edtambasco

Delete file in safe mode C:\WINDOWS\system32\Drivers\PROCEXP113.SYS - Size 0 Kbps. https://www.virustotal.com/pt/file/89d7aa3b784ac07e7f4229a5babaa8b5ccea9e88cff7c646354f6d46762f0d3f/analysis/

:::ComboFix ComboFix 15-08-27.01 - 1 29/08/2015 17:57:03.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.682 [GMT -3:00]Executando de: c:\documents and settings\1\Desktop\ComboFix.exeComandos utilizados :: c:\documents and settings\1\Desktop\CFScript.txt.ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!. ADS - system32: deleted 2 bytes in 1 streams. ADS - drivers: deleted 310 bytes in 1 streams. .(((((((((((((((( Arquivos/Ficheiros criados de 2015-07-28 to 2015-08-29 ))))))))))))))))))))))))))))..2015-08-25 23:04 . 2015-08-25 23:04 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys2015-08-25 23:04 . 2015-08-25 23:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RogueKiller2015-08-25 23:01 . 2015-08-25 23:03 -------- d-----w- C:\FRST2015-08-25 01:26 . 2015-08-29 19:26 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-08-25 01:25 . 2015-06-18 11:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2015-08-25 01:25 . 2015-08-25 01:26 -------- d-----w- c:\arquivos de programas\Malwarebytes Anti-Malware...((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-08-26 17:35 . 2015-02-20 10:26 49496 ----a-w- c:\windows\system32\drivers\gbpkm.sys2015-06-18 11:41 . 2012-10-27 12:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2009-03-28 . 4F907A212112BB564EC491ED0E6CE6AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Diebold - Warsaw"="c:\arquivos de programas\Diebold\Warsaw\core.exe" [2015-06-25 509752].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"TaskbarNoNotification"= 0 (0x0)"HideSCAHealth"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"TaskbarNoNotification"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GBPLUGIN\gbiehuni.dll" [2015-07-06 1759992].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]2015-08-19 17:36 1896320 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]2015-07-06 18:20 1759992 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AngoqpurRuqs.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WMPNetworkSvc"=3 (0x3)"tor"=2 (0x2)"ose"=3 (0x3)"odserv"=3 (0x3)"NMIndexingService"=3 (0x3)"MozillaMaintenance"=3 (0x3)"MDM"=2 (0x2)"JavaQuickStarterService"=2 (0x2)"IDriverT"=3 (0x3)"gupdatem"=3 (0x3)"gupdate"=2 (0x2).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"=.R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/2/2015 07:26 49496]R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/2/2015 07:26 587576]R2 Warsaw Technology;Warsaw Technology;c:\arquivos de programas\Diebold\Warsaw\core.exe [20/2/2015 07:23 509752]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [24/8/2015 22:26 98520]R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\gbpndisrdn.sys [20/2/2015 07:28 31448]S2 ckptib4;ckptib4;\??\c:\windows\SYSTEM32\DRIVERS\ckptib4.sys --> c:\windows\SYSTEM32\DRIVERS\ckptib4.sys [?]S2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe [24/8/2015 22:25 1871160]S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe [24/8/2015 22:25 1133880]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/5/2011 08:17 1691480]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/10/2012 09:26 23256]S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\gbpndisrdn.sys [20/2/2015 07:28 31448]S4 tor;Tor Win32 Service;c:\arquivos de programas\Tor\tor.exe [30/8/2013 08:14 3233806].--- =Outros Serviços/Drivers Na Memória ---.*NewlyCreated* - MBAMSWISSARMY*Deregistered* - GbFtIn.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-08-22 17:19 993608 ----a-w- c:\arquivos de programas\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe.Conteúdo da pasta 'Tarefas Agendadas'.2015-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef46c12b9a648.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 20:20].2015-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 20:20]..------- Scan Suplementar -------.uStart Page = https://www.google.com.br/IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: bancobrasil.com.br\www14Trusted Zone: bancobrasil.com.br\www2Trusted Zone: bb.com.br\segTrusted Zone: bb.com.br\wwwTrusted Zone: itau.com.brTrusted Zone: itau.com.br\banklineTrusted Zone: itau.com.br\clickbankingTrusted Zone: itau.com.br\guardiaoTrusted Zone: itau.com.br\wwwTrusted Zone: itaupersonnalite.com.br\wwwTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924}: NameServer = 201.77.112.3,201.77.112.9FF - ProfilePath - c:\documents and settings\1\Dados de aplicativos\Mozilla\Firefox\Profiles\x22e9100.default\FF - prefs.js: network.proxy.type - 0.- - - - ORFÃOS REMOVIDOS - - - -.AddRemove-MegaJogos - c:\arquivos de programas\MegaJogos\starter.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2015-08-29 18:16Windows 5.1.2600 Service Pack 3 NTFS.Procurando processos ocultos ... .Procurando entradas auto inicializáveis ocultas ... .Procurando ficheiros/arquivos ocultos ... .Varredura completada com sucessoarquivos/ficheiros ocultos: 0.**************************************************************************.--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,cb,4a,ef,bc,31,03,43,86,9c,0d,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,c9,62,8e,37,47,9e,48,9c,bf,1d,\.--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------.- - - - - - - > 'winlogon.exe'(984)c:\arquivos de programas\GbPlugin\gbieh.dllc:\arquivos de programas\GBPLUGIN\gbiehuni.dll.- - - - - - - > 'explorer.exe'(4048)c:\windows\system32\WININET.dllc:\arquivos de programas\GBPLUGIN\gbiehuni.dllc:\arquivos de programas\GbPlugin\gbieh.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\MPR.dll.Tempo para conclusão: 2015-08-29 18:24:48ComboFix-quarantined-files.txt 2015-08-29 21:24ComboFix2.txt 2015-08-25 01:04.Pré-execução: 14 pasta(s) 132.338.536.448 bytes disponíveisPós execução: 15 pasta(s) 132.325.302.272 bytes disponíveis.- - End Of File - - CB4C61183739F1B1614B8E9CA4222DCE239FC8B1C26D5286165A956F5A98D8D7 ::::Eset Online Scanner ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# EOSSerial=007368402f5e0545bb989fa39e039429# end=init# utc_time=2015-08-29 09:29:19# local_time=2015-08-29 06:29:19 (-0300, Hora oficial do Brasil)# country="Brazil"# osver=5.1.2600 NT Service Pack 3Update InitUpdate DownloadUpdate FinalizeUpdated modules version: 25511# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# EOSSerial=007368402f5e0545bb989fa39e039429# end=updated# utc_time=2015-08-29 09:33:37# local_time=2015-08-29 06:33:37 (-0300, Hora oficial do Brasil)# country="Brazil"# osver=5.1.2600 NT Service Pack 3# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7777# api_version=3.1.1# EOSSerial=007368402f5e0545bb989fa39e039429# engine=25511# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-08-29 10:14:44# local_time=2015-08-29 07:14:44 (-0300, Hora oficial do Brasil)# country="Brazil"# lang=1033# osver=5.1.2600 NT Service Pack 3# scanned=37915# found=3# cleaned=3# scan_time=2466sh=969E17C4265BC47F864359F5145B49F0BE9788CE ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AskToolbar\avr-4.cab"sh=26A805726393E1B2D98DE963CB049C8819743275 ft=1 fh=163693b253a2e06d vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll"sh=A35031C560B581B66EBC1AE996AB55AEA289C823 ft=0 fh=0000000000000000 vn="Win32/Tifaut.C worm (cleaned by deleting - quarantined)" ac=C fn="C:\WINDOWS\system32\autorun.i"

OK!!! ::::Combofix ComboFix 15-08-24.01 - 1 24/08/2015 21:41:40.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.644 [GMT -3:00]Executando de: c:\documents and settings\1\Desktop\ComboFix.exeAV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!. ADS - system32: deleted 2 bytes in 1 streams. ADS - drivers: deleted 224 bytes in 2 streams. .((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))..c:\docume~1\1\CONFIG~1\Temp\avgnt.exe\Avira.OE.ExtApi.dllc:\documents and settings\1\Configurações locais\temp\avgnt.exe\Avira.OE.ExtApi.dll..(((((((((((((((( Arquivos/Ficheiros criados de 2015-07-25 to 2015-08-25 ))))))))))))))))))))))))))))..2015-08-25 00:37 . 2015-08-25 00:37 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS2015-08-25 00:07 . 2015-08-25 00:20 -------- d-----w- C:\AdwCleaner...((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-06-19 11:42 . 2013-01-19 21:28 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys2015-06-19 11:42 . 2013-01-19 21:28 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2009-03-28 . 4F907A212112BB564EC491ED0E6CE6AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{4e8f6cb8-79e6-4def-8f44-6ffd56e07774}"= "c:\arquivos de programas\FileConverter_1.1\prxtbFile.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{4e8f6cb8-79e6-4def-8f44-6ffd56e07774}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{4E8F6CB8-79E6-4DEF-8F44-6FFD56E07774}"= "c:\arquivos de programas\FileConverter_1.1\prxtbFile.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{4e8f6cb8-79e6-4def-8f44-6ffd56e07774}].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2015-06-19 730416]"Diebold - Warsaw"="c:\arquivos de programas\Diebold\Warsaw\core.exe" [2015-06-25 509752]"Avira Systray"="c:\arquivos de programas\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"TaskbarNoNotification"= 0 (0x0)"HideSCAHealth"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"TaskbarNoNotification"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GBPLUGIN\gbiehuni.dll" [2015-07-06 1759992].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]2015-07-06 18:20 1759992 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AngoqpurRuqs.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WMPNetworkSvc"=3 (0x3)"tor"=2 (0x2)"ose"=3 (0x3)"odserv"=3 (0x3)"NMIndexingService"=3 (0x3)"MozillaMaintenance"=3 (0x3)"MDM"=2 (0x2)"JavaQuickStarterService"=2 (0x2)"IDriverT"=3 (0x3)"gupdatem"=3 (0x3)"gupdate"=2 (0x2).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Arquivos de programas\\Google\\Chrome\\Application\\chrome.exe"="c:\\Arquivos de programas\\Diebold\\Warsaw\\core.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"23872:TCP"= 23872:TCP:Tornado-TCP-IN-23872"23872:UDP"= 23872:UDP:Tornado-UDP-IN-23872"23875:TCP"= 23875:TCP:Tornado-TCP-IN-23875"23875:UDP"= 23875:UDP:Tornado-UDP-IN-23875.R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/2/2015 07:26 46392]R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19/1/2013 18:28 37896]R2 AntiVirSchedulerService;Avira Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [19/1/2013 18:29 450808]R2 Avira.ServiceHost;Avira Service Host;c:\arquivos de programas\Avira\Launcher\Avira.ServiceHost.exe [2/7/2015 13:13 218816]R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/2/2015 07:26 546104]R2 Warsaw Technology;Warsaw Technology;c:\arquivos de programas\Diebold\Warsaw\core.exe [20/2/2015 07:23 509752]R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\gbpndisrdn.sys [20/2/2015 07:28 31448]S2 AntiVirMailService;Avira Mail Protection;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [8/4/2015 12:50 825136]S2 AntiVirWebService;Avira Web Protection;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [19/1/2013 18:28 1187336]S2 ckptib4;ckptib4;\??\c:\windows\SYSTEM32\DRIVERS\ckptib4.sys --> c:\windows\SYSTEM32\DRIVERS\ckptib4.sys [?]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/5/2011 08:17 1691480]S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\gbpndisrdn.sys [20/2/2015 07:28 31448]S4 tor;Tor Win32 Service;c:\arquivos de programas\Tor\tor.exe [30/8/2013 08:14 3233806].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-08-22 17:19 993608 ----a-w- c:\arquivos de programas\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe.Conteúdo da pasta 'Tarefas Agendadas'.2015-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 22:56]..------- Scan Suplementar -------.uStart Page = https://www.google.com.br/IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: itau.com.brTrusted Zone: itau.com.br\banklineTrusted Zone: itau.com.br\clickbankingTrusted Zone: itau.com.br\guardiaoTrusted Zone: itau.com.br\wwwTrusted Zone: itaupersonnalite.com.br\wwwTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924}: NameServer = 201.77.112.3,201.77.112.9FF - ProfilePath - c:\documents and settings\1\Dados de aplicativos\Mozilla\Firefox\Profiles\x22e9100.default\FF - prefs.js: network.proxy.type - 0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2015-08-24 21:58Windows 5.1.2600 Service Pack 3 NTFS.Procurando processos ocultos ... .Procurando entradas auto inicializáveis ocultas ... .Procurando ficheiros/arquivos ocultos ... .Varredura completada com sucessoarquivos/ficheiros ocultos: 0.**************************************************************************.--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,cb,4a,ef,bc,31,03,43,86,9c,0d,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,c9,62,8e,37,47,9e,48,9c,bf,1d,\.--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------.- - - - - - - > 'winlogon.exe'(1024)c:\arquivos de programas\GBPLUGIN\gbiehuni.dll.- - - - - - - > 'explorer.exe'(4068)c:\windows\system32\WININET.dllc:\arquivos de programas\GBPLUGIN\gbiehuni.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\MPR.dll.------------------------ Outros Processos em Execução ------------------------.c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exec:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exec:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exec:\windows\system32\wscntfy.exe.**************************************************************************.Tempo para conclusão: 2015-08-24 22:04:32 - Máquina reiniciouComboFix-quarantined-files.txt 2015-08-25 01:04.Pré-execução: 14 pasta(s) 131.176.374.272 bytes disponíveisPós execução: 15 pasta(s) 131.884.146.688 bytes disponíveis.WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe.- - End Of File - - 0639B0227209A959D50FDD4C755F1125239FC8B1C26D5286165A956F5A98D8D7 :::Qoobox Attach Qoobox.zip

Hello my friend!!! Attach logs. ::: Hidden Files Windows XP - OK ::: Google Chrome - Save Desktop configuration OK ::: MalwareBytes Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25/8/2015 Scan Time: 19:05:21 Logfile: mbam.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.25.07 Rootkit Database: v2015.08.16.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: 1 Scan Type: Custom Scan Result: Completed Objects Scanned: 333755 Time Elapsed: 50 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ::: FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-08-2015 02 Ran by 1 (administrator) on HOME-0EE373B8F8 (25-08-2015 20:02:20) Running from C:\Documents and Settings\1\Desktop Loaded Profiles: 1 (Available Profiles: 1) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Português (Brasil) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (GAS Tecnologia) C:\ARQUIV~1\GbPlugin\gbpsv.exe (Nero AG) C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (Malwarebytes Corporation) C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe (GAS Tecnologia LTDA) C:\Arquivos de programas\Diebold\Warsaw\core.exe (Malwarebytes Corporation) C:\Arquivos de programas\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (GAS Tecnologia LTDA) C:\Arquivos de programas\Diebold\Warsaw\core.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Diebold - Warsaw] => C:\Arquivos de programas\Diebold\Warsaw\core.exe [509752 2015-06-24] (GAS Tecnologia LTDA) Winlogon\Notify\ GbPluginUni: C:\Arquivos de programas\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 Lsa: [Authentication Packages] msv1_0 nwprovau SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AngoqpurRuqs.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1708537768-527237240-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1708537768-527237240-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1708537768-527237240-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {2B849849-30A7-4958-919D-FB5BFDBD58F5} URL = SearchScopes: HKU\S-1-5-21-1708537768-527237240-1417001333-1003 -> DefaultScope {7E707433-1A9B-4B8E-B3C5-D675BB16696E} URL = hxxp://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-1708537768-527237240-1417001333-1003 -> {7E707433-1A9B-4B8E-B3C5-D675BB16696E} URL = hxxp://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta= BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2011-05-07] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-07] (Sun Microsystems, Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [2006-10-26] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924}: [NameServer] 201.77.112.3,201.77.112.9 Tcpip\..\Interfaces\{8E433A8A-9220-4CA2-9B9F-3D0650A77BA2}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\1\Dados de aplicativos\Mozilla\Firefox\Profiles\x22e9100.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll [2012-10-28] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-07] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Arquivos de programas\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Arquivos de programas\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Arquivos de programas\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml.moz-backup [2012-11-01] FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml.moz-backup [2012-11-01] FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-06] FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-06] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2011-05-07] FF HKU\S-1-5-21-1708537768-527237240-1417001333-1003\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\uni\xpi Chrome: ======= CHR Profile: C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05] CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-11-01] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 GbpSv; C:\Arquivos de programas\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia) S4 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2012-11-16] (Google Inc.) S4 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2012-11-16] (Google Inc.) S3 hpqcxs08; C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed] S4 IDriverT; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 InCDsrv; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [1554728 2007-11-26] (Nero AG) S4 JavaQuickStarterService; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376 2011-05-07] (Sun Microsystems, Inc.) R2 MBAMScheduler; C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S4 MDM; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-06-06] (Mozilla Foundation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] S4 NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation) R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2001-10-28] (Microsoft Corporation) S4 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [441712 2008-11-04] (Microsoft Corporation) S4 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] S4 tor; C:\Arquivos de programas\Tor\tor.exe [3233806 2013-08-30] () [File not signed] R2 Warsaw Technology; C:\Arquivos de programas\Diebold\Warsaw\core.exe [509752 2015-06-24] (GAS Tecnologia LTDA) S4 WMPNetworkSvc; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [914944 2006-11-02] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative) R0 GbpKm; C:\WINDOWS\System32\drivers\gbpkm.sys [46392 2014-08-12] (GAS Tecnologia) S3 gdrv; C:\WINDOWS\gdrv.sys [17488 2011-05-07] (Windows ® 2000 DDK provider) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [118952 2007-11-26] (Nero AG) R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-11-26] (Nero AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-11-26] (Nero AG) R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-11-26] (Nero AG) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-25] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.) S3 Ndisrd; C:\WINDOWS\System32\DRIVERS\gbpndisrdn.sys [31448 2015-02-20] (GAS Tecnologia) R3 NdisrdMP; C:\WINDOWS\System32\DRIVERS\gbpndisrdn.sys [31448 2015-02-20] (GAS Tecnologia) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-28] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-28] (Microsoft Corporation) R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation) S3 se45bus; C:\WINDOWS\System32\DRIVERS\se45bus.sys [61536 2006-11-30] (MCCI) S3 se45mdfl; C:\WINDOWS\System32\DRIVERS\se45mdfl.sys [9360 2006-11-30] (MCCI) S3 se45mdm; C:\WINDOWS\System32\DRIVERS\se45mdm.sys [97088 2006-11-30] (MCCI) S3 se45mgmt; C:\WINDOWS\System32\DRIVERS\se45mgmt.sys [88624 2006-11-30] (MCCI) S3 se45nd5; C:\WINDOWS\System32\DRIVERS\se45nd5.sys [18704 2006-11-30] (MCCI) S3 se45obex; C:\WINDOWS\System32\DRIVERS\se45obex.sys [86432 2006-11-30] (MCCI) S3 se45unic; C:\WINDOWS\System32\DRIVERS\se45unic.sys [90800 2006-11-30] (MCCI) S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.) S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.) S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 ckptib4; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ckptib4.sys [X] S4 IntelIde; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-25 20:02 - 2015-08-25 20:02 - 00015931 _____ C:\Documents and Settings\1\Desktop\FRST.txt 2015-08-25 20:01 - 2015-08-25 20:02 - 00000000 ____D C:\FRST 2015-08-25 19:59 - 2015-08-25 20:00 - 18772040 _____ C:\Documents and Settings\1\Desktop\RogueKiller.exe 2015-08-25 19:58 - 2015-08-25 19:58 - 01690112 _____ (Farbar) C:\Documents and Settings\1\Desktop\FRST.exe 2015-08-25 19:56 - 2015-08-25 19:56 - 00001050 _____ C:\Documents and Settings\1\Desktop\mbam.txt 2015-08-24 23:38 - 2015-08-24 23:38 - 00000564 _____ C:\Documents and Settings\All Users\Desktop\desktop turbo 1.lnk 2015-08-24 22:26 - 2015-08-25 19:05 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-24 22:26 - 2015-08-24 22:26 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes Anti-Malware 2015-08-24 22:25 - 2015-08-24 22:26 - 00000000 ____D C:\Arquivos de programas\Malwarebytes Anti-Malware 2015-08-24 22:25 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-24 22:04 - 2015-08-24 22:04 - 00009900 _____ C:\ComboFix.txt 2015-08-24 22:04 - 2015-08-24 22:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Configurações locais\temp 2015-08-24 22:04 - 2015-08-24 22:04 - 00000000 ____D C:\Documents and Settings\LocalService\Configurações locais\temp 2015-08-24 21:50 - 2015-08-25 20:02 - 00000000 ____D C:\Documents and Settings\1\Configurações locais\temp 2015-08-24 21:38 - 2011-06-26 03:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2015-08-24 21:38 - 2010-11-07 14:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2015-08-24 21:38 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2015-08-24 21:38 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2015-08-24 21:38 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2015-08-24 21:38 - 2000-08-30 21:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2015-08-24 21:38 - 2000-08-30 21:00 - 00098816 _____ C:\WINDOWS\sed.exe 2015-08-24 21:38 - 2000-08-30 21:00 - 00080412 _____ C:\WINDOWS\grep.exe 2015-08-24 21:38 - 2000-08-30 21:00 - 00068096 _____ C:\WINDOWS\zip.exe 2015-08-24 21:37 - 2015-08-24 22:04 - 00000000 ____D C:\Qoobox 2015-08-24 21:37 - 2015-08-24 22:04 - 00000000 _____ C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 2015-08-24 21:11 - 2015-08-25 18:35 - 00000159 ____N C:\WINDOWS\wiadebug.log 2015-08-24 21:11 - 2015-08-25 18:35 - 00000049 ____N C:\WINDOWS\wiaservc.log 2015-08-24 21:11 - 2015-08-24 21:11 - 00000000 ____N C:\WINDOWS\Sti_Trace.log 2015-08-24 21:10 - 2015-08-25 16:18 - 00006280 ____N C:\WINDOWS\SchedLgU.Txt 2015-08-24 21:09 - 2015-08-25 18:36 - 00027721 ____N C:\WINDOWS\WindowsUpdate.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-25 19:17 - 2012-11-16 19:56 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-25 19:04 - 2011-05-07 11:50 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt 2015-08-25 19:04 - 2007-01-01 04:44 - 00000000 ____D C:\Documents and Settings\1 2015-08-25 19:04 - 2007-01-01 03:14 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt 2015-08-25 18:35 - 2007-01-01 04:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-25 16:17 - 2007-01-01 04:45 - 00000210 ___SH C:\Documents and Settings\1\ntuser.ini 2015-08-24 23:24 - 2015-02-20 07:26 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2015-08-24 22:55 - 2007-01-01 00:13 - 00000000 ___RD C:\Arquivos de programas 2015-08-24 22:54 - 2007-01-01 04:44 - 00000000 ___HD C:\Documents and Settings\1\Configurações locais\Dados de aplicativos 2015-08-24 22:54 - 2007-01-01 03:35 - 00000000 ___HD C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos 2015-08-24 22:26 - 2012-10-27 09:27 - 00000000 ____D C:\Documents and Settings\1\Dados de aplicativos\Malwarebytes 2015-08-24 22:26 - 2007-01-01 00:11 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar\Programas 2015-08-24 22:25 - 2012-10-27 09:26 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2015-08-24 22:20 - 2007-01-01 04:44 - 00000000 ___RD C:\Documents and Settings\1\Menu Iniciar\Programas 2015-08-24 22:15 - 2015-02-06 23:13 - 00406294 _____ C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1708537768-527237240-1417001333-1003-0.dat 2015-08-24 22:15 - 2015-02-05 07:26 - 00203566 _____ C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat 2015-08-24 22:15 - 2014-11-25 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Package Cache 2015-08-24 22:15 - 2013-01-19 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2015-08-24 22:15 - 2013-01-19 18:28 - 00000000 ____D C:\Arquivos de programas\Avira 2015-08-24 22:15 - 2007-01-01 00:08 - 00000000 __RHD C:\Documents and Settings\All Users\Dados de aplicativos 2015-08-24 22:13 - 2012-06-02 19:09 - 00000000 ____D C:\Arquivos de programas\MegaJogos 2015-08-24 22:09 - 2007-01-01 04:44 - 00000000 __RHD C:\Documents and Settings\1\Dados de aplicativos 2015-08-24 22:04 - 2007-01-01 04:36 - 00000000 ___HD C:\Documents and Settings\LocalService\Configurações locais 2015-08-24 22:04 - 2007-01-01 03:35 - 00000000 ___HD C:\Documents and Settings\NetworkService\Configurações locais 2015-08-24 21:56 - 2001-10-28 13:07 - 00000246 _____ C:\WINDOWS\system.ini 2015-08-24 21:50 - 2007-01-01 04:44 - 00000000 ___HD C:\Documents and Settings\1\Configurações locais 2015-08-24 21:47 - 2007-01-01 00:13 - 00000000 ____D C:\Arquivos de programas\Arquivos comuns 2015-08-24 21:35 - 2012-10-28 14:02 - 00000000 ____D C:\WINDOWS\erdnt 2015-08-24 21:26 - 2007-01-01 00:06 - 00000211 ___SH C:\boot.ini 2015-08-24 21:26 - 2001-10-28 13:07 - 00000582 _____ C:\WINDOWS\win.ini 2015-08-24 21:22 - 2013-08-30 08:15 - 00000000 ____D C:\Documents and Settings\LocalService\Dados de aplicativos\tor 2015-08-24 20:53 - 2011-05-07 08:47 - 00000738 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2015-08-24 20:53 - 2011-05-07 08:47 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\CCleaner 2015-08-24 20:53 - 2011-05-07 08:46 - 00000000 ____D C:\Arquivos de programas\CCleaner 2015-08-24 16:23 - 2011-05-21 19:16 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2015-08-24 15:34 - 2007-01-01 03:11 - 00000000 ____D C:\WINDOWS\Registration 2015-08-21 13:24 - 2007-01-01 00:12 - 00000626 _____ C:\WINDOWS\system32\AUTOEXEC.NT 2015-08-10 15:59 - 2007-01-01 04:44 - 00000000 ___RD C:\Documents and Settings\1\Meus documentos 2015-08-02 00:56 - 2013-04-03 19:20 - 00000000 ____D C:\WINDOWS\Minidump 2015-07-31 17:43 - 2012-06-09 18:23 - 00000000 ____D C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Google ==================== Files in the root of some directories ======= 2013-02-19 18:56 - 2013-02-19 18:56 - 0000288 _____ () C:\Documents and Settings\1\Dados de aplicativos\.backup.dm 2014-02-20 16:43 - 2014-02-20 16:43 - 0000052 _____ () C:\Documents and Settings\1\Dados de aplicativos\id 2014-02-28 22:38 - 2014-02-28 22:38 - 0000041 _____ () C:\Documents and Settings\1\Dados de aplicativos\WB.CFG 2011-05-07 08:41 - 2015-07-16 16:04 - 0023040 _____ () C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-29 14:43 - 2012-06-29 14:43 - 0000134 _____ () C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\fusioncache.dat Some zero byte size files/folders: ========================== C:\Windows\System32\Drivers\PROCEXP113.SYS ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ ::: Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02 Ran by 1 (2015-08-25 20:03:14) Running from C:\Documents and Settings\1\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 1 (S-1-5-21-1708537768-527237240-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\1 Administrador (S-1-5-21-1708537768-527237240-1417001333-500 - Administrator - Enabled) ASPNET (S-1-5-21-1708537768-527237240-1417001333-1005 - Limited - Disabled) Convidado (S-1-5-21-1708537768-527237240-1417001333-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1708537768-527237240-1417001333-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1708537768-527237240-1417001333-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft) 32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.287 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden Assistente de Conexão do Windows Live (HKLM\...\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}) (Version: 5.000.818.5 - Microsoft Corporation) Atualização de Segurança para o Windows Media Player 11 (KB954154) (HKLM\...\KB954154_WM11) (Version: - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2497640) (HKLM\...\KB2497640-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation) Atualização de Segurança para Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation) Atualização de Segurança para Windows XP (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation) Atualização de Segurança para Windows XP (KB950760) (HKLM\...\KB950760) (Version: 1 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Disc2Phone (HKLM\...\{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}) (Version: 1.4.0.112 - Sony Media Software) dj_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle) LG USB Modem Drivers (HKLM\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics) Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MegaJogos (HKLM\...\MegaJogos) (Version: - ) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - ) Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Essentials (HKLM\...\{45B3A3BD-F90D-48FE-A147-D74878A51046}) (Version: 7.03.0920 - Nero AG) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6235 - Realtek Semiconductor Corp.) Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Sony Ericsson PC Suite (HKLM\...\{FC906D5C-91F9-4DA4-A765-6DCBB669F317}) (Version: 2.0.52 - Sony Ericsson) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Outlook 2007 Junk Email Filter (KB2596560) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2964DDE1-4925-4DF1-AF2C-0A36B3442228}) (Version: - Microsoft) Warsaw 1.3.1 (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) XP Codec Pack (HKLM\...\XP Codec Pack) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1708537768-527237240-1417001333-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) ==================== Restore Points ========================= 28-05-2015 12:51:23 Ponto de verificação do sistema 30-05-2015 13:42:51 Ponto de verificação do sistema 03-06-2015 11:31:16 Ponto de verificação do sistema 04-06-2015 13:19:13 Ponto de verificação do sistema 11-06-2015 14:50:43 Ponto de verificação do sistema 12-06-2015 15:52:15 Ponto de verificação do sistema 13-06-2015 16:37:07 Ponto de verificação do sistema 16-06-2015 13:24:23 Ponto de verificação do sistema 19-06-2015 12:35:25 Ponto de verificação do sistema 21-06-2015 18:16:34 Ponto de verificação do sistema 23-06-2015 11:30:02 Ponto de verificação do sistema 24-06-2015 15:55:09 Ponto de verificação do sistema 26-06-2015 09:47:05 Ponto de verificação do sistema 29-06-2015 10:50:53 Ponto de verificação do sistema 01-07-2015 11:07:12 Ponto de verificação do sistema 02-07-2015 12:03:07 Ponto de verificação do sistema 03-07-2015 12:05:37 Ponto de verificação do sistema 04-07-2015 15:53:14 Ponto de verificação do sistema 06-07-2015 11:08:30 Ponto de verificação do sistema 08-07-2015 09:56:36 Ponto de verificação do sistema 14-07-2015 15:51:01 Ponto de verificação do sistema 17-07-2015 16:59:45 Ponto de verificação do sistema 22-07-2015 12:08:53 Ponto de verificação do sistema 23-07-2015 19:50:43 Ponto de verificação do sistema 25-07-2015 14:03:39 Ponto de verificação do sistema 29-07-2015 09:19:10 Ponto de verificação do sistema 31-07-2015 15:32:54 Ponto de verificação do sistema 03-08-2015 15:55:50 Ponto de verificação do sistema 04-08-2015 16:58:34 Ponto de verificação do sistema 06-08-2015 10:33:53 Ponto de verificação do sistema 08-08-2015 18:24:29 Ponto de verificação do sistema 10-08-2015 12:34:22 Ponto de verificação do sistema 13-08-2015 06:29:30 Ponto de verificação do sistema 16-08-2015 16:12:42 Ponto de verificação do sistema 19-08-2015 10:43:31 Ponto de verificação do sistema 21-08-2015 12:32:03 Ponto de verificação do sistema 22-08-2015 19:55:38 Ponto de verificação do sistema 24-08-2015 11:02:13 Ponto de verificação do sistema ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-10-28 13:06 - 2015-08-24 21:55 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2006-03-09 16:45 - 2006-03-09 16:45 - 00081920 ____R () C:\Arquivos de programas\Arquivos comuns\Teleca Shared\boost_log-vc71-mt-1_33.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\drivers:GbpKmAp.lst ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1708537768-527237240-1417001333-1003\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1708537768-527237240-1417001333-1003\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1708537768-527237240-1417001333-1003\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1708537768-527237240-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\1\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.0.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019 ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Semiconductor Corp. Service: RTL8023xp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/25/2015 07:17:17 PM) (Source: DCOM) (EventID: 10005) (User: AUTORIDADE NT) Description: Erro "%%1058" no DCOM na tentativa de iniciar o serviço gupdate com argumentos "/comsvc" para iniciar o servidor: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz Percentage of memory in use: 57% Total physical RAM: 1015.48 MB Available physical RAM: 435.39 MB Total Virtual: 2442.86 MB Available Virtual: 1885.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:123.7 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: C5BEC5BE) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ ::: RogueKiller RogueKiller V10.10.2.0 [Aug 24 2015] por Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Site : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows XP (5.1.2600 Service Pack 3) 32 bits version Iniciou : Modo normal Usuário : 1 [Administrador] Started from : C:\Documents and Settings\1\Desktop\RogueKiller.exe Modo : Escanear -- Data : 08/25/2015 20:14:25 ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 4 ¤¤¤ [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924} | NameServer : 201.77.112.3,201.77.112.9 ([(Unknown Country?) (XX)][-]) -> Encontrado [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924} | NameServer : 201.77.112.3,201.77.112.9 ([(Unknown Country?) (XX)][-]) -> Encontrado [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924} | NameServer : 201.77.112.3,201.77.112.9 ([(Unknown Country?) (XX)][-]) -> Encontrado [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44A76D6D-45A2-41C9-9F2C-493B7FFBA924} | NameServer : 201.77.112.3,201.77.112.9 ([(Unknown Country?) (XX)][-]) -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 1 ¤¤¤ [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD1600BB-55RDA0 +++++ --- User --- [MBR] a07e7a1f1cc0d93c2b74b0b073c6432a [bSP] 494bed100c01b186d14f57b0928e57ac : Windows XP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB [Windows XP Bootstrap | Windows XP Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Myson CS8819A2-109 0 USB Device +++++ Error reading User MBR! ([15] O dispositivo não está pronto. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Não há suporte para o pedido. ) +++++ PhysicalDrive2: Myson CS8819A2-109 1 USB Device +++++ Error reading User MBR! ([15] O dispositivo não está pronto. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Não há suporte para o pedido. ) +++++ PhysicalDrive3: Myson CS8819A2-109 2 USB Device +++++ Error reading User MBR! ([15] O dispositivo não está pronto. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Não há suporte para o pedido. ) +++++ PhysicalDrive4: Myson CS8819A2-109 3 USB Device +++++ Error reading User MBR! ([15] O dispositivo não está pronto. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Não há suporte para o pedido. ) Thank you very much!!! I await answers

Hello how are you? I have a very slow PC. I think it might be malware, as it was not so slow. I try to run the Adwcleaner, does not open, try to open the JRT does not open, I tried to install Avast does not open the installer tried to install Panda Cloud does not open. Run MalwareBytes, and removed 463 PUP's, but the problem still persists. I await your help. Thank you.

Kevin thank you , I will make reading the indicated topic. The case was solved

Observation: (Update Firefox) Results of screen317's Security Check version 1.003 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 45 Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox (38.0.5) Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

Kevin.. Sorry DelFix remove FRST Fixlog.log, but the script was successful. DelFix:: # DelFix v1.010 - Relatório criado 09/06/2015 às 12:13:50# Atualizado 26/04/2015 por Xplode# Usuário : Cliente - FM-PC# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits) ~ Ativando UAC ... OK ~ Removendo ferramentas de desinfecção ... Removido : C:\QooboxRemovido : C:\FRSTRemovido : C:\Users\Cliente\Desktop\rkillRemovido : C:\Users\Cliente\Desktop\Addition.txtRemovido : C:\Users\Cliente\Desktop\AdwCleaner.exeRemovido : C:\Users\Cliente\Desktop\FRST.exeRemovido : C:\Users\Cliente\Desktop\FRST.txtRemovido : C:\Users\Cliente\Desktop\LOG Forum MBAM.txtRemovido : C:\Users\Cliente\Desktop\rkill.exeRemovido : C:\Users\Cliente\Desktop\Rkill.txtRemovido : C:\Users\Cliente\Desktop\SecurityCheck.exeRemovido : C:\Users\Cliente\Downloads\Addition.txtRemovido : C:\Users\Cliente\Downloads\FRST.exeRemovido : C:\Users\Cliente\Downloads\FRST.txtRemovido : C:\Users\Cliente\Documents\Downloads\dds.scrRemovido : HKLM\SOFTWARE\AdwCleanerRemovido : HKLM\SOFTWARE\SwearwareRemovido : HKLM\SOFTWARE\TrendMicro\HijackthisRemovido : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR ~ Criando backup do registro ... OK ~ Limpando pontos da restauração do sistema ... Removido : RP #94 [ComboFix created restore point | 06/05/2015 18:05:36]Removido : RP #95 [Ponto de verificação por HitmanPro | 06/05/2015 23:17:50]Removido : RP #96 [Ponto de verificação por HitmanPro | 06/05/2015 23:18:54]Removido : RP #98 [avast! antivirus system restore point | 06/08/2015 18:37:40]Removido : RP #100 [avast! antivirus system restore point | 06/08/2015 19:08:10]Removido : RP #101 [Removed Java 7 Update 67 | 06/09/2015 14:13:21] Novo ponto de restauração criado ! ~ Redefinindo configurações do sistema ... OK ########## - EOF - ########## Delfix:: Results of screen317's Security Check version 1.003 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 45 Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox 35.0.1 Firefox out of Date! Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Then run the DelFix again to remove traces I believe that this topic is solved, I await his final remarks. Thank you for your excellent analysisThank you very much.Looking for something please contact me

Kevin, follows LOGS FixLog:: Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015Ran by Cliente at 2015-06-08 18:58:06 Run:2Running from C:\FRSTLoaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Boot Mode: Normal ============================================== fixlist content:*****************StartBHO: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> No FileShellExecuteHooks: - {E37CB5F0-51F5-4395-A808-5FA49E399008} - No File [ ]FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)C:\Users\Cliente\AppData\Local\GAS TecnologiaFF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpiFF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30]BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)U2 V2iMount; No ImagePathCustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.brAlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lstAlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomPropertyC:\Windows\System32\drivers\gbpkm.sysC:\Windows\System32\DRIVERS\gbpndisrdn.sysC:\Program Files\DieboldEmpytemp:End***************** "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully.HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} => value removed successfully.HKCR\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008} => key not found. "HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\MozillaPlugins\gastecnologia.com.br/sf/uni" => key removed successfully.C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll => moved successfully.C:\Users\Cliente\AppData\Local\GAS Tecnologia => moved successfully.HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873} => value removed successfully.C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. V2iMount => Service removed successfully."HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}" => key removed successfully."HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}" => key removed successfully."HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itau.com.br" => key removed successfully.HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itau.com.br => key not found. "HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itaupersonnalite.com.br" => key removed successfully.C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removed successfully..C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml => ":OECustomProperty" ADS removed successfully..C:\Windows\System32\drivers\gbpkm.sys => moved successfully.C:\Windows\System32\DRIVERS\gbpndisrdn.sys => moved successfully."C:\Program Files\Diebold" => File/Folder not found.Empytemp: => Error: No automatic fix found for this entry. ==== End of Fixlog 18:58:06 ==== Security Check Tool LOG:: Results of screen317's Security Check version 1.003 Windows 7 x86 (UAC is disabled!) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 67 Java version 32-bit out of Date! Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox 30.0 Firefox out of Date! Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Log:: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015Ran by Cliente (administrator) on FM-PC on 08-06-2015 19:54:13Running from C:\FRSTLoaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Português (Brasil)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-08] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-08] (Avast Software s.r.o.)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1 FireFox:========FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23] Chrome: =======CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-08] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-08] (Avast Software)S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-08] () [File not signed]R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-08] () [File not signed]R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-08] () [File not signed]R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-08] () [File not signed]R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-08] () [File not signed]R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-06-08] () [File not signed]R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-08] () [File not signed]R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-08] () [File not signed]S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-06] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-08] (Avast Software)S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 19:13 - 2015-06-08 19:13 - 00001929 _____ C:\Users\Cliente\Downloads\Fixlist.txt2015-06-08 18:44 - 2015-06-08 18:44 - 00852652 _____ C:\Users\Cliente\Desktop\SecurityCheck.exe2015-06-08 16:24 - 2015-06-08 16:24 - 00000000 ____D C:\Windows\system32\vbox2015-06-08 16:21 - 2015-06-08 16:21 - 00073368 _____ C:\Windows\PFRO.log2015-06-08 16:09 - 2015-06-08 16:09 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe2015-06-08 16:09 - 2015-06-08 16:09 - 00106912 _____ C:\Windows\system32\Drivers\aswStm.sys2015-06-08 16:09 - 2015-06-08 16:09 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr2015-06-08 16:09 - 2015-06-08 16:09 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys2015-06-08 16:09 - 2015-06-08 16:09 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-06-08 16:09 - 2015-06-08 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-06-08 15:52 - 2015-06-08 15:52 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\AVAST Software2015-06-08 15:38 - 2015-06-08 16:09 - 00427992 _____ C:\Windows\system32\Drivers\aswSP.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00081728 _____ C:\Windows\system32\Drivers\aswRdr2.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00074976 _____ C:\Windows\system32\Drivers\aswMonFlt.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys2015-06-08 15:38 - 2015-06-08 16:08 - 00787760 _____ C:\Windows\system32\Drivers\aswSnx.sys2015-06-08 15:37 - 2015-06-08 15:37 - 00111520 _____ C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT2015-06-08 15:37 - 2015-06-08 15:37 - 00000000 ____D C:\Program Files\AVAST Software2015-06-08 14:34 - 2015-06-08 19:46 - 00000168 _____ C:\Windows\setupact.log2015-06-08 14:34 - 2015-06-08 14:34 - 00434752 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-08 14:34 - 2015-06-08 14:34 - 00000000 _____ C:\Windows\setuperr.log2015-06-08 14:31 - 2015-06-08 14:31 - 02231296 _____ C:\Users\Cliente\Desktop\AdwCleaner.exe2015-06-08 14:29 - 2015-06-08 14:29 - 00026072 _____ C:\Users\Cliente\Desktop\Addition.txt2015-06-08 14:29 - 2015-06-08 14:29 - 00020741 _____ C:\Users\Cliente\Desktop\FRST.txt2015-06-08 14:28 - 2015-06-08 14:28 - 00000000 ____D C:\Users\Cliente\Desktop\rkill2015-06-08 14:27 - 2015-06-08 14:27 - 01147904 _____ (Farbar) C:\Users\Cliente\Desktop\FRST.exe2015-06-08 14:26 - 2015-06-08 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Desktop\rkill.exe2015-06-08 12:48 - 2015-06-08 19:49 - 00012850 _____ C:\Windows\WindowsUpdate.log2015-06-08 12:48 - 2015-06-08 12:48 - 00026331 _____ C:\Users\Cliente\Downloads\Addition.txt2015-06-08 12:47 - 2015-06-08 12:48 - 00021187 _____ C:\Users\Cliente\Downloads\FRST.txt2015-06-08 12:47 - 2015-06-08 12:47 - 01147904 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe2015-06-06 11:58 - 2015-06-06 11:59 - 00000000 ____D C:\KVRT_Data2015-06-06 09:14 - 2015-06-08 19:54 - 00000000 ____D C:\FRST2015-06-06 09:05 - 2015-06-06 09:05 - 00000196 ____N C:\Users\Cliente\Desktop\VIEIRA.url2015-06-06 09:04 - 2015-06-06 09:04 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore (1).exe2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe2015-06-05 21:05 - 2015-06-08 14:28 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie92015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-05 15:51 - 2015-06-06 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe2015-06-05 14:34 - 2015-06-06 11:55 - 00000000 ____D C:\Windows\Minidump2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA930002015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google2015-06-08 19:51 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-08 19:51 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-08 19:50 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-08 19:50 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat2015-06-08 19:50 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat2015-06-08 19:46 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-08 19:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-08 15:37 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software2015-06-08 15:37 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software2015-06-08 12:46 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-06-06 09:59 - 2014-06-23 09:02 - 00000008 __RSH C:\Users\BLANDO\ntuser.pol2015-06-06 09:59 - 2014-06-23 09:01 - 00000000 ____D C:\Users\BLANDO2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office152015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk Some files in TEMP:====================C:\Users\Cliente\AppData\Local\temp\Quarantine.exeC:\Users\Cliente\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-05 19:52 ==================== End of log ============================ Others:: QuestionPlease have a question, this entry is legitimate? This refers to what? I believe it is important to delete these folders to do a clean install of Banks. I await your response, thank you. But if you allow me I remove manuallyI look back, thank you.

Hello, thank you - You're a great expert I'll post a Fixlog in recovery mode, and I ask your help to check for other orphaned entries. The files are in the Quarantine folder, and really are files for bank protection. But I did not imagine that it could hinder the LOG. I thought it was malware, malware or any restriction on the GPO, and even the fear of a rootkit, for Avast also was not opening. After removing the GBPlugin the FRST usually opened on my Desktop. POST put some results after removal of GBPlugin Malwarebytes - No malware found! (Mode Rootkit walk Chameleon ON) Hitman Pro x86 - No malware found! (Only cookies manually removed) Kaspersky Virus Removal Tool - No malware found. Panda Cloud - No Malware found! I'll post pictures of the program and removed after Fixlog and the new LOG FRST and Addition to analyze you please! Print before image: http://oi61.tinypic.com/69lytz.jpg Print after image: http://oi62.tinypic.com/szjse0.jpg Then I CCleaner and removed invalid registry entries. But even then the GBPlugin carried (start) with OS. Then I went into recovery mode, and spent the FRST Tool with the entries found in the LOG Fixlog:: Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015 Ran by SYSTEM at 2015-06-08 12:42:43 Run:1 Running from I:\ Boot Mode: Recovery ============================================== fixlist content: ***************** R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia) R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia) Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco) C:\Windows\system32\drivers:GbpKmAp.lst C:\Program Files\GbPlugin ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco) R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia) R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia) R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia) ***************** GbpKm => Service removed successfully. ndisrd => Service removed successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni" => key removed successfully. "C:\Windows\system32\drivers:GbpKmAp.lst" => Could not move. C:\Program Files\GbPlugin => moved successfully. ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco) => Error: The entry should be fixed outside recovery mode. BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco) => Error: The entry should be fixed outside recovery mode. GbpSv => Service removed successfully. GbpKm => Service not found. ndisrd => Service not found. ==== End of Fixlog 12:42:44 ==== New LOGS for you to analyze please Rkill:: Rkill 2.7.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2015 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/08/2015 02:28:03 PM in x86 mode. Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Advanced Explorer Setting Removed: HideIcons [HKCU] Backup Registry file created at: C:\Users\Cliente\Desktop\rkill\rkill-06-08-2015-02-28-04.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/08/2015 02:28:21 PM Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s) FRST:: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015 Ran by Cliente (administrator) on FM-PC on 08-06-2015 14:29:02 Running from C:\Users\Cliente\Desktop Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Português (Brasil) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) ShellExecuteHooks: - {E37CB5F0-51F5-4395-A808-5FA49E399008} - No File [ ] Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1 FireFox: ======== FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23] FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi FF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30] Chrome: ======= CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.) S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink) S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor) S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.) S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-06] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.) S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.) R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology) R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.) U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 14:29 - 2015-06-08 14:29 - 00008797 _____ C:\Users\Cliente\Desktop\FRST.txt 2015-06-08 14:28 - 2015-06-08 14:28 - 00000000 ____D C:\Users\Cliente\Desktop\rkill 2015-06-08 14:27 - 2015-06-08 14:27 - 01147904 _____ (Farbar) C:\Users\Cliente\Desktop\FRST.exe 2015-06-08 14:26 - 2015-06-08 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Desktop\rkill.exe 2015-06-08 12:48 - 2015-06-08 14:04 - 00002954 _____ C:\Windows\WindowsUpdate.log 2015-06-08 12:48 - 2015-06-08 12:48 - 00026331 _____ C:\Users\Cliente\Downloads\Addition.txt 2015-06-08 12:47 - 2015-06-08 12:48 - 00021187 _____ C:\Users\Cliente\Downloads\FRST.txt 2015-06-08 12:47 - 2015-06-08 12:47 - 01147904 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe 2015-06-06 11:58 - 2015-06-06 11:59 - 00000000 ____D C:\KVRT_Data 2015-06-06 09:14 - 2015-06-08 14:29 - 00000000 ____D C:\FRST 2015-06-06 09:05 - 2015-06-06 09:05 - 00000196 ____N C:\Users\Cliente\Desktop\VIEIRA.url 2015-06-06 09:04 - 2015-06-06 09:04 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore (1).exe 2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-05 21:05 - 2015-06-08 14:28 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt 2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe 2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller 2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller 2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup 2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol 2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google 2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed 2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer 2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie9 2015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro 2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro 2015-06-05 15:51 - 2015-06-06 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox 2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt 2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-05 14:34 - 2015-06-06 11:55 - 00000000 ____D C:\Windows\Minidump 2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group 2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner 2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA93000 2015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe 2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml 2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype 2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar 2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk 2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google 2015-06-08 14:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-08 12:50 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-08 12:50 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-08 12:49 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-08 12:49 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat 2015-06-08 12:49 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat 2015-06-08 12:46 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-06-08 12:45 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-06 09:59 - 2014-06-23 09:02 - 00000008 __RSH C:\Users\BLANDO\ntuser.pol 2015-06-06 09:59 - 2014-06-23 09:01 - 00000000 ____D C:\Users\BLANDO 2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente 2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol 2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF 2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software 2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office15 2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default 2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public 2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther 2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype 2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries 2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas 2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls 2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas 2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia 2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia 2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e 2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls 2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk 2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype 2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-05 19:52 ==================== End of log ============================ Adiition:: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015 Ran by Cliente at 2015-06-08 14:29:28 Running from C:\Users\Cliente\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1769825870-618250928-672845706-500 - Administrator - Disabled) BLANDO (S-1-5-21-1769825870-618250928-672845706-1003 - Administrator - Enabled) => C:\Users\BLANDO Cliente (S-1-5-21-1769825870-618250928-672845706-1000 - Administrator - Enabled) => C:\Users\Cliente Convidado (S-1-5-21-1769825870-618250928-672845706-501 - Limited - Enabled) Ed (S-1-5-21-1769825870-618250928-672845706-1006 - Administrator - Enabled) => C:\Users\Ed PAMELA (S-1-5-21-1769825870-618250928-672845706-1004 - Administrator - Enabled) => C:\Users\PAMELA RAFAEL (S-1-5-21-1769825870-618250928-672845706-1005 - Administrator - Enabled) => C:\Users\RAFAEL ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.) Dropbox (HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - ) Malwarebytes Anti-Malware versão 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla) Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG) Prerequisite installer (Version: 12.0.0002 - Nero AG) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer) Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) Hidden Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 05-06-2015 15:05:36 ComboFix created restore point 05-06-2015 20:17:50 Ponto de verificação por HitmanPro 05-06-2015 20:18:54 Ponto de verificação por HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:04 - 2007-01-01 21:32 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11F2769F-F630-485C-83DA-8545AEFD5DBF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd Task: {39872018-7B13-40E9-B044-DF7427F41C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated) Task: {47F5B73D-C031-4E07-A1EC-64C44842C4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {C4343F18-9AB7-4ED8-B01F-F86181B45C47} - System32\Tasks\avastBCLRestartS-1-5-21-1769825870-618250928-672845706-1000 => Chrome.exe Task: {C8529282-CFB1-40E2-AD9D-1C6184F1E666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {F9B918E0-5D52-438E-85E7-5378EC8C457D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst AlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1769825870-618250928-672845706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.1.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: Warsaw Technology => 2 MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= Name: Mouse compatível com PS/2 Description: Mouse compatível com PS/2 Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/08/2015 01:08:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (06/08/2015 01:08:43 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de diretiva SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3. Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado. A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0". A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0". Use o arquivo sxstrace.exe para obter um dignóstico detalhado. Error: (06/08/2015 01:08:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (06/06/2015 09:48:32 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (06/06/2015 09:48:25 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de diretiva SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3. Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado. A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0". A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0". Use o arquivo sxstrace.exe para obter um dignóstico detalhado. Error: (06/06/2015 09:48:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . System errors: ============= Error: (06/08/2015 00:15:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço. Error: (06/06/2015 09:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 22:24:25 às ?01/?01/?2007 não era esperado. Error: (01/01/2007 09:20:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (01/01/2007 09:16:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (06/05/2015 10:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 10:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 21:56:28 às ?05/?06/?2015 não era esperado. Microsoft Office: ========================= Error: (06/08/2015 01:08:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (06/08/2015 01:08:43 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3 Error: (06/08/2015 01:08:38 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe Error: (06/06/2015 09:48:32 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (06/06/2015 09:48:25 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3 Error: (06/06/2015 09:48:20 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. CodeIntegrity Errors: =================================== Date: 2015-03-25 02:00:05.558 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.191 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.086 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.062 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz Percentage of memory in use: 36% Total physical RAM: 2039.37 MB Available physical RAM: 1303.52 MB Total Pagefile: 4378.73 MB Available Pagefile: 3550.72 MB Total Virtual: 2047.88 MB Available Virtual: 1910.85 MB ==================== Drives ================================ Drive c: (Disco Local) (Fixed) (Total:465.76 GB) (Free:425.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 072C3186) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of log ============================ Suplementar LOG - Adwcleaner:: # AdwCleaner v4.206 - Relatório criado 08/06/2015 às 14:33:16 # Atualizado 01/06/2015 por Xplode # Base de dados : 2015-06-05.1 [servidor] # Sistema operacional : Windows 7 Ultimate (x86) # Usuário : Cliente - FM-PC # Executando de : C:\Users\Cliente\Desktop\AdwCleaner.exe # Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v30.0 (pt-BR) -\\ Google Chrome v43.0.2357.81 [C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] : [C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422121674&from=cor&uid=WDCXWD5000AAKX-003CA0_WD-WMAYU943954239542 ************************* AdwCleaner[R1].txt - [5540 bytes] - [08/06/2015 14:31:51] AdwCleaner[s1].txt - [1038 bytes] - [08/06/2015 14:33:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1097 bytes] ########## How should I proceed now please? Sorry my English (Google Translate). I saw that there are errors in the system and that it still tries to load the GBPlugin but with error.

Ok Kevin, RKill Log: Rkill 2.7.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2015 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/06/2015 09:04:53 AM in x86 mode.Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Advanced Explorer Setting Removed: HideIcons [HKCU] Backup Registry file created at: C:\Users\Cliente\Desktop\rkill\rkill-06-06-2015-09-05-01.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/06/2015 09:05:28 AMExecution time: 0 hours(s), 0 minute(s), and 34 seconds(s) ----- Download Chrome or IE - Farbar 32 Bits (Open fast close) ( on the problem computer useless to download and rename, saved from another pc already renamed) Download other PC in Flash USB, rename tool file explorer.com (software initiated) LOG FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015Ran by Cliente (administrator) on FM-PC on 06-06-2015 09:14:57Running from E:\Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Português (Brasil)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Farbar) E:\EXPLORER.COM ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-05-14] (GAS Tecnologia LTDA)Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1769825870-618250928-672845706-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1 FireFox:========FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23]FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpiFF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30] Chrome: =======CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-05-14] (GAS Tecnologia LTDA)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)S2 hpzstatn; C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-05] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-05-14] (Basil)R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.)S3 catchme; \??\C:\32788R22FWJFW\catchme.sys [X]S3 hamachi; system32\DRIVERS\hamachi.sys [X]U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-06-05] ()U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ____D C:\Users\Todos os Usuários\LogMeIn2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ____D C:\ProgramData\LogMeIn2015-06-27 12:21 - 2015-06-27 12:21 - 08552448 _____ C:\Users\BLANDO\Desktop\hamachi.msi2015-06-27 12:20 - 2015-06-27 12:21 - 08552448 _____ C:\Users\BLANDO\Downloads\hamachi.msi2015-06-27 11:36 - 2015-06-27 11:36 - 09605030 _____ C:\Users\BLANDO\Downloads\minecraft_server.1.7.10.jar2015-06-27 11:25 - 2015-06-27 11:25 - 00651784 _____ C:\Users\BLANDO\Downloads\lntro 'Zero' - 10Youtube.com.webm2015-06-27 11:25 - 2015-06-27 11:25 - 00651784 _____ C:\Users\BLANDO\Downloads\lntro 'Zero' - 10Youtube.com (1).webm2015-06-06 09:14 - 2015-06-06 09:14 - 00000000 ____D C:\FRST2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe2015-06-05 21:05 - 2015-06-06 09:05 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt2015-06-05 21:05 - 2015-06-06 09:05 - 00000000 ____D C:\Users\Cliente\Desktop\rkill2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe2015-06-05 20:49 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller2015-06-05 20:36 - 2015-06-05 20:36 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup2015-06-05 20:26 - 2015-06-05 20:26 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FM-PC-Windows-7-Ultimate-(32-bit).dat2015-06-05 20:20 - 2015-06-05 20:20 - 00001360 _____ C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie92015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-05 20:07 - 2015-06-05 20:07 - 10105736 ____N (SurfRight B.V.) C:\Users\Cliente\Desktop\hp.exe2015-06-05 15:51 - 2015-06-05 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe2015-06-05 14:55 - 2006-06-05 20:18 - 05628238 ____R (Swearware) C:\Users\Cliente\Desktop\ComboFix.exe2015-06-05 14:42 - 2015-06-05 14:42 - 00415232 ____N (Farbar) C:\Users\Cliente\Desktop\FSS.exe2015-06-05 14:36 - 2015-06-05 14:36 - 00111520 _____ C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT2015-06-05 14:34 - 2015-06-06 09:01 - 00000616 _____ C:\Windows\setupact.log2015-06-05 14:34 - 2015-06-05 14:34 - 2138485746 _____ C:\Windows\MEMORY.DMP2015-06-05 14:34 - 2015-06-05 14:34 - 00434752 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-05 14:34 - 2015-06-05 14:34 - 00147040 _____ C:\Windows\Minidump\060515-25194-01.dmp2015-06-05 14:34 - 2015-06-05 14:34 - 00000000 ____D C:\Windows\Minidump2015-06-05 14:34 - 2015-06-05 14:34 - 00000000 _____ C:\Windows\setuperr.log2015-06-05 14:34 - 2007-01-01 21:25 - 00324432 _____ C:\Windows\PFRO.log2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner2015-06-02 14:07 - 2015-06-02 14:08 - 03077905 _____ C:\Users\BLANDO\Downloads\forge-1.7.10-10.13.2.1230-installer.jar2015-06-01 16:12 - 2015-06-01 16:13 - 44143120 _____ C:\Users\BLANDO\Downloads\atheros driver installation_9.2.0.412_w7x86 x64.rar2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA930002015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 15:15 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Downloads\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 15:00 - 2015-05-14 15:01 - 03092531 _____ C:\Users\BLANDO\Downloads\forge-1.7.10-10.13.2.1291-installer.jar2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google2015-06-06 09:09 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-06 09:09 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat2015-06-06 09:09 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat2015-06-06 09:06 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-06 09:06 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-06 09:04 - 2015-01-03 10:49 - 00265216 _____ C:\Windows\WindowsUpdate.log2015-06-06 09:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-06 09:01 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software2015-06-05 21:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office152015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther2015-06-05 14:18 - 2015-01-23 10:30 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\.minecraft2015-06-05 13:08 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Files in the root of some directories ======= 2014-07-14 20:29 - 2015-01-05 18:32 - 0031842 _____ () C:\Users\Cliente\AppData\Roaming\unins000.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-05 19:52\==================== End of log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-06-2015Ran by Cliente at 2015-06-06 09:15:37Running from E:\Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1769825870-618250928-672845706-500 - Administrator - Disabled)BLANDO (S-1-5-21-1769825870-618250928-672845706-1003 - Administrator - Enabled) => C:\Users\BLANDOCliente (S-1-5-21-1769825870-618250928-672845706-1000 - Administrator - Enabled) => C:\Users\ClienteConvidado (S-1-5-21-1769825870-618250928-672845706-501 - Limited - Enabled)Ed (S-1-5-21-1769825870-618250928-672845706-1006 - Administrator - Enabled) => C:\Users\EdPAMELA (S-1-5-21-1769825870-618250928-672845706-1004 - Administrator - Enabled) => C:\Users\PAMELARAFAEL (S-1-5-21-1769825870-618250928-672845706-1005 - Administrator - Enabled) => C:\Users\RAFAEL ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Reader XI (11.0.11) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)Dropbox (HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenIntel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )Malwarebytes Anti-Malware versão 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)Prerequisite installer (Version: 12.0.0002 - Nero AG) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) HiddenRevo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)Warsaw 1.3.1 (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) HiddenWindows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 05-06-2015 15:05:36 ComboFix created restore point05-06-2015 20:17:50 Ponto de verificação por HitmanPro05-06-2015 20:18:54 Ponto de verificação por HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:04 - 2007-01-01 21:32 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11F2769F-F630-485C-83DA-8545AEFD5DBF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmdTask: {39872018-7B13-40E9-B044-DF7427F41C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)Task: {47F5B73D-C031-4E07-A1EC-64C44842C4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)Task: {C4343F18-9AB7-4ED8-B01F-F86181B45C47} - System32\Tasks\avastBCLRestartS-1-5-21-1769825870-618250928-672845706-1000 => Chrome.exe Task: {C8529282-CFB1-40E2-AD9D-1C6184F1E666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)Task: {F9B918E0-5D52-438E-85E7-5378EC8C457D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2013-11-14 15:49 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll2015-05-15 14:29 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\BLANDO\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2015-05-15 14:29 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\BLANDO\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2007-01-01 00:16 - 2015-05-22 17:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lstAlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1769825870-618250928-672845706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 10.1.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= Name: Mouse compatível com PS/2Description: Mouse compatível com PS/2Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-InterfaceDescription: Adaptador de Túnel Teredo da MicrosoftClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . System errors:=============Error: (06/06/2015 09:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:38 PM) (Source: EventLog) (EventID: 6008) (User: )Description: O desligamento anterior do sistema em 22:24:25 às ‎01/‎01/‎2007 não era esperado. Error: (01/01/2007 09:20:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (01/01/2007 09:16:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (06/05/2015 10:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 10:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:40 PM) (Source: EventLog) (EventID: 6008) (User: )Description: O desligamento anterior do sistema em 21:56:28 às ‎05/‎06/‎2015 não era esperado. Error: (06/05/2015 09:54:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Microsoft Office:=========================Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. CodeIntegrity Errors:=================================== Date: 2015-03-25 02:00:05.558 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.191 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.086 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.062 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHzPercentage of memory in use: 39%Total physical RAM: 2039.37 MBAvailable physical RAM: 1230.2 MBTotal Pagefile: 4378.73 MBAvailable Pagefile: 3485.24 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1883.52 MB ==================== Drives ================================ Drive c: (Disco Local) (Fixed) (Total:465.76 GB) (Free:423.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: () (Fixed) (Total:3.72 GB) (Free:3.72 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 072C3186)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================Disk: 5 (Size: 3.7 GB) (Disk ID: B33006A8)Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End of log ============================

Hello my name is Ed, I could not find help for this problem in Brazil Hello friends I ask your help, my computer is very strange and when I try to run the Farbar Recovery Scan or FSS he quickly opens and closes. Could you help me? I tried to overtake Malware Bytes but nothing was found. I need your help