edtambasco Posted June 6, 2015 ID:967568 Share Posted June 6, 2015 Hello my name is Ed, I could not find help for this problem in Brazil Hello friends I ask your help, my computer is very strange and when I try to run the Farbar Recovery Scan or FSS he quickly opens and closes. Could you help me? I tried to overtake Malware Bytes but nothing was found. I need your help Link to post Share on other sites More sharing options...
kevinf80 Posted June 6, 2015 ID:967605 Share Posted June 6, 2015 Hello and welcome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop. Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. If RKill runs successfully try FRST again.... Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. If RKill fails or FRST still will not run try the following: Please download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. Plug the flashdrive into the infected PC. Enter System Recovery Options I give two methods, use whichever is convenient for you. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select Your Country as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next. To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select Your Country as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next. On the System Recovery Options menu you may get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.The tool will start to run. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Thank you, Kevin... Link to post Share on other sites More sharing options...
edtambasco Posted June 6, 2015 Author ID:967622 Share Posted June 6, 2015 Ok Kevin, RKill Log: Rkill 2.7.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2015 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/06/2015 09:04:53 AM in x86 mode.Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Advanced Explorer Setting Removed: HideIcons [HKCU] Backup Registry file created at: C:\Users\Cliente\Desktop\rkill\rkill-06-06-2015-09-05-01.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/06/2015 09:05:28 AMExecution time: 0 hours(s), 0 minute(s), and 34 seconds(s) ----- Download Chrome or IE - Farbar 32 Bits (Open fast close) ( on the problem computer useless to download and rename, saved from another pc already renamed) Download other PC in Flash USB, rename tool file explorer.com (software initiated) LOG FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015Ran by Cliente (administrator) on FM-PC on 06-06-2015 09:14:57Running from E:\Loaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Português (Brasil)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Farbar) E:\EXPLORER.COM ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-05-14] (GAS Tecnologia LTDA)Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1769825870-618250928-672845706-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1 FireFox:========FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23]FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpiFF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30] Chrome: =======CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-05-14] (GAS Tecnologia LTDA)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)S2 hpzstatn; C:\Windows\system32\spool\drivers\w32x86\hpzstatn.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-05] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-05-14] (Basil)R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.)S3 catchme; \??\C:\32788R22FWJFW\catchme.sys [X]S3 hamachi; system32\DRIVERS\hamachi.sys [X]U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-06-05] ()U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ____D C:\Users\Todos os Usuários\LogMeIn2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ____D C:\ProgramData\LogMeIn2015-06-27 12:21 - 2015-06-27 12:21 - 08552448 _____ C:\Users\BLANDO\Desktop\hamachi.msi2015-06-27 12:20 - 2015-06-27 12:21 - 08552448 _____ C:\Users\BLANDO\Downloads\hamachi.msi2015-06-27 11:36 - 2015-06-27 11:36 - 09605030 _____ C:\Users\BLANDO\Downloads\minecraft_server.1.7.10.jar2015-06-27 11:25 - 2015-06-27 11:25 - 00651784 _____ C:\Users\BLANDO\Downloads\lntro 'Zero' - 10Youtube.com.webm2015-06-27 11:25 - 2015-06-27 11:25 - 00651784 _____ C:\Users\BLANDO\Downloads\lntro 'Zero' - 10Youtube.com (1).webm2015-06-06 09:14 - 2015-06-06 09:14 - 00000000 ____D C:\FRST2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe2015-06-05 21:05 - 2015-06-06 09:05 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt2015-06-05 21:05 - 2015-06-06 09:05 - 00000000 ____D C:\Users\Cliente\Desktop\rkill2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe2015-06-05 20:49 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller2015-06-05 20:36 - 2015-06-05 20:36 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup2015-06-05 20:26 - 2015-06-05 20:26 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FM-PC-Windows-7-Ultimate-(32-bit).dat2015-06-05 20:20 - 2015-06-05 20:20 - 00001360 _____ C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie92015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-05 20:07 - 2015-06-05 20:07 - 10105736 ____N (SurfRight B.V.) C:\Users\Cliente\Desktop\hp.exe2015-06-05 15:51 - 2015-06-05 21:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe2015-06-05 14:55 - 2006-06-05 20:18 - 05628238 ____R (Swearware) C:\Users\Cliente\Desktop\ComboFix.exe2015-06-05 14:42 - 2015-06-05 14:42 - 00415232 ____N (Farbar) C:\Users\Cliente\Desktop\FSS.exe2015-06-05 14:36 - 2015-06-05 14:36 - 00111520 _____ C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT2015-06-05 14:34 - 2015-06-06 09:01 - 00000616 _____ C:\Windows\setupact.log2015-06-05 14:34 - 2015-06-05 14:34 - 2138485746 _____ C:\Windows\MEMORY.DMP2015-06-05 14:34 - 2015-06-05 14:34 - 00434752 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-05 14:34 - 2015-06-05 14:34 - 00147040 _____ C:\Windows\Minidump\060515-25194-01.dmp2015-06-05 14:34 - 2015-06-05 14:34 - 00000000 ____D C:\Windows\Minidump2015-06-05 14:34 - 2015-06-05 14:34 - 00000000 _____ C:\Windows\setuperr.log2015-06-05 14:34 - 2007-01-01 21:25 - 00324432 _____ C:\Windows\PFRO.log2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner2015-06-02 14:07 - 2015-06-02 14:08 - 03077905 _____ C:\Users\BLANDO\Downloads\forge-1.7.10-10.13.2.1230-installer.jar2015-06-01 16:12 - 2015-06-01 16:13 - 44143120 _____ C:\Users\BLANDO\Downloads\atheros driver installation_9.2.0.412_w7x86 x64.rar2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA930002015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 15:15 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Downloads\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 15:00 - 2015-05-14 15:01 - 03092531 _____ C:\Users\BLANDO\Downloads\forge-1.7.10-10.13.2.1291-installer.jar2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google2015-06-06 09:09 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-06 09:09 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat2015-06-06 09:09 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat2015-06-06 09:06 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-06 09:06 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-06 09:04 - 2015-01-03 10:49 - 00265216 _____ C:\Windows\WindowsUpdate.log2015-06-06 09:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-06 09:01 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software2015-06-05 21:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office152015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther2015-06-05 14:18 - 2015-01-23 10:30 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\.minecraft2015-06-05 13:08 - 2013-11-14 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Files in the root of some directories ======= 2014-07-14 20:29 - 2015-01-05 18:32 - 0031842 _____ () C:\Users\Cliente\AppData\Roaming\unins000.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-05 19:52\==================== End of log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-06-2015Ran by Cliente at 2015-06-06 09:15:37Running from E:\Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1769825870-618250928-672845706-500 - Administrator - Disabled)BLANDO (S-1-5-21-1769825870-618250928-672845706-1003 - Administrator - Enabled) => C:\Users\BLANDOCliente (S-1-5-21-1769825870-618250928-672845706-1000 - Administrator - Enabled) => C:\Users\ClienteConvidado (S-1-5-21-1769825870-618250928-672845706-501 - Limited - Enabled)Ed (S-1-5-21-1769825870-618250928-672845706-1006 - Administrator - Enabled) => C:\Users\EdPAMELA (S-1-5-21-1769825870-618250928-672845706-1004 - Administrator - Enabled) => C:\Users\PAMELARAFAEL (S-1-5-21-1769825870-618250928-672845706-1005 - Administrator - Enabled) => C:\Users\RAFAEL ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Reader XI (11.0.11) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)Dropbox (HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenIntel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )Malwarebytes Anti-Malware versão 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)Prerequisite installer (Version: 12.0.0002 - Nero AG) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) HiddenRevo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)Warsaw 1.3.1 (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) HiddenWindows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 05-06-2015 15:05:36 ComboFix created restore point05-06-2015 20:17:50 Ponto de verificação por HitmanPro05-06-2015 20:18:54 Ponto de verificação por HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:04 - 2007-01-01 21:32 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11F2769F-F630-485C-83DA-8545AEFD5DBF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmdTask: {39872018-7B13-40E9-B044-DF7427F41C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)Task: {47F5B73D-C031-4E07-A1EC-64C44842C4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)Task: {C4343F18-9AB7-4ED8-B01F-F86181B45C47} - System32\Tasks\avastBCLRestartS-1-5-21-1769825870-618250928-672845706-1000 => Chrome.exe Task: {C8529282-CFB1-40E2-AD9D-1C6184F1E666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)Task: {F9B918E0-5D52-438E-85E7-5378EC8C457D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2013-11-14 15:49 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll2015-05-15 14:29 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\BLANDO\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2015-05-15 14:29 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\BLANDO\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2007-01-01 00:16 - 2015-05-22 17:22 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lstAlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1769825870-618250928-672845706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 10.1.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= Name: Mouse compatível com PS/2Description: Mouse compatível com PS/2Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-InterfaceDescription: Adaptador de Túnel Teredo da MicrosoftClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . System errors:=============Error: (06/06/2015 09:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:38 PM) (Source: EventLog) (EventID: 6008) (User: )Description: O desligamento anterior do sistema em 22:24:25 às 01/01/2007 não era esperado. Error: (01/01/2007 09:20:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (01/01/2007 09:16:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (06/05/2015 10:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 10:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:40 PM) (Source: EventLog) (EventID: 6008) (User: )Description: O desligamento anterior do sistema em 21:56:28 às 05/06/2015 não era esperado. Error: (06/05/2015 09:54:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Microsoft Office:=========================Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:23:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. CodeIntegrity Errors:=================================== Date: 2015-03-25 02:00:05.558 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.191 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.086 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.062 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHzPercentage of memory in use: 39%Total physical RAM: 2039.37 MBAvailable physical RAM: 1230.2 MBTotal Pagefile: 4378.73 MBAvailable Pagefile: 3485.24 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1883.52 MB ==================== Drives ================================ Drive c: (Disco Local) (Fixed) (Total:465.76 GB) (Free:423.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: () (Fixed) (Total:3.72 GB) (Free:3.72 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 072C3186)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================Disk: 5 (Size: 3.7 GB) (Disk ID: B33006A8)Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End of log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted June 6, 2015 ID:967691 Share Posted June 6, 2015 Do you know of or recognize this program:C:\Program Files\GbPluginI do not see a great deal wrong with your logs, but the program above can stop tools from running. It is related to some kind of security for Banking, it can cause issues for systems, also may stop other security tools from running... Do you trust that software?? We can remove all related entries with FRST..Read here: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/impossible-to-get-rid-of-g-buster-browser-defense/9536bffb-ef87-4d48-b046-10eb68af37c0Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco) Link to post Share on other sites More sharing options...
edtambasco Posted June 8, 2015 Author ID:968002 Share Posted June 8, 2015 Hello, thank you - You're a great expertI'll post a Fixlog in recovery mode, and I ask your help to check for other orphaned entries. The files are in the Quarantine folder, and really are files for bank protection. But I did not imagine that it could hinder the LOG. I thought it was malware, malware or any restriction on the GPO, and even the fear of a rootkit, for Avast also was not opening. After removing the GBPlugin the FRST usually opened on my Desktop. POST put some results after removal of GBPlugin Malwarebytes - No malware found! (Mode Rootkit walk Chameleon ON)Hitman Pro x86 - No malware found! (Only cookies manually removed)Kaspersky Virus Removal Tool - No malware found.Panda Cloud - No Malware found! I'll post pictures of the program and removed after Fixlog and the new LOG FRST and Addition to analyze you please! Print before image:http://oi61.tinypic.com/69lytz.jpg Print after image:http://oi62.tinypic.com/szjse0.jpg Then I CCleaner and removed invalid registry entries.But even then the GBPlugin carried (start) with OS.Then I went into recovery mode, and spent the FRST Tool with the entries found in the LOG Fixlog:: Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015Ran by SYSTEM at 2015-06-08 12:42:43 Run:1Running from I:\Boot Mode: Recovery ============================================== fixlist content:*****************R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)C:\Windows\system32\drivers:GbpKmAp.lstC:\Program Files\GbPluginShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia) ***************** GbpKm => Service removed successfully.ndisrd => Service removed successfully."HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni" => key removed successfully."C:\Windows\system32\drivers:GbpKmAp.lst" => Could not move.C:\Program Files\GbPlugin => moved successfully.ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco) => Error: The entry should be fixed outside recovery mode.BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco) => Error: The entry should be fixed outside recovery mode.GbpSv => Service removed successfully.GbpKm => Service not found.ndisrd => Service not found. ==== End of Fixlog 12:42:44 ==== New LOGS for you to analyze please Rkill:: Rkill 2.7.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2015 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/08/2015 02:28:03 PM in x86 mode.Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Advanced Explorer Setting Removed: HideIcons [HKCU] Backup Registry file created at: C:\Users\Cliente\Desktop\rkill\rkill-06-08-2015-02-28-04.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 06/08/2015 02:28:21 PMExecution time: 0 hours(s), 0 minute(s), and 18 seconds(s) FRST:: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015Ran by Cliente (administrator) on FM-PC on 08-06-2015 14:29:02Running from C:\Users\Cliente\DesktopLoaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Português (Brasil)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)BHO: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> No FileBHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)ShellExecuteHooks: - {E37CB5F0-51F5-4395-A808-5FA49E399008} - No File [ ]Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1 FireFox:========FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23]FF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpiFF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30] Chrome: =======CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-06] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.)U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 14:29 - 2015-06-08 14:29 - 00008797 _____ C:\Users\Cliente\Desktop\FRST.txt2015-06-08 14:28 - 2015-06-08 14:28 - 00000000 ____D C:\Users\Cliente\Desktop\rkill2015-06-08 14:27 - 2015-06-08 14:27 - 01147904 _____ (Farbar) C:\Users\Cliente\Desktop\FRST.exe2015-06-08 14:26 - 2015-06-08 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Desktop\rkill.exe2015-06-08 12:48 - 2015-06-08 14:04 - 00002954 _____ C:\Windows\WindowsUpdate.log2015-06-08 12:48 - 2015-06-08 12:48 - 00026331 _____ C:\Users\Cliente\Downloads\Addition.txt2015-06-08 12:47 - 2015-06-08 12:48 - 00021187 _____ C:\Users\Cliente\Downloads\FRST.txt2015-06-08 12:47 - 2015-06-08 12:47 - 01147904 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe2015-06-06 11:58 - 2015-06-06 11:59 - 00000000 ____D C:\KVRT_Data2015-06-06 09:14 - 2015-06-08 14:29 - 00000000 ____D C:\FRST2015-06-06 09:05 - 2015-06-06 09:05 - 00000196 ____N C:\Users\Cliente\Desktop\VIEIRA.url2015-06-06 09:04 - 2015-06-06 09:04 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore (1).exe2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe2015-06-05 21:05 - 2015-06-08 14:28 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie92015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-05 15:51 - 2015-06-06 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe2015-06-05 14:34 - 2015-06-06 11:55 - 00000000 ____D C:\Windows\Minidump2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA930002015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google2015-06-08 14:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-08 12:50 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-08 12:50 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-08 12:49 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-08 12:49 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat2015-06-08 12:49 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat2015-06-08 12:46 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-06-08 12:45 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-06 09:59 - 2014-06-23 09:02 - 00000008 __RSH C:\Users\BLANDO\ntuser.pol2015-06-06 09:59 - 2014-06-23 09:01 - 00000000 ____D C:\Users\BLANDO2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software2015-06-05 21:02 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office152015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-05 19:52 ==================== End of log ============================ Adiition:: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015Ran by Cliente at 2015-06-08 14:29:28Running from C:\Users\Cliente\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1769825870-618250928-672845706-500 - Administrator - Disabled)BLANDO (S-1-5-21-1769825870-618250928-672845706-1003 - Administrator - Enabled) => C:\Users\BLANDOCliente (S-1-5-21-1769825870-618250928-672845706-1000 - Administrator - Enabled) => C:\Users\ClienteConvidado (S-1-5-21-1769825870-618250928-672845706-501 - Limited - Enabled)Ed (S-1-5-21-1769825870-618250928-672845706-1006 - Administrator - Enabled) => C:\Users\EdPAMELA (S-1-5-21-1769825870-618250928-672845706-1004 - Administrator - Enabled) => C:\Users\PAMELARAFAEL (S-1-5-21-1769825870-618250928-672845706-1005 - Administrator - Enabled) => C:\Users\RAFAEL ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Reader XI (11.0.11) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)Dropbox (HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.27.5 - Google Inc.) HiddenIntel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)K-Lite Mega Codec Pack 8.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )Malwarebytes Anti-Malware versão 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Mozilla Firefox 30.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.1 - Mozilla)Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)Prerequisite installer (Version: 12.0.0002 - Nero AG) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) HiddenRevo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) HiddenWindows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 05-06-2015 15:05:36 ComboFix created restore point05-06-2015 20:17:50 Ponto de verificação por HitmanPro05-06-2015 20:18:54 Ponto de verificação por HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:04 - 2007-01-01 21:32 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11F2769F-F630-485C-83DA-8545AEFD5DBF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmdTask: {39872018-7B13-40E9-B044-DF7427F41C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)Task: {47F5B73D-C031-4E07-A1EC-64C44842C4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)Task: {C4343F18-9AB7-4ED8-B01F-F86181B45C47} - System32\Tasks\avastBCLRestartS-1-5-21-1769825870-618250928-672845706-1000 => Chrome.exe Task: {C8529282-CFB1-40E2-AD9D-1C6184F1E666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)Task: {F9B918E0-5D52-438E-85E7-5378EC8C457D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lstAlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1769825870-618250928-672845706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 10.1.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: Warsaw Technology => 2MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= Name: Mouse compatível com PS/2Description: Mouse compatível com PS/2Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-InterfaceDescription: Adaptador de Túnel Teredo da MicrosoftClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (06/08/2015 01:08:49 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado.Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (06/08/2015 01:08:43 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de diretiva SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".Use o arquivo sxstrace.exe para obter um dignóstico detalhado. Error: (06/08/2015 01:08:38 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (06/06/2015 09:48:32 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1". Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado.Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (06/06/2015 09:48:25 AM) (Source: SideBySide) (EventID: 35) (User: )Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de diretiva SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".Use o arquivo sxstrace.exe para obter um dignóstico detalhado. Error: (06/06/2015 09:48:20 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>com erro: Um certificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. . System errors:=============Error: (06/08/2015 00:15:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço. Error: (06/06/2015 09:01:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (01/01/2007 09:25:38 PM) (Source: EventLog) (EventID: 6008) (User: )Description: O desligamento anterior do sistema em 22:24:25 às ?01/?01/?2007 não era esperado. Error: (01/01/2007 09:20:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (01/01/2007 09:16:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (06/05/2015 10:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 10:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Printer Status Server devido ao seguinte erro: %%2 Error: (06/05/2015 09:57:40 PM) (Source: EventLog) (EventID: 6008) (User: )Description: O desligamento anterior do sistema em 21:56:28 às ?05/?06/?2015 não era esperado. Microsoft Office:=========================Error: (06/08/2015 01:08:49 PM) (Source: SideBySide) (EventID: 33) (User: )Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (06/08/2015 01:08:43 PM) (Source: SideBySide) (EventID: 35) (User: )Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3 Error: (06/08/2015 01:08:38 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe Error: (06/06/2015 09:48:32 AM) (Source: SideBySide) (EventID: 33) (User: )Description: ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero recode\NeroBRServer.exe.Manifest Error: (06/06/2015 09:48:25 AM) (Source: SideBySide) (EventID: 35) (User: )Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type="win32",version="12.0.0.0"c:\program files\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3 Error: (06/06/2015 09:48:20 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Nero\Nero 12\nero backitup\NBVSSTool_x64.exe Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:35:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. Error: (01/01/2007 09:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUmcertificado necessário não está no período de validade ao ser verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado. CodeIntegrity Errors:=================================== Date: 2015-03-25 02:00:05.558 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-25 02:00:05.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.191 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:29:06.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.086 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.062 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 13:20:30.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHzPercentage of memory in use: 36%Total physical RAM: 2039.37 MBAvailable physical RAM: 1303.52 MBTotal Pagefile: 4378.73 MBAvailable Pagefile: 3550.72 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1910.85 MB ==================== Drives ================================ Drive c: (Disco Local) (Fixed) (Total:465.76 GB) (Free:425.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 072C3186)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of log ============================ Suplementar LOG - Adwcleaner:: # AdwCleaner v4.206 - Relatório criado 08/06/2015 às 14:33:16# Atualizado 01/06/2015 por Xplode# Base de dados : 2015-06-05.1 [servidor]# Sistema operacional : Windows 7 Ultimate (x86)# Usuário : Cliente - FM-PC# Executando de : C:\Users\Cliente\Desktop\AdwCleaner.exe# Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v30.0 (pt-BR) -\\ Google Chrome v43.0.2357.81 [C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] : [C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422121674&from=cor&uid=WDCXWD5000AAKX-003CA0_WD-WMAYU943954239542 ************************* AdwCleaner[R1].txt - [5540 bytes] - [08/06/2015 14:31:51]AdwCleaner[s1].txt - [1038 bytes] - [08/06/2015 14:33:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1097 bytes] ########## How should I proceed now please?Sorry my English (Google Translate).I saw that there are errors in the system and that it still tries to load the GBPlugin but with error. Link to post Share on other sites More sharing options...
kevinf80 Posted June 8, 2015 ID:968020 Share Posted June 8, 2015 The following needs to be completed with your system in Normal mode: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Security Check by screen317 from either of the following:http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document.If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...let me see those logs, also let me know if there are any remaining issues or concerns... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
edtambasco Posted June 8, 2015 Author ID:968083 Share Posted June 8, 2015 Kevin, follows LOGS FixLog:: Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015Ran by Cliente at 2015-06-08 18:58:06 Run:2Running from C:\FRSTLoaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Boot Mode: Normal ============================================== fixlist content:*****************StartBHO: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> No FileShellExecuteHooks: - {E37CB5F0-51F5-4395-A808-5FA49E399008} - No File [ ]FF Plugin HKU\S-1-5-21-1769825870-618250928-672845706-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)C:\Users\Cliente\AppData\Local\GAS TecnologiaFF HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpiFF Extension: Guardião - Itaú 30 horas - C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-30]BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)U2 V2iMount; No ImagePathCustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)CustomCLSID: HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)IE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> hxxps://bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itau.com.br -> bankline.itau.com.brIE trusted site: HKU\S-1-5-21-1769825870-618250928-672845706-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.brAlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lstAlternateDataStreams: C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml:OECustomPropertyC:\Windows\System32\drivers\gbpkm.sysC:\Windows\System32\DRIVERS\gbpndisrdn.sysC:\Program Files\DieboldEmpytemp:End***************** "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}" => key removed successfully.HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399008} => value removed successfully.HKCR\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399008} => key not found. "HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\MozillaPlugins\gastecnologia.com.br/sf/uni" => key removed successfully.C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll => moved successfully.C:\Users\Cliente\AppData\Local\GAS Tecnologia => moved successfully.HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873} => value removed successfully.C:\Users\Cliente\AppData\Local\GAS Tecnologia\GBBD\uni\xpi => not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008} => key not found. V2iMount => Service removed successfully."HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}" => key removed successfully."HKU\S-1-5-21-1769825870-618250928-672845706-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}" => key removed successfully."HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itau.com.br" => key removed successfully.HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itau.com.br => key not found. "HKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itaupersonnalite.com.br" => key removed successfully.C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removed successfully..C:\Users\Cliente\Documents\Um dos melhores e-mails que já li!.eml => ":OECustomProperty" ADS removed successfully..C:\Windows\System32\drivers\gbpkm.sys => moved successfully.C:\Windows\System32\DRIVERS\gbpndisrdn.sys => moved successfully."C:\Program Files\Diebold" => File/Folder not found.Empytemp: => Error: No automatic fix found for this entry. ==== End of Fixlog 18:58:06 ==== Security Check Tool LOG:: Results of screen317's Security Check version 1.003 Windows 7 x86 (UAC is disabled!) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 67 Java version 32-bit out of Date! Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox 30.0 Firefox out of Date! Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Log:: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015Ran by Cliente (administrator) on FM-PC on 08-06-2015 19:54:13Running from C:\FRSTLoaded Profiles: Cliente (Available Profiles: Cliente & BLANDO & PAMELA & RAFAEL & Ed)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Português (Brasil)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-08] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-08] (Avast Software s.r.o.)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1769825870-618250928-672845706-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-19] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-19] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)Tcpip\..\Interfaces\{A99C5607-81D0-4EED-B9D3-8AA6E6419926}: [NameServer] 10.1.1.1 FireFox:========FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\1q3fe4zw.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-19] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-19] (Oracle Corporation)FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2006-12-31] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-23]FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-23] Chrome: =======CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-08] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-08] (Avast Software)S4 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-08] () [File not signed]R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-08] () [File not signed]R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-08] () [File not signed]R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-08] () [File not signed]R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-08] () [File not signed]R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-06-08] () [File not signed]R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-08] () [File not signed]R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-08] () [File not signed]S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-06] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-08] (Avast Software)S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.)R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-01-11] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 19:13 - 2015-06-08 19:13 - 00001929 _____ C:\Users\Cliente\Downloads\Fixlist.txt2015-06-08 18:44 - 2015-06-08 18:44 - 00852652 _____ C:\Users\Cliente\Desktop\SecurityCheck.exe2015-06-08 16:24 - 2015-06-08 16:24 - 00000000 ____D C:\Windows\system32\vbox2015-06-08 16:21 - 2015-06-08 16:21 - 00073368 _____ C:\Windows\PFRO.log2015-06-08 16:09 - 2015-06-08 16:09 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe2015-06-08 16:09 - 2015-06-08 16:09 - 00106912 _____ C:\Windows\system32\Drivers\aswStm.sys2015-06-08 16:09 - 2015-06-08 16:09 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr2015-06-08 16:09 - 2015-06-08 16:09 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys2015-06-08 16:09 - 2015-06-08 16:09 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-06-08 16:09 - 2015-06-08 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-06-08 15:52 - 2015-06-08 15:52 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\AVAST Software2015-06-08 15:38 - 2015-06-08 16:09 - 00427992 _____ C:\Windows\system32\Drivers\aswSP.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00081728 _____ C:\Windows\system32\Drivers\aswRdr2.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00074976 _____ C:\Windows\system32\Drivers\aswMonFlt.sys2015-06-08 15:38 - 2015-06-08 16:09 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys2015-06-08 15:38 - 2015-06-08 16:08 - 00787760 _____ C:\Windows\system32\Drivers\aswSnx.sys2015-06-08 15:37 - 2015-06-08 15:37 - 00111520 _____ C:\Users\Cliente\AppData\Local\GDIPFONTCACHEV1.DAT2015-06-08 15:37 - 2015-06-08 15:37 - 00000000 ____D C:\Program Files\AVAST Software2015-06-08 14:34 - 2015-06-08 19:46 - 00000168 _____ C:\Windows\setupact.log2015-06-08 14:34 - 2015-06-08 14:34 - 00434752 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-08 14:34 - 2015-06-08 14:34 - 00000000 _____ C:\Windows\setuperr.log2015-06-08 14:31 - 2015-06-08 14:31 - 02231296 _____ C:\Users\Cliente\Desktop\AdwCleaner.exe2015-06-08 14:29 - 2015-06-08 14:29 - 00026072 _____ C:\Users\Cliente\Desktop\Addition.txt2015-06-08 14:29 - 2015-06-08 14:29 - 00020741 _____ C:\Users\Cliente\Desktop\FRST.txt2015-06-08 14:28 - 2015-06-08 14:28 - 00000000 ____D C:\Users\Cliente\Desktop\rkill2015-06-08 14:27 - 2015-06-08 14:27 - 01147904 _____ (Farbar) C:\Users\Cliente\Desktop\FRST.exe2015-06-08 14:26 - 2015-06-08 14:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Desktop\rkill.exe2015-06-08 12:48 - 2015-06-08 19:49 - 00012850 _____ C:\Windows\WindowsUpdate.log2015-06-08 12:48 - 2015-06-08 12:48 - 00026331 _____ C:\Users\Cliente\Downloads\Addition.txt2015-06-08 12:47 - 2015-06-08 12:48 - 00021187 _____ C:\Users\Cliente\Downloads\FRST.txt2015-06-08 12:47 - 2015-06-08 12:47 - 01147904 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe2015-06-06 11:58 - 2015-06-06 11:59 - 00000000 ____D C:\KVRT_Data2015-06-06 09:14 - 2015-06-08 19:54 - 00000000 ____D C:\FRST2015-06-06 09:05 - 2015-06-06 09:05 - 00000196 ____N C:\Users\Cliente\Desktop\VIEIRA.url2015-06-06 09:04 - 2015-06-06 09:04 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore (1).exe2015-06-05 21:51 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe2015-06-05 21:05 - 2015-06-08 14:28 - 00002324 _____ C:\Users\Cliente\Desktop\Rkill.txt2015-06-05 21:05 - 2015-06-05 21:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Cliente\Downloads\iExplore.exe2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller2015-06-05 20:36 - 2015-06-05 20:48 - 00000000 ____D C:\ProgramData\RogueKiller2015-06-05 20:26 - 2015-06-05 20:48 - 00000000 ____D C:\RegBackup2015-06-05 20:20 - 2015-06-05 20:20 - 00001064 __RSH C:\Users\Ed\ntuser.pol2015-06-05 20:20 - 2015-06-05 20:20 - 00000020 ___SH C:\Users\Ed\ntuser.ini2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Modelos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Meus documentos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Menu Iniciar2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas músicas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Minhas imagens2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Documents\Meus vídeos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Configurações locais2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programas2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Histórico2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\AppData\Local\Dados de aplicativos2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de rede2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 _SHDL C:\Users\Ed\Ambiente de impressão2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Adobe2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed\AppData\Local\Google2015-06-05 20:20 - 2015-06-05 20:20 - 00000000 ____D C:\Users\Ed2015-06-05 20:20 - 2014-07-08 20:23 - 00000000 ____D C:\Users\Ed\AppData\Local\Trusteer2015-06-05 20:20 - 2014-06-23 09:21 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Genie92015-06-05 20:20 - 2009-07-14 01:42 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-06-05 20:20 - 2009-07-14 01:37 - 00000000 ___RD C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro2015-06-05 20:11 - 2015-06-05 20:19 - 00000000 ____D C:\ProgramData\HitmanPro2015-06-05 15:51 - 2015-06-06 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-05 15:51 - 2015-06-05 16:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-05 15:51 - 2015-06-05 15:51 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-06-05 15:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-06-05 15:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-05 15:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-05 15:50 - 2015-06-05 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cliente\Downloads\mbam-setup-2.1.6.1022.exe2015-06-05 15:05 - 2015-06-06 09:03 - 00000000 ____D C:\Qoobox2015-06-05 15:05 - 2015-06-05 21:56 - 00000000 ____D C:\Windows\erdnt2015-06-05 15:05 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe2015-06-05 15:05 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe2015-06-05 15:05 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe2015-06-05 14:34 - 2015-06-06 11:55 - 00000000 ____D C:\Windows\Minidump2015-06-05 14:32 - 2015-06-05 14:32 - 00000000 ____D C:\Program Files\VS Revo Group2015-06-05 14:27 - 2015-06-05 14:27 - 00000936 _____ C:\Users\Public\Desktop\CCleaner.lnk2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-06-05 14:27 - 2015-06-05 14:27 - 00000000 ____D C:\Program Files\CCleaner2015-05-31 02:03 - 2015-05-31 02:03 - 00000512 _____ C:\Users\Cliente\Desktop\1DA930002015-05-31 01:50 - 2015-05-31 01:50 - 00436504 _____ (IBM Corp.) C:\Users\Cliente\Downloads\RapportSetup.exe2015-05-31 01:19 - 2015-05-31 01:19 - 00007266 _____ C:\Users\Cliente\Downloads\35150553966834014253550040000140431610556413-nfe.xml2015-05-15 15:33 - 2015-05-15 15:36 - 00000000 ____D C:\Users\BLANDO\AppData\Roaming\Skype2015-05-14 15:16 - 2015-05-14 15:15 - 00083487 _____ C:\Users\BLANDO\Desktop\[1-7-10]_Lucky_Block_v5-1-0.jar2015-05-14 14:15 - 2015-05-14 14:15 - 00001446 _____ C:\Users\BLANDO\Desktop\.minecraft.lnk2015-05-14 13:40 - 2014-08-30 17:05 - 01157447 _____ C:\Users\BLANDO\Desktop\KeiNett Launcher - PH.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 11:02 - 2014-06-23 09:02 - 00000000 ____D C:\Users\BLANDO\AppData\Local\Google2015-06-08 19:51 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-08 19:51 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-08 19:50 - 2013-11-14 14:49 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-08 19:50 - 2009-07-29 15:46 - 00663606 _____ C:\Windows\system32\prfh0416.dat2015-06-08 19:50 - 2009-07-29 15:46 - 00127896 _____ C:\Windows\system32\prfc0416.dat2015-06-08 19:46 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-08 19:03 - 2014-01-17 10:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-08 15:37 - 2014-01-17 09:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software2015-06-08 15:37 - 2014-01-17 09:30 - 00000000 ____D C:\ProgramData\AVAST Software2015-06-08 12:46 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles2015-06-06 09:59 - 2014-06-23 09:02 - 00000008 __RSH C:\Users\BLANDO\ntuser.pol2015-06-06 09:59 - 2014-06-23 09:01 - 00000000 ____D C:\Users\BLANDO2015-06-05 22:07 - 2013-11-14 17:42 - 00000000 ____D C:\Users\Cliente2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\Users\Cliente\ntuser.pol2015-06-05 22:07 - 2013-11-14 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-06-05 22:06 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2015-06-05 21:42 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\PDF2015-06-05 20:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-06-05 19:34 - 2013-11-14 15:14 - 00000000 ____D C:\Windows\Office152015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-06-05 15:51 - 2014-01-17 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-05 15:22 - 2014-01-17 09:32 - 00001213 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-05 15:22 - 2014-01-17 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-06-05 15:22 - 2013-11-14 17:43 - 00001093 _____ C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-06-05 15:22 - 2013-11-14 15:16 - 00000978 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Default2015-06-05 15:14 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public2015-06-05 14:28 - 2013-11-14 23:35 - 00000000 ____D C:\Windows\Panther2015-06-05 13:05 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype2015-06-01 15:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries2015-05-31 02:11 - 2015-03-25 00:11 - 00000000 ____D C:\Users\Cliente\Desktop\Faturas2015-05-31 02:03 - 2014-06-25 19:49 - 00123904 _____ C:\Users\Cliente\Desktop\FGTS 2007 .xls2015-05-31 02:03 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Documents\Despesas2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia2015-05-31 01:46 - 2014-07-14 20:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia2015-05-31 01:11 - 2014-06-20 17:20 - 00000000 ____D C:\Users\Cliente\Desktop\NFS-e2015-05-31 01:07 - 2013-05-10 17:08 - 01654784 _____ C:\Users\Cliente\Desktop\Contas Correntes.xls2015-05-15 15:33 - 2013-11-14 16:10 - 00002505 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Skype2015-05-15 15:33 - 2013-11-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-14 16:11 - 2015-01-06 22:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk Some files in TEMP:====================C:\Users\Cliente\AppData\Local\temp\Quarantine.exeC:\Users\Cliente\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-05 19:52 ==================== End of log ============================ Others:: QuestionPlease have a question, this entry is legitimate?CHR HKLM \ SOFTWARE \ Policies \ Google: Policy restriction <======= ATTENTION This refers to what? I believe it is important to delete these folders to do a clean install of Banks. I await your response, thank you.C:\Users\Todos os Usuários\GAS TecnologiaC:\ProgramData\GAS TecnologiaBut if you allow me I remove manuallyI look back, thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted June 9, 2015 ID:968149 Share Posted June 9, 2015 Yes the entries you quote can be removed, is best to use FRST... The Chrome policy restriction is more than likely related to security program setting, it may also possibly be the work of malware... The other two entries are inert remnants of Gas Tecnolgia, they would cause no harm to your system but maybe better to remove them.... To remove them do the following; Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, There are several remnants from previous use of Combofix, they are also best removed: Download and run this:http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXEThat will remove Combofix and associated folders...Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java"It will check your current version and then offer to update to the latest versionWatch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very ImportantNext, FireFox is outdate, go here to upate to current version: https://support.mozilla.org/en-US/kb/update-firefox-latest-version To clean up if no remaining issues or concerns do the following: Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present. Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Finally.... The operating system is also outdated and needs Service Pack one (SP1) that can be installed from the following link: http://windows.microsoft.com/en-GB/windows/service-packs-download#sptabs=win7 When complete let me know if we can close out the thread.... Thank you, Kevin Fixlist.txt Link to post Share on other sites More sharing options...
edtambasco Posted June 9, 2015 Author ID:968188 Share Posted June 9, 2015 Kevin.. Sorry DelFix remove FRST Fixlog.log, but the script was successful. DelFix:: # DelFix v1.010 - Relatório criado 09/06/2015 às 12:13:50# Atualizado 26/04/2015 por Xplode# Usuário : Cliente - FM-PC# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits) ~ Ativando UAC ... OK ~ Removendo ferramentas de desinfecção ... Removido : C:\QooboxRemovido : C:\FRSTRemovido : C:\Users\Cliente\Desktop\rkillRemovido : C:\Users\Cliente\Desktop\Addition.txtRemovido : C:\Users\Cliente\Desktop\AdwCleaner.exeRemovido : C:\Users\Cliente\Desktop\FRST.exeRemovido : C:\Users\Cliente\Desktop\FRST.txtRemovido : C:\Users\Cliente\Desktop\LOG Forum MBAM.txtRemovido : C:\Users\Cliente\Desktop\rkill.exeRemovido : C:\Users\Cliente\Desktop\Rkill.txtRemovido : C:\Users\Cliente\Desktop\SecurityCheck.exeRemovido : C:\Users\Cliente\Downloads\Addition.txtRemovido : C:\Users\Cliente\Downloads\FRST.exeRemovido : C:\Users\Cliente\Downloads\FRST.txtRemovido : C:\Users\Cliente\Documents\Downloads\dds.scrRemovido : HKLM\SOFTWARE\AdwCleanerRemovido : HKLM\SOFTWARE\SwearwareRemovido : HKLM\SOFTWARE\TrendMicro\HijackthisRemovido : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR ~ Criando backup do registro ... OK ~ Limpando pontos da restauração do sistema ... Removido : RP #94 [ComboFix created restore point | 06/05/2015 18:05:36]Removido : RP #95 [Ponto de verificação por HitmanPro | 06/05/2015 23:17:50]Removido : RP #96 [Ponto de verificação por HitmanPro | 06/05/2015 23:18:54]Removido : RP #98 [avast! antivirus system restore point | 06/08/2015 18:37:40]Removido : RP #100 [avast! antivirus system restore point | 06/08/2015 19:08:10]Removido : RP #101 [Removed Java 7 Update 67 | 06/09/2015 14:13:21] Novo ponto de restauração criado ! ~ Redefinindo configurações do sistema ... OK ########## - EOF - ########## Delfix:: Results of screen317's Security Check version 1.003 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 45 Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox 35.0.1 Firefox out of Date! Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Then run the DelFix again to remove traces I believe that this topic is solved, I await his final remarks. Thank you for your excellent analysisThank you very much.Looking for something please contact me Link to post Share on other sites More sharing options...
edtambasco Posted June 9, 2015 Author ID:968190 Share Posted June 9, 2015 Observation: (Update Firefox) Results of screen317's Security Check version 1.003 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 45 Adobe Flash Player 17.0.0.169 Adobe Reader XI Mozilla Firefox (38.0.5) Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
kevinf80 Posted June 9, 2015 ID:968251 Share Posted June 9, 2015 Thank you for the logs and the update, good to hear all is now ok....... Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 It was a pleasure to work with you, take care and surf safe, Kevin...... Link to post Share on other sites More sharing options...
edtambasco Posted June 10, 2015 Author ID:968263 Share Posted June 10, 2015 Kevin thank you , I will make reading the indicated topic.The case was solved Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 11, 2015 Root Admin ID:968655 Share Posted June 11, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts