Jump to content

Recommended Posts

Hello my name is Ed, I could not find help for this problem in Brazil

 

Hello friends I ask your help, my computer is very strange and when I try to run the Farbar Recovery Scan or FSS he quickly opens and closes. Could you help me? I tried to overtake Malware Bytes but nothing was found.

 

I need your help

Link to post
Share on other sites

Hello and welcome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 


Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

If RKill runs successfully try FRST again....

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

If RKill fails or FRST still will not run try the following:

 

Please download Farbar Recovery Scan Tool from here:                                                                   

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Ok Kevin, 

 

RKill Log:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/06/2015 09:04:53 AM in x86 mode.
Windows Version: Windows 7 Ultimate 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Advanced Explorer Setting Removed:  HideIcons [HKCU]
 
Backup Registry file created at:
 C:\Users\Cliente\Desktop\rkill\rkill-06-06-2015-09-05-01.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 06/06/2015 09:05:28 AM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)
 
-----
 
Download Chrome or IE - Farbar 32 Bits (Open fast close)  :unsure: ( on the problem computer useless to download and rename, saved from another pc already renamed) 
Download other PC in Flash USB, rename tool file explorer.com (software initiated)  :)
 
LOG FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015
Ran by Cliente (administrator) on FM-PC on 06-06-2015 09:14:57
Running from E:\
Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Português (Brasil)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) E:\EXPLORER.COM
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-05-14] (GAS Tecnologia LTDA)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1769825870-618250928-672845706-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23]
FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30]
 
Chrome: 
=======
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-05-14] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 hpzstatn; C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)
S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)
R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-05-14] (Basil)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.)
S3 catchme; \??\C:\32788R22FWJFW\catchme.sys [X]
S3 hamachi; system32\DRIVERS\hamachi.sys [X]
U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-06-05] ()
U2 V2iMount; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ____D C:\Users\Todos os Usuários\LogMeIn
2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ____D C:\ProgramData\LogMeIn
2015-06-27 12:21 - 2015-06-27 12:21 - 08552448 _____ C:\Users\BLANDO\Desktop\hamachi.msi
2015-06-27 12:20 - 2015-06-27 12:21 - 08552448 _____ C:\Users\BLANDO\Downloads\hamachi.msi
2015-06-27 11:36 - 2015-06-27 11:36 - 09605030 _____ C:\Users\BLANDO\Downloads\minecraft_server.1.7.10.jar
2015-06-27 11:25 - 2015-06-27 11:25 - 00651784 _____ C:\Users\BLANDO\Downloads\lntro 'Zero' - 10Youtube.com.webm
2015-06-27 11:25 - 2015-06-27 11:25 - 00651784 _____ C:\Users\BLANDO\Downloads\lntro 'Zero' - 10Youtube.com (1).webm
2015-06-06 09:14 - 2015-06-06 09:14 - 00000000 ____D C:\FRST
2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-05 21:05 - 2015-06-06 09:05 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt
2015-06-05 21:05 - 2015-06-06 09:05 - 00000000 ____D C:\Users\Cliente\Desktop\rkill
2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe
2015-06-05 20:49 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-05 20:36 - 2015-06-05 20:36 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup
2015-06-05 20:26 - 2015-06-05 20:26 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FM-PC-Windows-7-Ultimate-(32-bit).dat
2015-06-05 20:20 - 2015-06-05 20:20 - 00001360 _____ C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol
2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed
2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer
2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie9
2015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro
2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-05 20:07 - 2015-06-05 20:07 - 10105736 ____N (SurfRight B.V.) C:\Users\Cliente\Desktop\hp.exe
2015-06-05 15:51 - 2015-06-05 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox
2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt
2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-05 14:55 - 2006-06-05 20:18 - 05628238 ____R (Swearware) C:\Users\Cliente\Desktop\ComboFix.exe
2015-06-05 14:42 - 2015-06-05 14:42 - 00415232 ____N (Farbar) C:\Users\Cliente\Desktop\FSS.exe
2015-06-05 14:36 - 2015-06-05 14:36 - 00111520 _____ C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-05 14:34 - 2015-06-06 09:01 - 00000616 _____ C:\Windows\setupact.log
2015-06-05 14:34 - 2015-06-05 14:34 - 2138485746 _____ C:\Windows\MEMORY.DMP
2015-06-05 14:34 - 2015-06-05 14:34 - 00434752 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 14:34 - 2015-06-05 14:34 - 00147040 _____ C:\Windows\Minidump\060515-25194-01.dmp
2015-06-05 14:34 - 2015-06-05 14:34 - 00000000 ____D C:\Windows\Minidump
2015-06-05 14:34 - 2015-06-05 14:34 - 00000000 _____ C:\Windows\setuperr.log
2015-06-05 14:34 - 2007-01-01 21:25 - 00324432 _____ C:\Windows\PFRO.log
2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner
2015-06-02 14:07 - 2015-06-02 14:08 - 03077905 _____ C:\Users\BLANDO\Downloads\forge-1.7.10-10.13.2.1230-installer.jar
2015-06-01 16:12 - 2015-06-01 16:13 - 44143120 _____ C:\Users\BLANDO\Downloads\atheros driver installation_9.2.0.412_w7x86 x64.rar
2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA93000
2015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe
2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml
2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype
2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar
2015-05-14 15:15 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Downloads\[1-7-10]_Lucky_Block_v5-1-0.jar
2015-05-14 15:00 - 2015-05-14 15:01 - 03092531 _____ C:\Users\BLANDO\Downloads\forge-1.7.10-10.13.2.1291-installer.jar
2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk
2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google
2015-06-06 09:09 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 09:09 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2015-06-06 09:09 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2015-06-06 09:06 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-06 09:06 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-06 09:04 - 2015-01-03 10:49 - 00265216 _____ C:\Windows\WindowsUpdate.log
2015-06-06 09:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 09:01 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente
2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol
2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF
2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-05 21:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office15
2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default
2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public
2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther
2015-06-05 14:18 - 2015-01-23 10:30 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\.minecraft
2015-06-05 13:08 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security
2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype
2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas
2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls
2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas
2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e
2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls
2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk
2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype
2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
==================== Files in the root of some directories =======
 
2014-07-14 20:29 - 2015-01-05 18:32 - 0031842 _____ () C:\Users\Cliente\AppData\Roaming\unins000.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-05 19:52
\
==================== End of log ============================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-06-2015
Ran by Cliente at 2015-06-06 09:15:37
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1769825870-618250928-672845706-500 - Administrator - Disabled)
BLANDO (S-1-5-21-1769825870-618250928-672845706-1003 - Administrator - Enabled) => C:\Users\BLANDO
Cliente (S-1-5-21-1769825870-618250928-672845706-1000 - Administrator - Enabled) => C:\Users\Cliente
Convidado (S-1-5-21-1769825870-618250928-672845706-501 - Limited - Enabled)
Ed (S-1-5-21-1769825870-618250928-672845706-1006 - Administrator - Enabled) => C:\Users\Ed
PAMELA (S-1-5-21-1769825870-618250928-672845706-1004 - Administrator - Enabled) => C:\Users\PAMELA
RAFAEL (S-1-5-21-1769825870-618250928-672845706-1005 - Administrator - Enabled) => C:\Users\RAFAEL
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )
Malwarebytes Anti-Malware versão 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Prerequisite installer (Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Warsaw 1.3.1 (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) Hidden
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
05-06-2015 15:05:36 ComboFix created restore point
05-06-2015 20:17:50 Ponto de verificação por HitmanPro
05-06-2015 20:18:54 Ponto de verificação por HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:04 - 2007-01-01 21:32 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11F2769F-F630-485C-83DA-8545AEFD5DBF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd
Task: {39872018-7B13-40E9-B044-DF7427F41C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {47F5B73D-C031-4E07-A1EC-64C44842C4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C4343F18-9AB7-4ED8-B01F-F86181B45C47} - System32\Tasks\avastBCLRestartS-1-5-21-1769825870-618250928-672845706-1000 => Chrome.exe 
Task: {C8529282-CFB1-40E2-AD9D-1C6184F1E666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {F9B918E0-5D52-438E-85E7-5378EC8C457D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-14 15:49 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-05-15 14:29 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\BLANDO\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-05-15 14:29 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\BLANDO\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2007-01-01 00:16 - 2015-05-22 17:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1769825870-618250928-672845706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.1.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Mouse compatível com PS/2
Description: Mouse compatível com PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
Error: (01/01/2007 09:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
 
 
System errors:
=============
Error: (06/06/2015 09:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 
%%2
 
Error: (01/01/2007 09:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 
%%2
 
Error: (01/01/2007 09:25:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 22:24:25 às ‎01/‎01/‎2007 não era esperado.
 
Error: (01/01/2007 09:20:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
 
Error: (01/01/2007 09:16:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
 
Error: (06/05/2015 10:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 
%%2
 
Error: (06/05/2015 10:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 
%%2
 
Error: (06/05/2015 09:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 
%%2
 
Error: (06/05/2015 09:57:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 21:56:28 às ‎05/‎06/‎2015 não era esperado.
 
Error: (06/05/2015 09:54:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
 
 
Microsoft Office:
=========================
Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
Error: (01/01/2007 09:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-25 02:00:05.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-25 02:00:05.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-25 02:00:05.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:29:06.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:29:06.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:29:06.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:29:06.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:20:30.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:20:30.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 13:20:30.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 2039.37 MB
Available physical RAM: 1230.2 MB
Total Pagefile: 4378.73 MB
Available Pagefile: 3485.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.52 MB
 
==================== Drives ================================
 
Drive c: (Disco Local) (Fixed) (Total:465.76 GB) (Free:423.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:3.72 GB) (Free:3.72 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 072C3186)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 3.7 GB) (Disk ID: B33006A8)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End of log ============================
 
Link to post
Share on other sites

Do you know of or recognize this program:

C:\Program Files\GbPlugin

I do not see a great deal wrong with your logs, but the  program above can stop tools from running. It is related to some kind of security for Banking, it can cause issues for systems, also may stop other security tools from running... Do you trust that software?? We can remove all related entries with FRST..

Read here: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/impossible-to-get-rid-of-g-buster-browser-defense/9536bffb-ef87-4d48-b046-10eb68af37c0

Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)

Link to post
Share on other sites

Hello, thank you - You're a great expert

I'll post a Fixlog in recovery mode, and I ask your help to check for other orphaned entries. The files are in the Quarantine folder, and really are files for bank protection. But I did not imagine that it could hinder the LOG. I thought it was malware, malware or any restriction on the GPO, and even the fear of a rootkit, for Avast also was not opening. After removing the GBPlugin the FRST usually opened on my Desktop.

 

POST put some results after removal of GBPlugin

 

Malwarebytes - No malware found! (Mode Rootkit walk Chameleon ON)

Hitman Pro x86 - No malware found! (Only cookies manually removed)

Kaspersky Virus Removal Tool - No malware found.

Panda Cloud - No Malware found!

 

I'll post pictures of the program and removed after Fixlog and the new LOG FRST and Addition to analyze you please!

 

Print before image:


 

Print after image:


 

Then I CCleaner and removed invalid registry entries.

But even then the GBPlugin carried (start) with OS.

Then I went into recovery mode, and spent the FRST Tool with the entries found in the LOG

 

Fixlog::

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015

Ran by SYSTEM at 2015-06-08 12:42:43 Run:1

Running from I:\

Boot Mode: Recovery

 

==============================================

 

fixlist content:

*****************

R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)

R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)

Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)

C:\Windows\system32\drivers:GbpKmAp.lst

C:\Program Files\GbPlugin

ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)

BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)

R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)

R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)

R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)

 

 

 

*****************

 

GbpKm => Service removed successfully.

ndisrd => Service removed successfully.

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni" => key removed successfully.

"C:\Windows\system32\drivers:GbpKmAp.lst" => Could not move.

C:\Program Files\GbPlugin => moved successfully.

ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco) => Error: The entry should be fixed outside recovery mode.

BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco) => Error: The entry should be fixed outside recovery mode.

GbpSv => Service removed successfully.

GbpKm => Service not found.

ndisrd => Service not found.

 

==== End of Fixlog 12:42:44 ====

 

 

New LOGS for you to analyze please

 

Rkill::

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)


Copyright 2008-2015 BleepingComputer.com

More Information about Rkill can be found at this link:


 

Program started at: 06/08/2015 02:28:03 PM in x86 mode.

Windows Version: Windows 7 Ultimate 

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * Advanced Explorer Setting Removed:  HideIcons [HKCU]

 

Backup Registry file created at:

 C:\Users\Cliente\Desktop\rkill\rkill-06-08-2015-02-28-04.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity: 

 

 * No issues found.

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * HOSTS file entries found: 

 

  127.0.0.1       localhost

 

Program finished at: 06/08/2015 02:28:21 PM

Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

 

FRST::

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015

Ran by Cliente (administrator) on FM-PC on 08-06-2015 14:29:02

Running from C:\Users\Cliente\Desktop

Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)

Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Português (Brasil)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} ->  No File

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

ShellExecuteHooks:  - {E37CB5F0-51F5-4395-A808-5FA49E399008} -  No File [ ]

Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)

FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23]

FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi

FF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30]

 

Chrome: 

=======

CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)

S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)

S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)

S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)

S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)

S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)

S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)

S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)

R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-06] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)

S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)

R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.)

U2 V2iMount; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-08 14:29 - 2015-06-08 14:29 - 00008797 _____ C:\Users\Cliente\Desktop\FRST.txt

2015-06-08 14:28 - 2015-06-08 14:28 - 00000000 ____D C:\Users\Cliente\Desktop\rkill

2015-06-08 14:27 - 2015-06-08 14:27 - 01147904 _____ (Farbar) C:\Users\Cliente\Desktop\FRST.exe

2015-06-08 14:26 - 2015-06-08 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Desktop\rkill.exe

2015-06-08 12:48 - 2015-06-08 14:04 - 00002954 _____ C:\Windows\WindowsUpdate.log

2015-06-08 12:48 - 2015-06-08 12:48 - 00026331 _____ C:\Users\Cliente\Downloads\Addition.txt

2015-06-08 12:47 - 2015-06-08 12:48 - 00021187 _____ C:\Users\Cliente\Downloads\FRST.txt

2015-06-08 12:47 - 2015-06-08 12:47 - 01147904 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe

2015-06-06 11:58 - 2015-06-06 11:59 - 00000000 ____D C:\KVRT_Data

2015-06-06 09:14 - 2015-06-08 14:29 - 00000000 ____D C:\FRST

2015-06-06 09:05 - 2015-06-06 09:05 - 00000196 ____N C:\Users\Cliente\Desktop\VIEIRA.url

2015-06-06 09:04 - 2015-06-06 09:04 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore (1).exe

2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe

2015-06-05 21:05 - 2015-06-08 14:28 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt

2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe

2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller

2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller

2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup

2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol

2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google

2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed

2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer

2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie9

2015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro

2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro

2015-06-05 15:51 - 2015-06-06 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe

2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox

2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt

2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe

2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe

2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe

2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe

2015-06-05 14:34 - 2015-06-06 11:55 - 00000000 ____D C:\Windows\Minidump

2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group

2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner

2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA93000

2015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe

2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml

2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype

2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar

2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk

2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google

2015-06-08 14:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-08 12:50 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-08 12:50 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-08 12:49 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-08 12:49 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat

2015-06-08 12:49 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat

2015-06-08 12:46 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles

2015-06-08 12:45 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-06 09:59 - 2014-06-23 09:02 - 00000008 __RSH C:\Users\BLANDO\ntuser.pol

2015-06-06 09:59 - 2014-06-23 09:01 - 00000000 ____D C:\Users\BLANDO

2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente

2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol

2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol

2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol

2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF

2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software

2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software

2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office15

2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes

2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default

2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public

2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther

2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype

2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries

2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas

2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls

2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas

2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia

2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia

2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e

2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls

2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk

2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype

2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype

2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-06-05 19:52

 

==================== End of log ============================

 

Adiition::

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015

Ran by Cliente at 2015-06-08 14:29:28

Running from C:\Users\Cliente\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrador (S-1-5-21-1769825870-618250928-672845706-500 - Administrator - Disabled)

BLANDO (S-1-5-21-1769825870-618250928-672845706-1003 - Administrator - Enabled) => C:\Users\BLANDO

Cliente (S-1-5-21-1769825870-618250928-672845706-1000 - Administrator - Enabled) => C:\Users\Cliente

Convidado (S-1-5-21-1769825870-618250928-672845706-501 - Limited - Enabled)

Ed (S-1-5-21-1769825870-618250928-672845706-1006 - Administrator - Enabled) => C:\Users\Ed

PAMELA (S-1-5-21-1769825870-618250928-672845706-1004 - Administrator - Enabled) => C:\Users\PAMELA

RAFAEL (S-1-5-21-1769825870-618250928-672845706-1005 - Administrator - Enabled) => C:\Users\RAFAEL

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)

CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)

Dropbox (HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )

Malwarebytes Anti-Malware versão 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)

Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)

Prerequisite installer (Version: 12.0.0002 - Nero AG) Hidden

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)

Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)

Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)

Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) Hidden

Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

 

==================== Restore Points =========================

 

05-06-2015 15:05:36 ComboFix created restore point

05-06-2015 20:17:50 Ponto de verificação por HitmanPro

05-06-2015 20:18:54 Ponto de verificação por HitmanPro

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 23:04 - 2007-01-01 21:32 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {11F2769F-F630-485C-83DA-8545AEFD5DBF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd

Task: {39872018-7B13-40E9-B044-DF7427F41C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)

Task: {47F5B73D-C031-4E07-A1EC-64C44842C4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {C4343F18-9AB7-4ED8-B01F-F86181B45C47} - System32\Tasks\avastBCLRestartS-1-5-21-1769825870-618250928-672845706-1000 => Chrome.exe 

Task: {C8529282-CFB1-40E2-AD9D-1C6184F1E666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)

Task: {F9B918E0-5D52-438E-85E7-5378EC8C457D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

AlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.br

IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.br

IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1769825870-618250928-672845706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 10.1.1.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: Warsaw Technology => 2

MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Mouse compatível com PS/2

Description: Mouse compatível com PS/2

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: Teredo Tunneling Pseudo-Interface

Description: Adaptador de Túnel Teredo da Microsoft

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/08/2015 01:08:49 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". 

Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

 

Error: (06/08/2015 01:08:43 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de diretiva SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.

Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.

A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".

A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".

Use o arquivo sxstrace.exe para obter um dignóstico detalhado.

 

Error: (06/08/2015 01:08:38 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". 

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

 

Error: (06/06/2015 09:48:32 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". 

Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

 

Error: (06/06/2015 09:48:25 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de diretiva SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.

Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.

A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".

A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".

Use o arquivo sxstrace.exe para obter um dignóstico detalhado.

 

Error: (06/06/2015 09:48:20 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". 

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

 

Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

.

 

Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

.

 

Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

.

 

Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

.

 

 

System errors:

=============

Error: (06/08/2015 00:15:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço.

 

Error: (06/06/2015 09:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 

%%2

 

Error: (01/01/2007 09:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 

%%2

 

Error: (01/01/2007 09:25:38 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento anterior do sistema em 22:24:25 às ?01/?01/?2007 não era esperado.

 

Error: (01/01/2007 09:20:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

 

Error: (01/01/2007 09:16:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

 

Error: (06/05/2015 10:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 

%%2

 

Error: (06/05/2015 10:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 

%%2

 

Error: (06/05/2015 09:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: 

%%2

 

Error: (06/05/2015 09:57:40 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento anterior do sistema em 21:56:28 às ?05/?06/?2015 não era esperado.

 

 

Microsoft Office:

=========================

Error: (06/08/2015 01:08:49 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest

 

Error: (06/08/2015 01:08:43 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3

 

Error: (06/08/2015 01:08:38 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe

 

Error: (06/06/2015 09:48:32 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest

 

Error: (06/06/2015 09:48:25 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3

 

Error: (06/06/2015 09:48:20 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe

 

Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

 

Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

 

Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

 

Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-03-25 02:00:05.558

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-25 02:00:05.527

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-25 02:00:05.511

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:29:06.191

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:29:06.159

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:29:06.113

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:29:06.081

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:20:30.086

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:20:30.062

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 13:20:30.003

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz

Percentage of memory in use: 36%

Total physical RAM: 2039.37 MB

Available physical RAM: 1303.52 MB

Total Pagefile: 4378.73 MB

Available Pagefile: 3550.72 MB

Total Virtual: 2047.88 MB

Available Virtual: 1910.85 MB

 

==================== Drives ================================

 

Drive c: (Disco Local) (Fixed) (Total:465.76 GB) (Free:425.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 072C3186)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

==================== End of log ============================

 

Suplementar LOG - Adwcleaner::

 

# AdwCleaner v4.206 - Relatório criado 08/06/2015 às 14:33:16

# Atualizado 01/06/2015 por Xplode

# Base de dados : 2015-06-05.1 [servidor]

# Sistema operacional : Windows 7 Ultimate  (x86)

# Usuário : Cliente - FM-PC

# Executando de : C:\Users\Cliente\Desktop\AdwCleaner.exe

# Opção : Limpar

 

***** [ Serviços ] *****

 

 

***** [ Arquivos / Pastas ] *****

 

 

***** [ Tarefas agendadas ] *****

 

 

***** [ Atalhos ] *****

 

 

***** [ Registro ] *****

 

 

***** [ Navegadores ] *****

 

-\\ Internet Explorer v9.0.8112.16520

 

 

-\\ Mozilla Firefox v30.0 (pt-BR)

 

 

-\\ Google Chrome v43.0.2357.81

 

[C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] : 

[C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422121674&from=cor&uid=WDCXWD5000AAKX-003CA0_WD-WMAYU943954239542

 

*************************

 

AdwCleaner[R1].txt - [5540 bytes] - [08/06/2015 14:31:51]

AdwCleaner[s1].txt - [1038 bytes] - [08/06/2015 14:33:16]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1097  bytes] ##########

 

 

How should I proceed now please?

Sorry my English (Google Translate).

I saw that there are errors in the system and that it still tries to load the GBPlugin but with error.

Link to post
Share on other sites

The following needs to be completed with your system in Normal mode:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

let me see those logs, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

Kevin, follows LOGS  :) 
FixLog::
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by Cliente at 2015-06-08 18:58:06 Run:2
Running from C:\FRST
Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
BHO: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} ->  No File
ShellExecuteHooks:  - {E37CB5F0-51F5-4395-A808-5FA49E399008} -  No File [ ]
FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
C:\Users\Cliente\AppData\Local\GAS Tecnologia
FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30]
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)
U2 V2iMount; No ImagePath
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty
C:\Windows\System32\drivers\gbpkm.sys
C:\Windows\System32\DRIVERS\gbpndisrdn.sys
C:\Program Files\Diebold
Empytemp:
End
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully.
HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} => value removed successfully.
HKCR\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008} => key not found. 
"HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\MozillaPlugins\gastecnologia.com.br/sf/uni" => key removed successfully.
C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll => moved successfully.
C:\Users\Cliente\AppData\Local\GAS Tecnologia => moved successfully.
HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873} => value removed successfully.
C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. 
HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. 
V2iMount => Service removed successfully.
"HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}" => key removed successfully.
"HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}" => key removed successfully.
"HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itau.com.br" => key removed successfully.
HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itau.com.br => key not found. 
"HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itaupersonnalite.com.br" => key removed successfully.
C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removed successfully..
C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml => ":OECustomProperty" ADS removed successfully..
C:\Windows\System32\drivers\gbpkm.sys => moved successfully.
C:\Windows\System32\DRIVERS\gbpndisrdn.sys => moved successfully.
"C:\Program Files\Diebold" => File/Folder not found.
Empytemp: => Error: No automatic fix found for this entry.
 
==== End of Fixlog 18:58:06 ====
 
Security Check Tool LOG::
 
  Results of screen317's Security Check version 1.003  
 Windows 7  x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox 30.0 Firefox out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
FRST Log::
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015
Ran by Cliente (administrator) on FM-PC on 08-06-2015 19:54:13
Running from C:\FRST
Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Português (Brasil)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-08] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-08] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23]
 
Chrome: 
=======
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-08] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-08] (Avast Software)
S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-08] () [File not signed]
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-08] () [File not signed]
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-08] () [File not signed]
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-08] () [File not signed]
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-08] () [File not signed]
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-06-08] () [File not signed]
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-08] () [File not signed]
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-08] () [File not signed]
S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-08] (Avast Software)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)
R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 19:13 - 2015-06-08 19:13 - 00001929 _____ C:\Users\Cliente\Downloads\Fixlist.txt
2015-06-08 18:44 - 2015-06-08 18:44 - 00852652 _____ C:\Users\Cliente\Desktop\SecurityCheck.exe
2015-06-08 16:24 - 2015-06-08 16:24 - 00000000 ____D C:\Windows\system32\vbox
2015-06-08 16:21 - 2015-06-08 16:21 - 00073368 _____ C:\Windows\PFRO.log
2015-06-08 16:09 - 2015-06-08 16:09 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-08 16:09 - 2015-06-08 16:09 - 00106912 _____ C:\Windows\system32\Drivers\aswStm.sys
2015-06-08 16:09 - 2015-06-08 16:09 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-08 16:09 - 2015-06-08 16:09 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-08 16:09 - 2015-06-08 16:09 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-08 16:09 - 2015-06-08 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-08 15:52 - 2015-06-08 15:52 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\AVAST Software
2015-06-08 15:38 - 2015-06-08 16:09 - 00427992 _____ C:\Windows\system32\Drivers\aswSP.sys
2015-06-08 15:38 - 2015-06-08 16:09 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-08 15:38 - 2015-06-08 16:09 - 00081728 _____ C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-08 15:38 - 2015-06-08 16:09 - 00074976 _____ C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-08 15:38 - 2015-06-08 16:09 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-08 15:38 - 2015-06-08 16:08 - 00787760 _____ C:\Windows\system32\Drivers\aswSnx.sys
2015-06-08 15:37 - 2015-06-08 15:37 - 00111520 _____ C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 15:37 - 2015-06-08 15:37 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-08 14:34 - 2015-06-08 19:46 - 00000168 _____ C:\Windows\setupact.log
2015-06-08 14:34 - 2015-06-08 14:34 - 00434752 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-08 14:34 - 2015-06-08 14:34 - 00000000 _____ C:\Windows\setuperr.log
2015-06-08 14:31 - 2015-06-08 14:31 - 02231296 _____ C:\Users\Cliente\Desktop\AdwCleaner.exe
2015-06-08 14:29 - 2015-06-08 14:29 - 00026072 _____ C:\Users\Cliente\Desktop\Addition.txt
2015-06-08 14:29 - 2015-06-08 14:29 - 00020741 _____ C:\Users\Cliente\Desktop\FRST.txt
2015-06-08 14:28 - 2015-06-08 14:28 - 00000000 ____D C:\Users\Cliente\Desktop\rkill
2015-06-08 14:27 - 2015-06-08 14:27 - 01147904 _____ (Farbar) C:\Users\Cliente\Desktop\FRST.exe
2015-06-08 14:26 - 2015-06-08 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Desktop\rkill.exe
2015-06-08 12:48 - 2015-06-08 19:49 - 00012850 _____ C:\Windows\WindowsUpdate.log
2015-06-08 12:48 - 2015-06-08 12:48 - 00026331 _____ C:\Users\Cliente\Downloads\Addition.txt
2015-06-08 12:47 - 2015-06-08 12:48 - 00021187 _____ C:\Users\Cliente\Downloads\FRST.txt
2015-06-08 12:47 - 2015-06-08 12:47 - 01147904 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe
2015-06-06 11:58 - 2015-06-06 11:59 - 00000000 ____D C:\KVRT_Data
2015-06-06 09:14 - 2015-06-08 19:54 - 00000000 ____D C:\FRST
2015-06-06 09:05 - 2015-06-06 09:05 - 00000196 ____N C:\Users\Cliente\Desktop\VIEIRA.url
2015-06-06 09:04 - 2015-06-06 09:04 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore (1).exe
2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-05 21:05 - 2015-06-08 14:28 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt
2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe
2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller
2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup
2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol
2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google
2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed
2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer
2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie9
2015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro
2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-05 15:51 - 2015-06-06 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox
2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt
2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-05 14:34 - 2015-06-06 11:55 - 00000000 ____D C:\Windows\Minidump
2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner
2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA93000
2015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe
2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml
2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype
2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar
2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk
2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google
2015-06-08 19:51 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 19:51 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 19:50 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 19:50 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2015-06-08 19:50 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2015-06-08 19:46 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 19:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 15:37 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2015-06-08 15:37 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-08 12:46 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-06 09:59 - 2014-06-23 09:02 - 00000008 __RSH C:\Users\BLANDO\ntuser.pol
2015-06-06 09:59 - 2014-06-23 09:01 - 00000000 ____D C:\Users\BLANDO
2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente
2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol
2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF
2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office15
2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default
2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public
2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther
2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype
2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas
2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls
2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas
2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e
2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls
2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk
2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype
2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
Some files in TEMP:
====================
C:\Users\Cliente\AppData\Local\temp\Quarantine.exe
C:\Users\Cliente\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-05 19:52
 
==================== End of log ============================
 
Others::
 
Question
Please have a question, this entry is legitimate?
CHR HKLM \ SOFTWARE \ Policies \ Google: Policy restriction <======= ATTENTION
 
This refers to what?
 
I believe it is important to delete these folders to do a clean install of Banks. I await your response, thank you.

C:\Users\Todos os Usuários\GAS Tecnologia
C:\ProgramData\GAS Tecnologia
But if you allow me I remove manually
I look back, thank you.  :D
Link to post
Share on other sites

Yes the entries you quote can be removed, is best to use FRST...

 

The Chrome policy restriction is more than likely related to security program setting, it may also possibly be the work of malware...

 

The other two entries are inert remnants of Gas Tecnolgia, they would cause no harm to your system but maybe better to remove them....

 

To remove them do the following;

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

There are several remnants from previous use of Combofix, they are also best removed:

 

Download and run this:

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

That will remove Combofix and associated folders...

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.


 

Upgrading Java:


 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.


 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important



Next,

 

FireFox is outdate, go here to upate to current version: https://support.mozilla.org/en-US/kb/update-firefox-latest-version

 

To clean up if no remaining issues or concerns do the following:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

Remove disinfection tools

Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.

Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Finally....

 

The operating system is also outdated and needs Service Pack one (SP1) that can be installed from the following link:

 

http://windows.microsoft.com/en-GB/windows/service-packs-download#sptabs=win7

 

When complete let me know if we can close out the thread....

 

Thank you,

 

Kevin

 

 

Fixlist.txt

Link to post
Share on other sites

Kevin.. Sorry DelFix remove FRST Fixlog.log, but the script was successful.

 

DelFix::

 

# DelFix v1.010 - Relatório criado 09/06/2015 às 12:13:50
# Atualizado 26/04/2015 por Xplode
# Usuário : Cliente - FM-PC
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
 
~ Ativando UAC ... OK
 
~ Removendo ferramentas de desinfecção ...
 
Removido : C:\Qoobox
Removido : C:\FRST
Removido : C:\Users\Cliente\Desktop\rkill
Removido : C:\Users\Cliente\Desktop\Addition.txt
Removido : C:\Users\Cliente\Desktop\AdwCleaner.exe
Removido : C:\Users\Cliente\Desktop\FRST.exe
Removido : C:\Users\Cliente\Desktop\FRST.txt
Removido : C:\Users\Cliente\Desktop\LOG Forum MBAM.txt
Removido : C:\Users\Cliente\Desktop\rkill.exe
Removido : C:\Users\Cliente\Desktop\Rkill.txt
Removido : C:\Users\Cliente\Desktop\SecurityCheck.exe
Removido : C:\Users\Cliente\Downloads\Addition.txt
Removido : C:\Users\Cliente\Downloads\FRST.exe
Removido : C:\Users\Cliente\Downloads\FRST.txt
Removido : C:\Users\Cliente\Documents\Downloads\dds.scr
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\Swearware
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
Removido : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Criando backup do registro ... OK
 
~ Limpando pontos da restauração do sistema ...
 
Removido : RP #94 [ComboFix created restore point | 06/05/2015 18:05:36]
Removido : RP #95 [Ponto de verificação por HitmanPro | 06/05/2015 23:17:50]
Removido : RP #96 [Ponto de verificação por HitmanPro | 06/05/2015 23:18:54]
Removido : RP #98 [avast! antivirus system restore point | 06/08/2015 18:37:40]
Removido : RP #100 [avast! antivirus system restore point | 06/08/2015 19:08:10]
Removido : RP #101 [Removed Java 7 Update 67 | 06/09/2015 14:13:21]
 
Novo ponto de restauração criado !
 
~ Redefinindo configurações do sistema ... OK
 
########## - EOF - ##########
 
Delfix::
 
 Results of screen317's Security Check version 1.003  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox 35.0.1 Firefox out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
Then run the DelFix again to remove traces  :)
I believe that this topic is solved, I await his final remarks. Thank you for your excellent analysis
Thank you very much.
Looking for something please contact me  :)  :)  :)
Link to post
Share on other sites

Observation: (Update Firefox)

 

 Results of screen317's Security Check version 1.003  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5) 
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Thank you for the logs and the update, good to hear all is now ok.......

 

Read the following link to fully understand PC security and best practices, you may find it useful....
 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

It was a pleasure to work with you, take care and surf safe,

 

Kevin...... ;)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.