8] - eScan AntiVírus & Spyware Toolkit utilitário. 21 mai 2015 11:47:40 [10b8] - Copyright © 2003-2006, MicroWorld Technologies Inc. 21 mai 2015 11:47:40 [10b8] - ********************************************************** 21 mai 2015 11:47:40 [10b8] - Versão 14.0.178 (C:\USERS\BERNARDO\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE) 21 mai 2015 11:47:40 [10b8] - Ficheiro de Registo: C:\Users\Bernardo\AppData\Local\Temp\MWAV.LOG 21 mai 2015 11:47:40 [10b8] - MWAV Registered: TRUE 21 mai 2015 11:47:40 [10b8] - User Account: Bernardo (Administrator Mode) 21 mai 2015 11:47:40 [10b8] - OS Type: Windows Workstation [InstallType: Client] 21 mai 2015 11:47:40 [10b8] - OS: Windows 8.1 64-Bit [OS Install Date: 20 Jun 2014 11:10:14] 21 mai 2015 11:47:40 [10b8] - Ver: Personal Build 9200 21 mai 2015 11:47:40 [10b8] - System Up Time: 3 Hours, 20 Minutes, 53 Seconds 21 mai 2015 11:47:40 [10b8] - Parent Process Name : c:\Windows\explorer.exe 21 mai 2015 11:47:40 [10b8] - Windows Root Folder: C:\Windows 21 mai 2015 11:47:40 [10b8] - Windows Sys32 Folder: C:\Windows\system32 21 mai 2015 11:47:40 [10b8] - DHCP NameServer: 80.82.64.136 8.8.8.8 192.168.1.1 21 mai 2015 11:47:40 [10b8] - Interface0 DHCPNameServer: 80.82.64.136 8.8.8.8 192.168.1.1 21 mai 2015 11:47:40 [10b8] - Local Fixed Drives: c:\ 21 mai 2015 11:47:40 [10b8] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware) 21 mai 2015 11:47:40 [10b8] - [CREATED ZIP FILE: C:\Users\Bernardo\AppData\Local\Temp\pinfect.zip] 21 mai 2015 11:47:40 [10b8] - Última Data dos ficheiros em MWAV: Mon Mar 2 17:13:53 2015. 21 mai 2015 11:47:40 [10b8] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Bernardo\AppData\Local\Temp\ESCANDB.LOG] 21 mai 2015 11:47:40 [10b8] - Loaded/Created FileScan Cache Database... 21 mai 2015 11:47:40 [10b8] - Loading AV Library [DB]... 21 mai 2015 11:47:42 [10b8] - ArchiveScan: DISABLED 21 mai 2015 11:47:42 [10b8] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT]. 21 mai 2015 11:47:42 [10b8] - MWAV doing self scanning... 21 mai 2015 11:47:42 [10b8] - MWAV files are clean. 21 mai 2015 11:47:42 [10b8] - ArchiveScan: DISABLED 21 mai 2015 11:47:42 [10b8] - Data da Base de Dados de Vírus: 02 Mar 2015 21 mai 2015 11:47:42 [10b8] - Contador da Base de Dados de Vírus: 6701505 21 mai 2015 11:47:42 [10b8] - Sign Version: 7.59505 [518257] 21 mai 2015 11:47:45 [10b8] - A descarregar a Base de dados do Antivíruse do Antispyware... 21 mai 2015 12:12:44 [10b8] - Atualização Bem-sucedida... 21 mai 2015 12:32:58 [10b8] - Indexed Spyware Databases Successfully Created... 21 mai 2015 12:32:58 [10b8] - Old Sign Version: 7.59505 New Sign Version: 7.60685 21 mai 2015 12:33:09 [10b8] - A Reinstalação da Base de Dados de Vírus do Antivírus foi realizada com sucesso. 21 mai 2015 12:33:09 [10b8] - Data da Base de Dados de Vírus: 21 May 2015 21 mai 2015 12:33:09 [10b8] - Contador da Base de Dados de Vírus: 5533056 21 mai 2015 12:33:09 [10b8] - Sign Version: 7.60685 [519437] 21 mai 2015 12:33:54 [10b8] - ********************************************************** 21 mai 2015 12:33:54 [10b8] - eScan AntiVírus & Spyware Toolkit utilitário. 21 mai 2015 12:33:54 [10b8] - Copyright © 2003-2006, MicroWorld Technologies Inc. 21 mai 2015 12:33:54 [10b8] - 21 mai 2015 12:33:54 [10b8] - Suporte: support@escanav.com 21 mai 2015 12:33:54 [10b8] - Internet: http://www.escanav.com 21 mai 2015 12:33:54 [10b8] - ********************************************************** 21 mai 2015 12:33:54 [10b8] - Versão 14.0.178[DB] (C:\USERS\BERNARDO\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE) 21 mai 2015 12:33:54 [10b8] - Ficheiro de Registo: C:\Users\Bernardo\AppData\Local\Temp\MWAV.LOG 21 mai 2015 12:33:54 [10b8] - User Account: Bernardo (Administrator Mode) 21 mai 2015 12:33:54 [10b8] - Parent Process Name : c:\Windows\explorer.exe 21 mai 2015 12:33:54 [10b8] - Windows Root Folder: C:\Windows 21 mai 2015 12:33:54 [10b8] - Windows Sys32 Folder: C:\Windows\system32 21 mai 2015 12:33:54 [10b8] - OS: Windows 8.1 64-Bit [OS Install Date: 20 Jun 2014 11:10:14] 21 mai 2015 12:33:54 [10b8] - Ver: Personal Build 9200 21 mai 2015 12:33:54 [10b8] - Última Data dos ficheiros em MWAV: Mon Mar 2 17:13:53 2015. 21 mai 2015 12:33:54 [1dfc] - Opções Selecionadas pelo Utilizador: 21 mai 2015 12:33:54 [1dfc] - Verificação de Memória: Ativo 21 mai 2015 12:33:54 [1dfc] - Verificar registo: Ativo 21 mai 2015 12:33:54 [1dfc] - Verificar Pasta de Arranque: Ativo 21 mai 2015 12:33:54 [1dfc] - Verificar Pasta do Sistema: Ativo 21 mai 2015 12:33:54 [1dfc] - Verificar Serviços: Ativo 21 mai 2015 12:33:54 [1dfc] - Analisar Spyware: Ativo 21 mai 2015 12:33:54 [1dfc] - Analisar Archives: Desativado 21 mai 2015 12:33:54 [1dfc] - Verificar Unidade: Ativo 21 mai 2015 12:33:54 [1dfc] - Verificar Todas as Unidades:Desativado 21 mai 2015 12:33:54 [1dfc] - Unidade Selecionada = C:\ 21 mai 2015 12:33:54 [1dfc] - Verificar Pasta: Desativado 21 mai 2015 12:33:54 [1dfc] - SCAN: All_Files [ANSI] 21 mai 2015 12:33:54 [1dfc] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware) 21 mai 2015 12:33:54 [1dfc] - A analisar DNS Records... 21 mai 2015 12:33:54 [1dfc] - A analisar Master Boot Record (User)... 21 mai 2015 12:33:54 [1dfc] - A analisar Logical Boot Records... 21 mai 2015 12:33:54 [1dfc] - ***** Procurar por Processos Rootkit Ocultos ***** 21 mai 2015 12:33:54 [1dfc] - ***** Procurar por Serviços Rootkit Ocultos ***** 21 mai 2015 12:33:59 [1dfc] - ***** A analisar os ficheiros em Memória ***** 21 mai 2015 12:34:14 [1dfc] - ***** A analisar ficheiros do registo ***** 21 mai 2015 12:34:15 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb] 21 mai 2015 12:34:15 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef] 21 mai 2015 12:34:15 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] 21 mai 2015 12:34:15 [1dfc] - Invalid Entry DllName = SDWinLogon.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon). Action Taken: Deleting Registry Key SDWinLogon. 21 mai 2015 12:34:17 [1dfc] - ERROR(3)!!! Invalid Entry Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it. 21 mai 2015 12:34:18 [1dfc] - ***** A analisar as Pastas de Arranque ***** 21 mai 2015 12:35:23 [1294] - ScanFile (C:\Users\Bernardo\AppData\Roaming\PCDr\Downloads\Network_Driver_PM0NP_WN_10.0.0.288_A01.EXE) took 54281 ms 21 mai 2015 12:35:23 [1294] - Análise de C:\Users\Bernardo\AppData\Roaming\PCDr\Downloads\Network_Driver_PM0NP_WN_10.0.0.288_A01.EXE Timed out!!! 21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BaiduBar-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1d24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1294] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1248] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1d24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:18 [1294] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1d24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1248] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MyStart.Toolbar-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Wordpad-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:19 [1294] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip não Analisado. possívelmente protegido por Password... 21 mai 2015 12:36:32 [1dfc] - ***** A analisar os ficheiros de Serviço ***** 21 mai 2015 12:36:32 [1dfc] - A analisar o ficheiro C:\Windows\System32\drivers\1394ohci.sys 21 mai 2015 12:36:32 [1dfc] - ERROR(2)!!! ScanFile Fails for C:\Windows\System32\drivers\1394ohci.sys... 21 mai 2015 12:36:39 [1dfc] - ERROR(2)!!! Invalid Entry \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy. 21 mai 2015 12:36:45 [1dfc] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks]. 21 mai 2015 12:36:48 [1dfc] - ***** A analisar o registo e o Sistema de ficheiros contra Adware/Spyware ***** 21 mai 2015 12:36:48 [1dfc] - A carregar a base de dados de Spyware a partir da nova base de dados externa [Nome: C:\Users\Bernardo\AppData\Local\Temp\spydb.avs, Tamanho: 464724]... 21 mai 2015 12:36:48 [1dfc] - Indexed Spyware Databases Successfully Created... 21 mai 2015 12:36:54 [1dfc] - ***** A analisar ficheiros do registo ***** 21 mai 2015 12:36:54 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb] 21 mai 2015 12:36:54 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef] 21 mai 2015 12:36:55 [1dfc] - ***** A analisar a Pasta System32 ***** 21 mai 2015 12:37:24 [1248] - ScanFile (C:\Windows\SysWOW64\inetcpl.cpl) took 5063 ms 21 mai 2015 12:37:34 [1494] - ScanFile (C:\Windows\SysWOW64\mspaint.exe) took 5109 ms 21 mai 2015 12:38:06 [19e0] - A analisar o ficheiro C:\Users\Bernardo\AppData\Local\Temp\MWZ1927.tmp 21 mai 2015 12:38:12 [1dfc] - ***** A analisar a Unidade C:\ ***** 21 mai 2015 12:38:46 [1d2c] - ScanFile (C:\Nado\amd-catalyst-omega-14.12-with-dotnet45-win8.1-64bit.exe) took 6094 ms 21 mai 2015 12:38:47 [1494] - ScanFile (C:\Nado\Application_56J82_WN32_1.4.2000.0_A07.EXE) took 6906 ms 21 mai 2015 12:38:52 [1294] - ScanFile (C:\Nado\Chipset_Driver_KV645_WN_9.5.24.1790_A02.EXE) took 6563 ms 21 mai 2015 12:38:53 [19e0] - ScanFile (C:\Nado\Chipset_Driver_FTHX8_WN_9.4.0.1026_A00.EXE) took 7484 ms 21 mai 2015 12:39:07 [1294] - ScanFile (C:\Nado\iGBPCEFsf.exe) took 5312 ms 21 mai 2015 12:39:20 [1d24] - ScanFile (C:\Nado\Serial-ATA_Driver_923PH_WN_12.8.2.1000_A01.EXE) took 5110 ms 21 mai 2015 12:39:20 [1d2c] - ScanFile (C:\Nado\Salem S01 Season 1 Complete HDTV 480p x264 AAC E-Subs [GWC]\Salem S01E05 HDTV x264 AAC E-Subs [GWC].mp4) took 5235 ms 21 mai 2015 12:39:24 [1648] - ScanFile (C:\Nado\Video_Driver_CGR4G_WN_13.201.0.0_A01.EXE) took 5172 ms 21 mai 2015 12:45:03 [1294] - ScanFile (C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 9516 ms 21 mai 2015 12:48:52 [1294] - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpdate.dat não Analisado. possívelmente protegido por Password... 21 mai 2015 12:49:08 [1d24] - ScanFile (C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Updates\DBR_1620_1712_x64_Update.exe) took 14985 ms 21 mai 2015 12:50:10 [1d2c] - ScanFile (C:\Program Files (x86)\Panda Security\Panda Security Protection\SetupUI.dll) took 5781 ms 21 mai 2015 12:50:33 [1248] - ScanFile (C:\Program Files (x86)\Skype\Phone\Skype.exe) took 13031 ms 21 mai 2015 12:50:38 [1f44] - ScanFile (C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe) took 8016 ms 21 mai 2015 12:51:18 [1248] - ScanFile (C:\Program Files (x86)\Steam\bin\libcef.dll) took 5031 ms 21 mai 2015 12:55:16 [1f44] - A analisar o ficheiro C:\System Volume Information\{261a1228-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752} 21 mai 2015 12:55:16 [1d2c] - A analisar o ficheiro C:\System Volume Information\{2619fe10-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752} 21 mai 2015 12:55:16 [1294] - A analisar o ficheiro C:\System Volume Information\{261a1e2d-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752} 21 mai 2015 12:55:16 [1494] - A analisar o ficheiro C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 21 mai 2015 12:55:16 [1d24] - A analisar o ficheiro C:\System Volume Information\{261a1e46-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752} 21 mai 2015 12:55:18 [1248] - ScanFile (C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.29\deploy\libcef.dll) took 5204 ms 21 mai 2015 12:56:59 [1648] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\301bfe0e-9bcc-4552-be06-5cf7553542eb\Serial-ATA_Driver_923PH_WN_12.8.2.1000_A01.EXE) took 6969 ms 21 mai 2015 12:57:00 [1494] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\9a65afa8-6d0f-46fe-9c00-0748b97d054b\Serial-ATA_Driver_923PH_WN_12.8.2.1000_A01.EXE) took 7187 ms 21 mai 2015 12:57:01 [1248] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\301bfe0e-9bcc-4552-be06-5cf7553542eb\Chipset_Driver_KV645_WN_9.5.24.1790_A02.EXE) took 8391 ms 21 mai 2015 12:57:01 [19e0] - C:\Users\Bernardo\OneDrive\escala plantao (1).xlsx não Analisado. possívelmente protegido por Password... 21 mai 2015 12:57:01 [1d24] - C:\Users\Bernardo\OneDrive\escala plantao.xlsx não Analisado. possívelmente protegido por Password... 21 mai 2015 12:57:02 [1d2c] - A analisar o ficheiro C:\Users\Bernardo\OneDrive\Escala planto~es R1 2014-2015.xlsx 21 mai 2015 12:57:04 [1f44] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\9a65afa8-6d0f-46fe-9c00-0748b97d054b\Chipset_Driver_KV645_WN_9.5.24.1790_A02.EXE) took 11344 ms 21 mai 2015 12:58:25 [1294] - ScanFile (C:\Windows\Installer\4788b6e.msi) took 11579 ms 21 mai 2015 13:02:23 [1294] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\hdxseds.inf_amd64_3a1c78ac7409a2b8\MaxxAudioAPO30.dll) took 5016 ms 21 mai 2015 13:14:58 [1dfc] - ***** A analisar vírus ITW específicos ***** 21 mai 2015 13:14:58 [1dfc] - ***** Ana´lise concluída. ***** 21 mai 2015 13:14:58 [1dfc] - Total de Objetos Analisados: 300732 21 mai 2015 13:14:58 [1dfc] - Total de Objetos Críticos Encontrados: 0 21 mai 2015 13:14:58 [1dfc] - Total de ficheiros Desinfetados: 0 21 mai 2015 13:14:58 [1dfc] - Total de Objetos Renomeados: 0 21 mai 2015 13:14:58 [1dfc] - Total de ficheiros Eliminados: 0 21 mai 2015 13:14:58 [1dfc] - Total de Erros: 4 21 mai 2015 13:14:58 [1dfc] - Tempo Decorrido: 00:41:04 21 mai 2015 13:14:58 [1dfc] - Data da Base de Dados de Vírus: 21 May 2015 21 mai 2015 13:14:58 [1dfc] - Contador da Base de Dados de Vírus: 5533056 21 mai 2015 13:14:58 [1dfc] - Sign Version: 7.60685 [519437] 21 mai 2015 13:14:58 [1dfc] - Análise Concluída. Zemana Zemana AntiMalware 2.14.2.667 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2015/5/21 Operating System : Windows 8.1 64-bit Processor : 4X Intel® Core™ i7-4500U CPU @ 1.80GHz BIOS Mode : UEFI CUID : 0025AB225662004D79B006 Scan Type : Deep Scan Duration : 22m 20s Scanned Objects : 41094 Detected Objects : 4 Excluded Objects : 0 Read Level : Normal Auto Upload : Yes Show All Extensions : No Scan Documents : Yes Domain Info : WORKGROUP,1,2 Detected Objects ------------------------------------------------------- Firefox Search Status : Scanned Object : MercadoLivre - http://pmstrk.mercadolivre.com.br MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Traces : Browser Setting - Firefox Search Firefox Search Status : Scanned Object : BuscaPé - http://busca.buscape.com.br MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Traces : Browser Setting - Firefox Search Chrome Startup Url Status : Scanned Object : http://folhaonline.com.br/ MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Traces : Browser Setting - Chrome Startup Url Chrome Homepage Status : Scanned Object : http://folhaonline.com.br/ MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Traces : Browser Setting - Chrome Homepage Cleaning Result ------------------------------------------------------- Cleaned : 4 Reported as safe : 0 Failed : 0 JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.7.6 (05.21.2015:1) OS: Windows 8.1 Single Language x64 Ran by Bernardo on 21/05/2015 at 18:28:36,43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-288138567-576627373-493772763-1001 Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\PANDA SECURITY TOOLBAR UNINST-2E50AF0E.pf ~~~ Folders Successfully deleted: [Folder] C:\Program Files (x86)\baidu security Successfully deleted: [Folder] C:\ProgramData\baidu security Successfully deleted: [Folder] C:\ProgramData\pcdr Successfully deleted: [Folder] C:\Users\Bernardo\appdata\locallow\pcdr Successfully deleted: [Folder] C:\Users\Bernardo\AppData\Roaming\pcdr Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin ~~~ Chrome Successfully deleted: [Folder] C:\Users\Bernardo\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/05/2015 at 18:33:10,49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adware cleaner # AdwCleaner v4.205 - Relatório criado 21/05/2015 às 18:34:47 # Atualizado 21/05/2015 por Xplode # Base de dados : 2015-05-21.2 [Servidor] # Sistema operacional : Windows 8.1 Single Language (x64) # Usuário : Bernardo - NADO # Executando de : C:\Users\Bernardo\Desktop\adwcleaner_4.205.exe # Opção : Verificar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v38.0.1 (x86 pt-BR) -\\ Google Chrome v43.0.2357.65 ************************* AdwCleaner[R0].txt - [2495 bytes] - [20/05/2015 22:07:08] AdwCleaner[R1].txt - [732 bytes] - [21/05/2015 18:34:47] AdwCleaner[S0].txt - [2459 bytes] - [20/05/2015 22:12:25] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [849 bytes] ######### Now what should I do?

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 04:49 PM

There is no way that I can take the time to make sense of that.... :)

 

Can you please turn word wrap off in your notepad and repost the logs. :thumbup2:



#5 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 04:50 PM

Bad formatting, couldnt edit last post.... here we go again.

 

MWAV

21 mai 2015 11:46:33 [143c] - **********************************************************
21 mai 2015 11:46:33 [143c] - eScan AntiVírus & Spyware Toolkit utilitário.
21 mai 2015 11:46:33 [143c] - Copyright © 2003-2006,  MicroWorld Technologies Inc.
21 mai 2015 11:46:33 [143c] - **********************************************************
21 mai 2015 11:46:33 [143c] - Source: C:\Users\Bernardo\Desktop\mwav.exe
21 mai 2015 11:46:33 [143c] - Versão 14.0.178 (C:\USERS\BERNARDO\APPDATA\LOCAL\TEMP\MEXE.COM)
21 mai 2015 11:46:33 [143c] - Ficheiro de Registo: C:\Users\Bernardo\AppData\Local\Temp\MWAV.LOG
21 mai 2015 11:46:33 [143c] - MWAV Registered: TRUE
21 mai 2015 11:46:33 [143c] - User Account: Bernardo (Administrator Mode)
21 mai 2015 11:46:33 [143c] - OS Type: Windows Workstation [InstallType: Client]
21 mai 2015 11:46:33 [143c] - OS: Windows 8.1 64-Bit [OS Install Date: 20 Jun 2014 11:10:14]
21 mai 2015 11:46:33 [143c] - Ver: Personal Build 9200
21 mai 2015 11:46:33 [143c] - System Up Time: 3 Hours, 19 Minutes, 47 Seconds


21 mai 2015 11:46:33 [143c] - Parent Process Name : C:\Users\Bernardo\Desktop\mwav.exe
21 mai 2015 11:46:33 [143c] - Windows Root  Folder: C:\Windows
21 mai 2015 11:46:33 [143c] - Windows Sys32 Folder: C:\Windows\system32
21 mai 2015 11:46:33 [143c] - DHCP NameServer: 80.82.64.136 8.8.8.8 192.168.1.1
21 mai 2015 11:46:33 [143c] - Interface0 DHCPNameServer: 80.82.64.136 8.8.8.8 192.168.1.1
21 mai 2015 11:46:33 [143c] - Local Fixed Drives: c:\
21 mai 2015 11:46:33 [143c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
21 mai 2015 11:46:33 [143c] - [CREATED ZIP FILE: C:\Users\Bernardo\AppData\Local\Temp\pinfect.zip]
21 mai 2015 11:46:34 [143c] - Última Data dos ficheiros em MWAV: Mon Mar  2 17:13:53 2015.
21 mai 2015 11:46:36 [143c] - ** Changed Value of "Path"
21 mai 2015 11:46:36 [143c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Bernardo\AppData\Local\Temp\ESCANDB.LOG]
21 mai 2015 11:46:36 [143c] - Loaded/Created FileScan Cache Database...
21 mai 2015 11:46:36 [143c] - Loading AV Library [DB]...
21 mai 2015 11:47:22 [143c] - ArchiveScan: DISABLED
21 mai 2015 11:47:23 [143c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
21 mai 2015 11:47:23 [143c] - MWAV doing self scanning...
21 mai 2015 11:47:23 [143c] - MWAV files are clean.
21 mai 2015 11:47:26 [143c] - ArchiveScan: DISABLED
21 mai 2015 11:47:26 [143c] - Data da Base de Dados de Vírus: 02 Mar 2015
21 mai 2015 11:47:26 [143c] - Contador da Base de Dados de Vírus: 6701505
21 mai 2015 11:47:26 [143c] - Sign Version: 7.59505 [518257]
21 mai 2015 11:47:36 [143c] - Uninitializing Scanner (3)...
21 mai 2015 11:47:36 [143c] - Freeing Libraries (3)...
21 mai 2015 11:47:36 [143c] - AV Library Unloaded (3)...
21 mai 2015 11:47:36 [143c] - Exiting App...
21 mai 2015 11:47:40 [10b8] - **********************************************************
21 mai 2015 11:47:40 [10b8] - eScan AntiVírus & Spyware Toolkit utilitário.
21 mai 2015 11:47:40 [10b8] - Copyright © 2003-2006,  MicroWorld Technologies Inc.
21 mai 2015 11:47:40 [10b8] - **********************************************************
21 mai 2015 11:47:40 [10b8] - Versão 14.0.178 (C:\USERS\BERNARDO\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
21 mai 2015 11:47:40 [10b8] - Ficheiro de Registo: C:\Users\Bernardo\AppData\Local\Temp\MWAV.LOG
21 mai 2015 11:47:40 [10b8] - MWAV Registered: TRUE
21 mai 2015 11:47:40 [10b8] - User Account: Bernardo (Administrator Mode)
21 mai 2015 11:47:40 [10b8] - OS Type: Windows Workstation [InstallType: Client]
21 mai 2015 11:47:40 [10b8] - OS: Windows 8.1 64-Bit [OS Install Date: 20 Jun 2014 11:10:14]
21 mai 2015 11:47:40 [10b8] - Ver: Personal Build 9200
21 mai 2015 11:47:40 [10b8] - System Up Time: 3 Hours, 20 Minutes, 53 Seconds


21 mai 2015 11:47:40 [10b8] - Parent Process Name : c:\Windows\explorer.exe
21 mai 2015 11:47:40 [10b8] - Windows Root  Folder: C:\Windows
21 mai 2015 11:47:40 [10b8] - Windows Sys32 Folder: C:\Windows\system32
21 mai 2015 11:47:40 [10b8] - DHCP NameServer: 80.82.64.136 8.8.8.8 192.168.1.1
21 mai 2015 11:47:40 [10b8] - Interface0 DHCPNameServer: 80.82.64.136 8.8.8.8 192.168.1.1
21 mai 2015 11:47:40 [10b8] - Local Fixed Drives: c:\
21 mai 2015 11:47:40 [10b8] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
21 mai 2015 11:47:40 [10b8] - [CREATED ZIP FILE: C:\Users\Bernardo\AppData\Local\Temp\pinfect.zip]
21 mai 2015 11:47:40 [10b8] - Última Data dos ficheiros em MWAV: Mon Mar  2 17:13:53 2015.
21 mai 2015 11:47:40 [10b8] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Bernardo\AppData\Local\Temp\ESCANDB.LOG]
21 mai 2015 11:47:40 [10b8] - Loaded/Created FileScan Cache Database...
21 mai 2015 11:47:40 [10b8] - Loading AV Library [DB]...
21 mai 2015 11:47:42 [10b8] - ArchiveScan: DISABLED
21 mai 2015 11:47:42 [10b8] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
21 mai 2015 11:47:42 [10b8] - MWAV doing self scanning...
21 mai 2015 11:47:42 [10b8] - MWAV files are clean.
21 mai 2015 11:47:42 [10b8] - ArchiveScan: DISABLED
21 mai 2015 11:47:42 [10b8] - Data da Base de Dados de Vírus: 02 Mar 2015
21 mai 2015 11:47:42 [10b8] - Contador da Base de Dados de Vírus: 6701505
21 mai 2015 11:47:42 [10b8] - Sign Version: 7.59505 [518257]
21 mai 2015 11:47:45 [10b8] - A descarregar a Base de dados do Antivíruse do Antispyware...
21 mai 2015 12:12:44 [10b8] - Atualização Bem-sucedida...
21 mai 2015 12:32:58 [10b8] - Indexed Spyware Databases Successfully Created...
21 mai 2015 12:32:58 [10b8] - Old Sign Version: 7.59505    New Sign Version: 7.60685
21 mai 2015 12:33:09 [10b8] - A Reinstalação da Base de Dados de Vírus do Antivírus foi realizada com sucesso.
21 mai 2015 12:33:09 [10b8] - Data da Base de Dados de Vírus: 21 May 2015
21 mai 2015 12:33:09 [10b8] - Contador da Base de Dados de Vírus: 5533056
21 mai 2015 12:33:09 [10b8] - Sign Version: 7.60685 [519437]
 
21 mai 2015 12:33:54 [10b8] - **********************************************************
21 mai 2015 12:33:54 [10b8] - eScan AntiVírus & Spyware Toolkit utilitário.
21 mai 2015 12:33:54 [10b8] - Copyright © 2003-2006,  MicroWorld Technologies Inc.
21 mai 2015 12:33:54 [10b8] -
21 mai 2015 12:33:54 [10b8] - Suporte: support@escanav.com
21 mai 2015 12:33:54 [10b8] - Internet: http://www.escanav.com
21 mai 2015 12:33:54 [10b8] - **********************************************************
21 mai 2015 12:33:54 [10b8] - Versão 14.0.178[DB] (C:\USERS\BERNARDO\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
21 mai 2015 12:33:54 [10b8] - Ficheiro de Registo: C:\Users\Bernardo\AppData\Local\Temp\MWAV.LOG
21 mai 2015 12:33:54 [10b8] - User Account: Bernardo (Administrator Mode)
21 mai 2015 12:33:54 [10b8] - Parent Process Name : c:\Windows\explorer.exe
21 mai 2015 12:33:54 [10b8] - Windows Root  Folder: C:\Windows
21 mai 2015 12:33:54 [10b8] - Windows Sys32 Folder: C:\Windows\system32
21 mai 2015 12:33:54 [10b8] - OS: Windows 8.1 64-Bit [OS Install Date: 20 Jun 2014 11:10:14]
21 mai 2015 12:33:54 [10b8] - Ver: Personal Build 9200
21 mai 2015 12:33:54 [10b8] - Última Data dos ficheiros em MWAV: Mon Mar  2 17:13:53 2015.
 
21 mai 2015 12:33:54 [1dfc] - Opções Selecionadas pelo Utilizador:
21 mai 2015 12:33:54 [1dfc] - Verificação de Memória: Ativo
21 mai 2015 12:33:54 [1dfc] - Verificar registo: Ativo
21 mai 2015 12:33:54 [1dfc] - Verificar Pasta de Arranque: Ativo
21 mai 2015 12:33:54 [1dfc] - Verificar Pasta do Sistema: Ativo
21 mai 2015 12:33:54 [1dfc] - Verificar Serviços: Ativo
21 mai 2015 12:33:54 [1dfc] - Analisar Spyware: Ativo
21 mai 2015 12:33:54 [1dfc] - Analisar Archives: Desativado
21 mai 2015 12:33:54 [1dfc] - Verificar Unidade: Ativo
21 mai 2015 12:33:54 [1dfc] - Verificar Todas as Unidades:Desativado
21 mai 2015 12:33:54 [1dfc] - Unidade Selecionada = C:\
21 mai 2015 12:33:54 [1dfc] - Verificar Pasta: Desativado
21 mai 2015 12:33:54 [1dfc] - SCAN: All_Files [ANSI]
21 mai 2015 12:33:54 [1dfc] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
21 mai 2015 12:33:54 [1dfc] - A analisar DNS Records...
21 mai 2015 12:33:54 [1dfc] - A analisar Master Boot Record (User)...
21 mai 2015 12:33:54 [1dfc] - A analisar Logical Boot Records...
21 mai 2015 12:33:54 [1dfc] - ***** Procurar por Processos Rootkit Ocultos *****
21 mai 2015 12:33:54 [1dfc] - ***** Procurar por Serviços Rootkit Ocultos *****
 
21 mai 2015 12:33:59 [1dfc] - ***** A analisar os ficheiros em Memória *****
 
21 mai 2015 12:34:14 [1dfc] - ***** A analisar ficheiros do registo *****
21 mai 2015 12:34:15 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
21 mai 2015 12:34:15 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]
21 mai 2015 12:34:15 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
21 mai 2015 12:34:15 [1dfc] - Invalid Entry DllName = SDWinLogon.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon). Action Taken: Deleting Registry Key SDWinLogon.
21 mai 2015 12:34:17 [1dfc] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
21 mai 2015 12:34:18 [1dfc] - ***** A analisar as Pastas de Arranque *****
21 mai 2015 12:35:23 [1294] - ScanFile (C:\Users\Bernardo\AppData\Roaming\PCDr\Downloads\Network_Driver_PM0NP_WN_10.0.0.288_A01.EXE) took 54281 ms
21 mai 2015 12:35:23 [1294] - Análise de C:\Users\Bernardo\AppData\Roaming\PCDr\Downloads\Network_Driver_PM0NP_WN_10.0.0.288_A01.EXE Timed out!!!
21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BaiduBar-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1d24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1294] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1248] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1d24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:18 [1294] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1648] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1d24] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1248] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MyStart.Toolbar-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1494] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1d2c] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Wordpad-0000.zip não Analisado. possívelmente protegido por Password...
21 mai 2015 12:36:19 [1294] - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip não Analisado. possívelmente protegido por Password...
 
21 mai 2015 12:36:32 [1dfc] - ***** A analisar os ficheiros de Serviço *****
21 mai 2015 12:36:32 [1dfc] - A analisar o ficheiro C:\Windows\System32\drivers\1394ohci.sys
21 mai 2015 12:36:32 [1dfc] - ERROR(2)!!! ScanFile Fails for C:\Windows\System32\drivers\1394ohci.sys...
21 mai 2015 12:36:39 [1dfc] - ERROR(2)!!! Invalid Entry \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy.
21 mai 2015 12:36:45 [1dfc] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
21 mai 2015 12:36:48 [1dfc] - ***** A analisar o registo e o Sistema de ficheiros contra Adware/Spyware *****
21 mai 2015 12:36:48 [1dfc] - A carregar a base de dados de Spyware a partir da nova base de dados externa [Nome: C:\Users\Bernardo\AppData\Local\Temp\spydb.avs, Tamanho: 464724]...
21 mai 2015 12:36:48 [1dfc] - Indexed Spyware Databases Successfully Created...
 
 
21 mai 2015 12:36:54 [1dfc] - ***** A analisar ficheiros do registo *****
21 mai 2015 12:36:54 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
21 mai 2015 12:36:54 [1dfc] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]
 
21 mai 2015 12:36:55 [1dfc] - ***** A analisar a Pasta System32 *****
21 mai 2015 12:37:24 [1248] - ScanFile (C:\Windows\SysWOW64\inetcpl.cpl) took 5063 ms
21 mai 2015 12:37:34 [1494] - ScanFile (C:\Windows\SysWOW64\mspaint.exe) took 5109 ms
 
21 mai 2015 12:38:06 [19e0] - A analisar o ficheiro C:\Users\Bernardo\AppData\Local\Temp\MWZ1927.tmp
 
21 mai 2015 12:38:12 [1dfc] - ***** A analisar a Unidade C:\ *****
21 mai 2015 12:38:46 [1d2c] - ScanFile (C:\Nado\amd-catalyst-omega-14.12-with-dotnet45-win8.1-64bit.exe) took 6094 ms
21 mai 2015 12:38:47 [1494] - ScanFile (C:\Nado\Application_56J82_WN32_1.4.2000.0_A07.EXE) took 6906 ms
21 mai 2015 12:38:52 [1294] - ScanFile (C:\Nado\Chipset_Driver_KV645_WN_9.5.24.1790_A02.EXE) took 6563 ms
21 mai 2015 12:38:53 [19e0] - ScanFile (C:\Nado\Chipset_Driver_FTHX8_WN_9.4.0.1026_A00.EXE) took 7484 ms
21 mai 2015 12:39:07 [1294] - ScanFile (C:\Nado\iGBPCEFsf.exe) took 5312 ms
21 mai 2015 12:39:20 [1d24] - ScanFile (C:\Nado\Serial-ATA_Driver_923PH_WN_12.8.2.1000_A01.EXE) took 5110 ms
21 mai 2015 12:39:20 [1d2c] - ScanFile (C:\Nado\Salem S01 Season 1 Complete HDTV 480p x264 AAC E-Subs [GWC]\Salem S01E05 HDTV x264 AAC E-Subs [GWC].mp4) took 5235 ms
21 mai 2015 12:39:24 [1648] - ScanFile (C:\Nado\Video_Driver_CGR4G_WN_13.201.0.0_A01.EXE) took 5172 ms
21 mai 2015 12:45:03 [1294] - ScanFile (C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 9516 ms
21 mai 2015 12:48:52 [1294] - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpdate.dat não Analisado. possívelmente protegido por Password...
21 mai 2015 12:49:08 [1d24] - ScanFile (C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Updates\DBR_1620_1712_x64_Update.exe) took 14985 ms
21 mai 2015 12:50:10 [1d2c] - ScanFile (C:\Program Files (x86)\Panda Security\Panda Security Protection\SetupUI.dll) took 5781 ms
21 mai 2015 12:50:33 [1248] - ScanFile (C:\Program Files (x86)\Skype\Phone\Skype.exe) took 13031 ms
21 mai 2015 12:50:38 [1f44] - ScanFile (C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe) took 8016 ms
21 mai 2015 12:51:18 [1248] - ScanFile (C:\Program Files (x86)\Steam\bin\libcef.dll) took 5031 ms
21 mai 2015 12:55:16 [1f44] - A analisar o ficheiro C:\System Volume Information\{261a1228-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 mai 2015 12:55:16 [1d2c] - A analisar o ficheiro C:\System Volume Information\{2619fe10-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 mai 2015 12:55:16 [1294] - A analisar o ficheiro C:\System Volume Information\{261a1e2d-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 mai 2015 12:55:16 [1494] - A analisar o ficheiro C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
21 mai 2015 12:55:16 [1d24] - A analisar o ficheiro C:\System Volume Information\{261a1e46-fb18-11e4-82f8-782bcbeb6779}{3808876b-c176-4e48-b7ae-04046e6cc752}
21 mai 2015 12:55:18 [1248] - ScanFile (C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.29\deploy\libcef.dll) took 5204 ms
21 mai 2015 12:56:59 [1648] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\301bfe0e-9bcc-4552-be06-5cf7553542eb\Serial-ATA_Driver_923PH_WN_12.8.2.1000_A01.EXE) took 6969 ms
21 mai 2015 12:57:00 [1494] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\9a65afa8-6d0f-46fe-9c00-0748b97d054b\Serial-ATA_Driver_923PH_WN_12.8.2.1000_A01.EXE) took 7187 ms
21 mai 2015 12:57:01 [1248] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\301bfe0e-9bcc-4552-be06-5cf7553542eb\Chipset_Driver_KV645_WN_9.5.24.1790_A02.EXE) took 8391 ms
21 mai 2015 12:57:01 [19e0] - C:\Users\Bernardo\OneDrive\escala plantao (1).xlsx não Analisado. possívelmente protegido por Password...
21 mai 2015 12:57:01 [1d24] - C:\Users\Bernardo\OneDrive\escala plantao.xlsx não Analisado. possívelmente protegido por Password...
21 mai 2015 12:57:02 [1d2c] - A analisar o ficheiro C:\Users\Bernardo\OneDrive\Escala planto~es R1 2014-2015.xlsx
21 mai 2015 12:57:04 [1f44] - ScanFile (C:\Users\Bernardo\Documents\Dell Downloads\9a65afa8-6d0f-46fe-9c00-0748b97d054b\Chipset_Driver_KV645_WN_9.5.24.1790_A02.EXE) took 11344 ms
21 mai 2015 12:58:25 [1294] - ScanFile (C:\Windows\Installer\4788b6e.msi) took 11579 ms
21 mai 2015 13:02:23 [1294] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\hdxseds.inf_amd64_3a1c78ac7409a2b8\MaxxAudioAPO30.dll) took 5016 ms
 
21 mai 2015 13:14:58 [1dfc] - ***** A analisar vírus ITW específicos *****
 
21 mai 2015 13:14:58 [1dfc] - ***** Ana´lise concluída. *****
 
21 mai 2015 13:14:58 [1dfc] - Total de Objetos Analisados: 300732
21 mai 2015 13:14:58 [1dfc] - Total de Objetos Críticos Encontrados: 0
21 mai 2015 13:14:58 [1dfc] - Total de ficheiros Desinfetados: 0
21 mai 2015 13:14:58 [1dfc] - Total de Objetos Renomeados: 0
21 mai 2015 13:14:58 [1dfc] - Total de ficheiros Eliminados: 0
21 mai 2015 13:14:58 [1dfc] - Total de Erros: 4
21 mai 2015 13:14:58 [1dfc] - Tempo Decorrido: 00:41:04
21 mai 2015 13:14:58 [1dfc] - Data da Base de Dados de Vírus: 21 May 2015
21 mai 2015 13:14:58 [1dfc] - Contador da Base de Dados de Vírus: 5533056
21 mai 2015 13:14:58 [1dfc] - Sign Version: 7.60685 [519437]
 
21 mai 2015 13:14:58 [1dfc] - Análise Concluída.
 

 

Zemana AntiMalware 2.14.2.667 (Installed)

-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/5/21
Operating System      : Windows 8.1 64-bit
Processor             : 4X Intel® Core™ i7-4500U CPU @ 1.80GHz
BIOS Mode             : UEFI
CUID                  : 0025AB225662004D79B006
Scan Type             : Deep Scan
Duration              : 22m 20s
Scanned Objects       : 41094
Detected Objects      : 4
Excluded Objects      : 0
Read Level            : Normal
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Domain Info           : WORKGROUP,1,2


Detected Objects
-------------------------------------------------------
Firefox Search
   Status             : Scanned
   Object             : MercadoLivre - http://pmstrk.mercadolivre.com.br
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Firefox Search

Firefox Search
   Status             : Scanned
   Object             : BuscaPé - http://busca.buscape.com.br
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Firefox Search

Chrome Startup Url
   Status             : Scanned
   Object             : http://folhaonline.com.br/
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Chrome Startup Url

Chrome Homepage
   Status             : Scanned
   Object             : http://folhaonline.com.br/
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detection          : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Chrome Homepage


Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Bernardo on 21/05/2015 at 18:28:36,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-288138567-576627373-493772763-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\PANDA SECURITY TOOLBAR UNINST-2E50AF0E.pf



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\baidu security
Successfully deleted: [Folder] C:\ProgramData\baidu security
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Bernardo\appdata\locallow\pcdr
Successfully deleted: [Folder] C:\Users\Bernardo\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Bernardo\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/05/2015 at 18:33:10,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v4.205 - Relatório criado 21/05/2015 às 18:34:47
# Atualizado 21/05/2015 por Xplode
# Base de dados : 2015-05-21.2 [Servidor]
# Sistema operacional : Windows 8.1 Single Language  (x64)
# Usuário : Bernardo - NADO
# Executando de : C:\Users\Bernardo\Desktop\adwcleaner_4.205.exe
# Opção : Verificar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 pt-BR)


-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [2495 bytes] - [20/05/2015 22:07:08]
AdwCleaner[R1].txt - [732 bytes] - [21/05/2015 18:34:47]
AdwCleaner[S0].txt - [2459 bytes] - [20/05/2015 22:12:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [849 bytes] ##########

 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 04:58 PM

Ok, please uninstall Spybot Search and Destroy, then do  the following.

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#7 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 06:56 PM

Here we go again!!!

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_05_21_19_07_01
OS: Windows 8 - 64 Bit
Account Name: Bernardo
U0L0S5

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished

 

~ ZHPCleaner v2015.5.20.247 by Nicolas Coolman (2015\05\20)
~ Run by Bernardo (Administrator)  (21/05/2015 19:26:35)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Bernardo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bernardo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit  (Build 9600)


---\\  Serviços (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Arquivo hosts (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (21)
MOVIDO pasta: C:\Users\Bernardo\AppData\Roaming\unins000.exe [ - Setup/Uninstall] (Adware.Pirrit)
MOVIDO pasta: C:\Users\Bernardo\AppData\Roaming\unins001.exe [ - Setup/Uninstall] (Adware.Pirrit)
MOVIDO arquivo*: C:\Windows\Installer\MSI228D.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI2983.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI2E27.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI31B3.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI6448.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI669B.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI67AD.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI691E.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI6A86.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI71DA.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI7362.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI7566.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI772D.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI7885.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI85A8.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSI9F1C.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSIA30.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSIA373.tmp- (Empty)
MOVIDO arquivo*: C:\Windows\Installer\MSID1D8.tmp- (Empty)


---\\  Registro ( Chaves, Valores, Dados ) (5)
SUBSTITUIDO dados: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.2.0 (Not File)] (Toolbar.AVGSearch)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.2.0 (Not File)] (Toolbar.AVGSearch)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Panda Security Toolbar] (Toolbar.VisicomMedia)
SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\InprocServer32 [C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll (Not File)] (Toolbar.VisicomMedia)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 809
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 26


End of clean at 19:26:48
===================
ZHPCleaner-[R]-21052015-19_26_48.txt
ZHPCleaner-[S]-21052015-19_26_18.txt

 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Adobe Flash Player     17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1)
 Google Chrome (42.0.2311.152)
 Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Bernardo (administrator) on 21-05-2015 at 19:31:31
Running from "C:\Users\Bernardo\Desktop"
Microsoft Windows 8.1 Single Language  (X64)
Model: Inspiron 5537 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# Configura��o de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Conex�o Local* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Conex�o Local* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Final da configura��o IPv4



Configura��o de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : Nado
   Sufixo DNS prim�rio . . . . . . . . . . . . :
   Tipo de n�. . . . . . . . . . . . . . . . . : desconhecido
   Roteamento de IP ativado. . . . . . . . . . : n�o
   Proxy WINS ativado. . . . . . . . . . . . . : n�o

Adaptador de Rede sem Fio Conex�o Local* 1:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . :
   Descri��o . . . . . . . . . . . . . . . . . : Adaptador Virtual Direto Wi-Fi da Microsoft
   Endere�o F�sico . . . . . . . . . . . . . . : 12-71-CC-8A-62-59
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim

Adaptador de Rede sem Fio Wi-Fi:

   Sufixo DNS espec�fico de conex�o. . . . . . :
   Descri��o . . . . . . . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Endere�o F�sico . . . . . . . . . . . . . . : 00-71-CC-8A-62-59
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim
   Endere�o IPv6 de link local . . . . . . . . : fe80::d56f:5455:86b9:60f3%14(Preferencial)
   Endere�o IPv4. . . . . . . .  . . . . . . . : 192.168.1.112(Preferencial)
   M�scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   Concess�o Obtida. . . . . . . . . . . . . . : quinta-feira, 21 de maio de 2015 19:02:46
   Concess�o Expira. . . . . . . . . . . . . . : sexta-feira, 22 de maio de 2015 19:02:50
   Gateway Padr�o. . . . . . . . . . . . . . . : 192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 302019020
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-1B-D4-DE-FF-00-71-CC-8A-62-59
   Servidores DNS. . . . . . . . . . . . . . . : 80.82.64.136
                                                 8.8.8.8
                                                 192.168.1.1
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet Ethernet:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . :
   Descri��o . . . . . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Endere�o F�sico . . . . . . . . . . . . . . : 78-2B-CB-EB-67-79
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim
Servidor:  UnKnown
Address:  80.82.64.136


Disparando google.com [216.58.219.174] com 32 bytes de dados:
Resposta de 216.58.219.174: bytes=32 tempo=157ms TTL=52
Resposta de 216.58.219.174: bytes=32 tempo=158ms TTL=52

Estat�sticas do Ping para 216.58.219.174:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 157ms, M�ximo = 158ms, M�dia = 157ms
Servidor:  UnKnown
Address:  80.82.64.136


Disparando yahoo.com [206.190.36.45] com 32 bytes de dados:
Resposta de 206.190.36.45: bytes=32 tempo=249ms TTL=46
Resposta de 206.190.36.45: bytes=32 tempo=306ms TTL=46

Estat�sticas do Ping para 206.190.36.45:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 249ms, M�ximo = 306ms, M�dia = 277ms

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat�sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 0ms, M�ximo = 0ms, M�dia = 0ms
===========================================================================
Lista de interfaces
 15...12 71 cc 8a 62 59 ......Adaptador Virtual Direto Wi-Fi da Microsoft
 14...00 71 cc 8a 62 59 ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
 13...78 2b cb eb 67 79 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere�o de rede          M�scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.112     25
        127.0.0.0        255.0.0.0      No v�nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v�nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v�nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      No v�nculo     192.168.1.112    281
    192.168.1.112  255.255.255.255      No v�nculo     192.168.1.112    281
    192.168.1.255  255.255.255.255      No v�nculo     192.168.1.112    281
        224.0.0.0        240.0.0.0      No v�nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v�nculo     192.168.1.112    281
  255.255.255.255  255.255.255.255      No v�nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v�nculo     192.168.1.112    281
===========================================================================
Rotas persistentes:
  Nenhuma

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m�trica      Gateway
  1    306 ::1/128                  No v�nculo
 14    281 fe80::/64                No v�nculo
 14    281 fe80::d56f:5455:86b9:60f3/128
                                    No v�nculo
  1    306 ff00::/8                 No v�nculo
 14    281 ff00::/8                 No v�nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/21/2015 07:20:10 PM) (Source: Application Hang) (User: )
Description: O programa NOTEPAD.EXE versão 6.3.9600.17415 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID do Processo: 17cc

Hora de Início: 01d09413c50f238b

Hora de Término: 0

Caminho do Aplicativo: C:\Windows\SysWOW64\NOTEPAD.EXE

ID do Relatório: 2622d006-0007-11e5-82fd-782bcbeb6779

Nome completo do pacote com falha:

ID do aplicativo relativo ao pacote com falha:

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: Não é possível inicializar o índice.

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: Não é possível inicializar o aplicativo.

Contexto: Aplicativo Windows

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: Não é possível inicializar o objeto coletor.

Contexto: Aplicativo Windows, Catálogo SystemIndex

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: Não é possível inicializar o plug-in em <Search.TripoliIndexer>.

Contexto: Aplicativo Windows, Catálogo SystemIndex

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: Não é possível inicializar o gerenciador de plug-ins <Search.TripoliIndexer>.

Contexto: Aplicativo Windows

Detalhes:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: O serviço Pesquisa do Windows está sendo interrompido devido a um problema no indexador:The catalog is corrupt.

Detalhes:
    O catálogo do índice de conteúdo está corrompido.   0xc0041801 (0xc0041801)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service) (User: )
Description: O serviço de pesquisa detectou arquivos de dados corrompidos no índice {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. O serviço tentará corrigir automaticamente esse problema recriando o índice.

Detalhes:
     0x8e5e0210 (0x8e5e0210)

Error: (05/21/2015 07:16:28 PM) (Source: ESENT) (User: )
Description: SearchIndexer (1096) Windows: Erro -1811 (0xfffff8ed) ao abrir o arquivo de log C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb000FB.log.

Error: (05/21/2015 07:02:48 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Nado.local already in use; will try Nado-2.local instead


System errors:
=============
Error: (05/21/2015 07:16:28 PM) (Source: Service Control Manager) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (05/21/2015 07:16:28 PM) (Source: Service Control Manager) (User: )
Description: O serviço Windows Search terminou com o seguinte erro específico de serviço:
%%2147749126

Error: (05/21/2015 07:16:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (05/21/2015 07:15:58 PM) (Source: Service Control Manager) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (05/21/2015 07:03:15 PM) (Source: Service Control Manager) (User: )
Description: A chamada ScRegSetValueExW falhou para FailureActions com o seguinte erro:
%%5

Error: (05/21/2015 06:39:44 PM) (Source: Service Control Manager) (User: )
Description: A chamada ScRegSetValueExW falhou para FailureActions com o seguinte erro:
%%5

Error: (05/21/2015 06:39:29 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Dell SupportAssist Agent devido ao seguinte erro:
%%1053

Error: (05/21/2015 06:39:29 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell SupportAssist Agent.

Error: (05/21/2015 06:37:39 PM) (Source: Service Control Manager) (User: )
Description: O serviço Intel® Capability Licensing Service Interface foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (05/21/2015 06:37:39 PM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi encerrado inesperadamente.  Isso aconteceu 3 vez(es).


Microsoft Office Sessions:
=========================
Error: (05/21/2015 07:20:10 PM) (Source: Application Hang)(User: )
Description: NOTEPAD.EXE6.3.9600.1741517cc01d09413c50f238b0C:\Windows\SysWOW64\NOTEPAD.EXE2622d006-0007-11e5-82fd-782bcbeb6779

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Contexto: Aplicativo Windows

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Contexto: Aplicativo Windows, Catálogo SystemIndex

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Contexto: Aplicativo Windows, Catálogo SystemIndex

Detalhes:
    O objeto especificado não pode ser encontrado. Especifique o nome de um objeto existente.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Contexto: Aplicativo Windows

Detalhes:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Detalhes:
    O catálogo do índice de conteúdo está corrompido.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (05/21/2015 07:16:28 PM) (Source: Windows Search Service)(User: )
Description: Detalhes:
     0x8e5e0210 (0x8e5e0210)
4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

Error: (05/21/2015 07:16:28 PM) (Source: ESENT)(User: )
Description: SearchIndexer1096Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb000FB.log-1811 (0xfffff8ed)

Error: (05/21/2015 07:02:48 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Nado.local already in use; will try Nado-2.local instead


CodeIntegrity Errors:
===================================
  Date: 2015-02-25 05:37:38.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:37.987
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:37.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:37.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:37.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:36.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:36.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:36.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:36.814
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-02-25 05:37:36.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\GbPlugin\gbpinj.dll that did not meet the Microsoft signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F46E8ADA-DCD9-B9C4-AA2F-28C4405E710D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 6.1.0.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Galeria de Fotos (HKLM-x32\...\{F5248B7E-779A-4FA4-8134-D1933D8680FA}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
League of Legends (HKLM-x32\...\{BCCDE721-9F4D-4396-9592-92DD865D965E}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Microsoft Office Home and Student 2013 - pt-br (HKLM\...\HomeStudentRetail - pt-br) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Módulo de Segurança -  Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - )
Movie Maker (HKLM-x32\...\{C32D87E1-6310-4CD5-8D6D-865AFE0E9B4E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 pt-BR)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Nome de sua empresa:) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Nome de sua empresa:)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0416-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Panda Devices Agent (HKLM-x32\...\{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}) (Version: 1.05.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Free Antivirus (HKLM\...\{3EFFD82C-5F18-4494-A4B8-FBB045DA68A3}) (Version: 7.82.00.0000 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0004 - Panda Security)
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.94 - Trusteer)
PX Profile Update (HKLM-x32\...\{99FB612E-F4EC-AD82-6915-06CA2A43FBB1}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{EF9F2125-9D1B-E14B-492D-B5173D43B772}) (Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1404.94 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.14.667 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 16264.96 MB
Available physical RAM: 13915.42 MB
Total Pagefile: 17800.96 MB
Available Pagefile: 15464.44 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.3 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:921.69 GB) (Free:805.48 GB) NTFS
4 Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.29 GB) NTFS
5 Drive y: (PBR Image) (Fixed) (Total:8.44 GB) (Free:0.72 GB) NTFS

========================= Users: ========================================

Contas de usu rio para \\NADO

Administrador            Bernardo                 Convidado                
Comando conclu¡do com ˆxito.


**** End of log ****
 

 

ESET - Im not sure this is the log, but is what i could find....

# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=423b0ba605382e4084834d5d2621f887
# engine=23963
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-21 11:51:18
# local_time=2015-05-21 08:51:18 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 100 7397 217530252 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5709908 56215571 0 0
# scanned=241516
# found=2
# cleaned=2
# scan_time=4567
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 07:20 PM

Tell me how the machine is running.

 

 

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

After you run this tool, make a new scan with minitoolbox and tick only list hosts.  Post that log, in your next reply.

 

 

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.



#9 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 07:47 PM

Well then, I think the machine is running much smoother and faster after all of the scans and repairs but the pop ups are still here. Now im also getting pop ups of new windows with aliexpress site and adf.ly. Also Malware keeps blocking the site owpawuk.ru.

Here are the logs:

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Bernardo (administrator) on 21-05-2015 at 21:28:48
Running from "C:\Users\Bernardo\Desktop"
Microsoft Windows 8.1 Single Language  (X64)
Model: Inspiron 5537 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1             localhost
127.0.0.1       localhost


**** End of log ****

 

Base de Dados de Rootkit: v2015.02.25.01
Licença: Premium
Proteção de Malware: Habilitado
Proteção de Site Malicioso: Habilitado
Auto-Proteção: Desabilitado

SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Bernardo

Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 354550
Tempo Decorrido: 10 min, 8 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 0
(Nenhum item malicioso detectado)

Valores de Registro: 0
(Nenhum item malicioso detectado)

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 0
(Nenhum item malicioso detectado)

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)
 

 



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 08:13 PM

Can you post a new ZHP log, delete the copy you have and download a fresh one.......  along with this please.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 08:14 PM

Also please reset your router to factory settings.

 

http://www.wikihow.com/Reset-a-Linksys-Router

 

 

EDIT:

 

Also please reset your browsers.

 

http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/


Edited by InadequateInfirmity, 21 May 2015 - 08:40 PM.


#12 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 08:59 PM

Ok, all browsers reseted and router reseted. Pop ups still here.

Here are the logs:

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Bernardo (administrator) on 21-05-2015 at 21:28:48
Running from "C:\Users\Bernardo\Desktop"
Microsoft Windows 8.1 Single Language  (X64)
Model: Inspiron 5537 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1             localhost
127.0.0.1       localhost


**** End of log ****

 

9-lab Removal Tool 1.0.0.34 BETA
9-lab.com

Database version: 104.31297

Windows 8.1 (Version 6.3, Build 0, 64-bit Edition)
Internet Explorer 9.11.9600.17801
Bernardo :: NADO

21/05/2015 22:25:11
9lab-log-2015-05-21 (22-25-11).txt

Scan type: Full
Objects scanned: 59689
Time Elapsed: 31 m 45 s

Registry Keys detected: 4
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com]
Adware.RPL.Gen.bot [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com]


Files detected: 15
[169180F02ABCECA5DE72FC5EEBC861BB] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\Quarantine]
[D2D195428B808123B0D118B1254894D7] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner-[R]-21052015-19_26_48.txt]
[03DA353B7EADC0B17D4DD3D4C1E0579F] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner-[S]-21052015-19_26_18.txt]
[D8F274EC700207BDEEA303F17F61AF37] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner-[S]-21052015-22_21_05.txt]
[FA30AEE36AF9AFB47CF8678DCC23E6C4] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner.exe]
[DE68845BF9305809A4850FEF769FAAF7] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner.txt]
[4A80489AF44D55C43840FF47BA2D60ED] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[5C57E1961334DCBAAA04DF4A463EBBE6] Trojan.FPL.Rotbrow.vb [c:\users\bernardo\appdata\roaming\ZHP\ZHPQ_Files.txt]
[AD15C31EE146580F4983A80A87286956] Malware.Win32.Gen.sm [C:\Nado\JRT.exe]
[D2279D67288F7AADDDA30CFA9264E97D] Malware.Win32.Gen.sm!s1 [C:\Nado\LeagueofLegends_BR_Installer_9_15_2014(1).exe]
[D2279D67288F7AADDDA30CFA9264E97D] Malware.Win32.Gen.sm!s1 [C:\Nado\LeagueofLegends_BR_Installer_9_15_2014.exe]
[AD15C31EE146580F4983A80A87286956] Malware.Win32.Gen.sm [C:\Users\Bernardo\Desktop\JRT.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.sm [C:\Users\Bernardo\Desktop\rsthosts_2.0.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.sm [C:\Users\Bernardo\Downloads\rsthosts_2.0.exe]

 



#13 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 09:20 PM

Not sure if im going crazy with all these scans, but now it seems that the pop up only appears when browsing this page specifically...



#14 fireber

fireber
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 21 May 2015 - 09:22 PM

Nevermind... pop up in other sites as well..



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 21 May 2015 - 09:27 PM

Ok, well one last scan to try,....

 

This whole process is only gonna take you about 15 mins, this program is pretty effective at finding many things that others leave...


Download install regrun.
http://greatis.com/security/reanimator.html
Right click run as administrator.
Click check for updates.
Then click on fix problems.
Then click on fix browser redirects.
Then choose to hide good as illustrated in the picture.

 

iC89hT7.jpg

Go through each of the 6 tabs and hit the remove checked box for each tab that has bad items checked by default.
When completed click on the last tab named finsh.
Then click on comprehensive scan.
Allow completion then click on fix problems if needed.
Then the program will set a restore point, click on get it out.
Reboot the computer, after bad items are removed.

After the reboot, right click the icon again run as admin.
click Fix problems.
Click on scan windows startup.
Click on use deep level scanning.
Click on make scan now.

Remove anything found by the tool.


After the reboot, right click the icon again run as admin.
click Fix problems.
Click multiengine online scan.
Remove and rogue files.
Reboot the computer.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users