-
September 6th, 2016, 01:18 PM
#1
[RESOLVED] My notebook is infected, help please
Hi guys. My notebook is a old one, core 2 duo, 4gb ram and i use him to work at company, with Windows 7 Professional, 64 bits, SP1.
Iam from Brazil, so i use PT-BR Windows, then the logs gerenateds are all in PT-BR, if someone can explain me how to generate then into english, this would be helpful, because i don't found any language option at FRST x64.
Thanks so much.
FRST Scan:
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 31-08-2016
Executado por HS Paulo (administrador) em HSPAULO-PC (06-09-2016 14:15:31)
Executando a partir de C:\Users\HS Paulo\Downloads
Perfis Carregados: HS Paulo (Perfis Dispon*veis: HS Paulo)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for inclu*da na fixlist, o processo será fechado. O arquivo não será movido.)
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files\Sublime Text 2\sublime_text.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(InterSoft International, Inc.) C:\Program Files (x86)\InterSoft International, Inc\NetTerm\netterm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for inclu*da na fixlist, o *tem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-01-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
BootExecute: autocheck autochk /p \??\C:autocheck autochk *
==================== Internet (Whitelisted) ====================
(Se um *tem for inclu*do na fixlist, sendo um *tem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.221 8.8.8.8
Tcpip\..\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8}: [DhcpNameServer] 10.0.1.221 8.8.8.8
Tcpip\..\Interfaces\{AB80EC73-ED6D-4CD3-AA39-3889BACE4CBC}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{AB80EC73-ED6D-4CD3-AA39-3889BACE4CBC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1434571024-903360116-4022392865-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> search.mpc.am
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-06]
CHR Extension: (Google Docs) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-06]
CHR Extension: (Adblock Plus) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-06]
CHR Extension: (Planilhas do Google) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-06]
CHR Extension: (Segurança do navegador Avira) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-06]
CHR Extension: (Documentos Google off-line) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1434571024-903360116-4022392865-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\HSPAUL~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-09-06]
CHR HKU\S-1-5-21-1434571024-903360116-4022392865-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 AnodutyControls; C:\Program Files (x86)\Aromocult\Chcndf.dll [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [23368 2013-08-07] (ELAN Microelectronic Corp.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for inclu*da na fixlist, o arquivo/pasta será movido.)
2016-09-06 14:00 - 2016-09-06 14:00 - 02397696 _____ (Farbar) C:\Users\HS Paulo\Downloads\FRST64 (1).exe
2016-09-06 13:58 - 2016-09-06 13:58 - 00025419 _____ C:\Users\HS Paulo\Downloads\Addition.txt
2016-09-06 13:57 - 2016-09-06 14:15 - 00011212 _____ C:\Users\HS Paulo\Downloads\FRST.txt
2016-09-06 13:56 - 2016-09-06 14:15 - 00000000 ____D C:\FRST
2016-09-06 13:55 - 2016-09-06 13:55 - 02397696 _____ (Farbar) C:\Users\HS Paulo\Downloads\FRST64.exe
2016-09-06 11:30 - 2016-09-06 11:31 - 00000000 ____D C:\cobolaid
2016-09-06 11:21 - 2016-09-06 11:21 - 00000591 _____ C:\Users\HS Paulo\Desktop\dns-suspeito.lnk
2016-09-06 11:21 - 2016-09-06 11:21 - 00000017 _____ C:\Users\HS Paulo\Desktop\dns-suspeito.txt
2016-09-06 11:08 - 2016-09-06 11:08 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-06 11:08 - 2016-09-06 11:08 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-06 11:04 - 2016-09-06 14:09 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-06 11:04 - 2016-09-06 13:50 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 11:04 - 2016-09-06 11:04 - 00004068 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-06 11:04 - 2016-09-06 11:04 - 00003816 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-06 10:58 - 2016-09-06 11:30 - 00000000 ____D C:\hs
2016-09-06 08:13 - 2016-09-06 13:58 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H C:\Program Files (x86)\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00000020 ____H C:\Program Files (x86)\local64spl.dll.ini
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ___HD C:\Users\MS.Default\Helper.5_
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ___HD C:\Users\MS.Default\Helper.4_
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ___HD C:\Users\MS.Default\Helper.3_
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ___HD C:\Program Files (x86)_
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ____D C:\Users\MS.Default\Helper.5
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ____D C:\Users\MS.Default\Helper.4
2016-09-05 13:55 - 2016-09-05 13:55 - 00000000 ____D C:\Users\MS.Default\Helper.3
2016-09-05 13:38 - 2016-09-05 13:38 - 00002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-05 13:38 - 2016-09-05 13:38 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-05 13:38 - 2016-09-05 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-05 13:38 - 2016-09-05 13:38 - 00000000 ____D C:\Program Files\CCleaner
2016-09-05 13:36 - 2016-09-05 13:37 - 08227032 _____ (Piriform Ltd) C:\Users\HS Paulo\Downloads\ccleaner-5-21-5700.exe
2016-09-05 11:45 - 2016-09-05 11:45 - 00000000 ____D C:\Windows\system32\pom
2016-09-05 11:41 - 2016-09-05 11:45 - 00000000 ____D C:\AdwCleaner
2016-09-05 11:40 - 2016-09-05 11:40 - 03826240 _____ C:\Users\HS Paulo\Downloads\adwcleaner_6.010.exe
2016-09-05 10:02 - 2016-09-05 10:17 - 00000000 ____D C:\Windows\system32\SSL
2016-09-05 10:02 - 2016-09-05 10:02 - 00000000 ____D C:\Users\HS Paulo\AppData\LocalLow\Company
2016-09-05 10:02 - 2016-09-05 10:02 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\Tempfolder
2016-09-05 09:55 - 2016-09-05 14:33 - 00000000 ___HD C:\Program Files (x86)\rh412D6
2016-09-05 09:55 - 2016-09-05 13:55 - 00000000 ___HD C:\Users\MS.Default
2016-09-05 09:55 - 2016-09-05 09:55 - 00008892 _____ C:\Windows\System32\Tasks\Anoduty Controls
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\ProgramData\Avg
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-05 09:53 - 2016-09-05 11:42 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\Gaishhupaty
2016-09-02 21:46 - 2016-09-02 21:46 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\ElevatedDiagnostics
2016-09-02 08:55 - 2016-09-02 08:57 - 00000000 ____D C:\Users\HS Paulo\Desktop\bkp-fds-sls
2016-09-02 07:03 - 2016-09-02 07:03 - 00000009 _____ C:\Users\HS Paulo\Desktop\fgh.txt
2016-09-01 15:42 - 2016-09-01 15:42 - 00142518 _____ C:\Windows\72862bcda0f5513b66dd0dcdee959b2d.exe
2016-08-31 09:09 - 2016-08-31 09:08 - 00001557 _____ C:\Users\HS Paulo\teste.csv
2016-08-30 15:02 - 2016-09-05 10:11 - 00000000 ____D C:\Users\HS Paulo\Desktop\BKP-PROGRAMAS-SPLF-COPERDIA-30-08
2016-08-29 15:22 - 2016-08-29 15:37 - 00000000 ____D C:\hs-bkp20160906
2016-08-29 15:21 - 2016-09-05 14:47 - 00000000 ____D C:\cobolaid-bkp20160906
2016-08-26 10:09 - 2016-08-26 10:28 - 00000000 ____D C:\hs-bkp20160829
2016-08-26 10:08 - 2016-08-31 11:21 - 00000000 ____D C:\cobolaid-bkp20160829
2016-08-26 09:43 - 2016-09-05 15:25 - 00000000 ____D C:\Users\HS Paulo\Desktop\Atualizacoes e Horas
2016-08-18 10:51 - 2016-08-31 18:04 - 00000000 ____D C:\Users\HS Paulo\Desktop\samara
2016-08-18 10:26 - 2016-08-18 10:26 - 00002618 _____ C:\Users\HS Paulo\Desktop\Cabealho_Inf._Fiscais_Relatrio_de_Itens_1.csv
2016-08-17 16:41 - 2016-08-17 16:58 - 00008451 _____ C:\Users\HS Paulo\isdebugger.properties
2016-08-15 16:12 - 2016-08-29 08:14 - 00000000 ____D C:\cobolaid-bkp20160826
2016-08-15 16:12 - 2016-08-15 16:21 - 00000000 ____D C:\hs-bkp20160826
2016-08-12 13:23 - 2016-08-12 13:23 - 00000000 ____D C:\Users\HS Paulo\Desktop\BKP-LTE3050
2016-08-12 09:33 - 2016-08-12 09:33 - 00000000 ____D C:\Users\HS Paulo\Desktop\BKP-LTE3088B-COPERDIA
2016-08-10 17:38 - 2016-08-10 17:38 - 00001435 _____ C:\Users\HS Paulo\Downloads\RENAME-EXAMPLE.CBL
2016-08-10 05:30 - 2016-08-10 05:31 - 00000000 ____D C:\Data
2016-08-09 17:46 - 2016-08-09 17:46 - 00000000 ____D C:\Users\HS Paulo\Desktop\CTO3004
2016-08-08 16:05 - 2016-08-08 16:20 - 00000000 ____D C:\hs-bkp20160815
2016-08-08 16:04 - 2016-08-18 10:40 - 00000000 ____D C:\cobolaid-bkp20160815
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for inclu*da na fixlist, o arquivo/pasta será movido.)
2016-09-06 14:08 - 2016-01-05 09:17 - 00000000 ____D C:\Users\HS Paulo\AppData\Roaming\Skype
2016-09-06 13:59 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-06 13:59 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-06 13:52 - 2016-05-10 09:09 - 00000000 ___RD C:\Users\HS Paulo\Google Drive
2016-09-06 13:50 - 2016-06-20 08:01 - 00073232 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2016-09-06 13:50 - 2016-01-04 20:46 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2016-09-06 13:50 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-06 13:45 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-06 11:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-06 11:07 - 2016-01-05 07:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-06 11:04 - 2016-01-05 07:01 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\Deployment
2016-09-06 10:49 - 2016-04-06 16:26 - 00002112 ____H C:\Users\HS Paulo\Documents\Default.rdp
2016-09-06 08:43 - 2016-01-05 07:15 - 00000000 ____D C:\Lixo
2016-09-06 08:25 - 2016-02-08 15:29 - 00000000 ____D C:\Users\HS Paulo\AppData\Roaming\Mozilla
2016-09-05 16:53 - 2016-07-19 09:02 - 00000000 ____D C:\ATU
2016-09-05 16:40 - 2016-01-06 15:01 - 00000000 ____D C:\xfd
2016-09-05 15:28 - 2016-03-21 17:09 - 00000000 ____D C:\Users\HS Paulo\Desktop\Anotacoes
2016-09-05 13:43 - 2016-01-05 01:51 - 00000000 ____D C:\Windows\Panther
2016-09-05 13:43 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\ModemLogs
2016-09-05 11:19 - 2016-01-05 08:16 - 00000000 ____D C:\dados
2016-09-02 07:41 - 2016-06-21 08:00 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2016-09-02 07:41 - 2016-06-21 08:00 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2016-08-31 17:26 - 2009-08-05 22:58 - 00657374 _____ C:\Windows\system32\prfh0416.dat
2016-08-31 17:26 - 2009-08-05 22:58 - 00125766 _____ C:\Windows\system32\prfc0416.dat
2016-08-31 17:26 - 2009-07-14 02:13 - 01499760 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 16:33 - 2016-01-04 20:56 - 00000000 ____D C:\Users\HS Paulo
2016-08-29 13:42 - 2016-03-21 17:57 - 00000090 _____ C:\Users\HS Paulo\Desktop\hoje.txt
2016-08-23 08:49 - 2016-05-10 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-18 08:07 - 2016-01-05 09:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-18 08:07 - 2016-01-05 09:17 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-08-18 08:07 - 2016-01-05 09:17 - 00000000 ____D C:\ProgramData\Skype
2016-08-17 16:59 - 2016-08-04 16:12 - 00001240 _____ C:\Users\HS Paulo\Desktop\HS - SERVER 221.lnk
2016-08-17 16:45 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-08-15 08:18 - 2016-01-04 21:02 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-08-12 14:22 - 2016-08-03 18:17 - 00000000 ____D C:\cobolaid-bkp20160809
==================== Arquivos na raiz de alguns diretórios =======
2016-09-05 13:55 - 2016-09-05 13:55 - 0142336 ____H () C:\Program Files (x86)\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 0000020 ____H () C:\Program Files (x86)\local64spl.dll.ini
Alguns arquivos em TEMP:
====================
C:\Users\HS Paulo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll
[2016-01-07 14:54] - [2016-01-07 14:54] - 0357888 ____A (Microsoft Corporation) DA4E1AAC540F2F173229E2D63DB8BE57
C:\Windows\SysWOW64\dnsapi.dll
[2016-01-07 14:54] - [2016-01-07 14:54] - 0270336 ____A (Microsoft Corporation) 7D08980090CB704C0F2293C3D56D01DC
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-09-05 12:12
==================== Fim de FRST.txt ============================
Addition.txt
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 31-08-2016
Executado por HS Paulo (06-09-2016 14:15:55)
Executando a partir de C:\Users\HS Paulo\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-01-04 23:56:30)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-1434571024-903360116-4022392865-500 - Administrator - Disabled)
Convidado (S-1-5-21-1434571024-903360116-4022392865-501 - Limited - Disabled)
HS Paulo (S-1-5-21-1434571024-903360116-4022392865-1000 - Administrator - Enabled) => C:\Users\HS Paulo
==================== Central de Segurança ========================
(Se uma entrada for inclu*da na fixlist, será removida.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados * fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.61 - Conexant)
extend(R) Version 9.2.4 (HKLM-x32\...\{A1720B7A-E445-4163-B897-A220A2D421C1}) (Version: 9.24.0000 - Micro Focus)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.89 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
isCOBOL 2016.1 (64 bit) (HKLM\...\9196-3056-3729-6045) (Version: 2016.1 - Veryant)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NetTerm (HKLM-x32\...\{A5E11CB3-A70A-433E-A1B8-406680CCFB9D}) (Version: 5.4.2.6 - InterSoft International, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SiTef Simulado (HKLM-x32\...\{1A1C433A-DD51-412E-8861-C47935EE748B}) (Version: 6.0.4 - Software Express Informatica LTDA)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {173C4DBA-C957-4FA8-AC5A-2E6AB6BED179} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-06] (Google Inc.)
Task: {1D2D5265-2003-4D77-998E-0B48DA4E4339} - System32\Tasks\Anoduty Controls => C:\Program Files (x86)\Aromocult\wgerse.exe
Task: {B32471C1-38DE-48BA-A462-A5ED64FAA414} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {BE0CF46E-1316-4DAF-9DBB-32EADC51FF86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {F8C9C800-7CED-43F2-913B-97604F1C77EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-06] (Google Inc.)
(Se uma entrada for inclu*da na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
==================== Módulos Carregados (Whitelisted) ==============
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Program Files (x86)\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Program Files (x86)_\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Users\MS.Default\Helper.3\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Users\MS.Default\Helper.3_\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Users\MS.Default\Helper.4\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Users\MS.Default\Helper.4_\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Users\MS.Default\Helper.5\local64spl.dll
2016-09-05 13:55 - 2016-09-05 13:55 - 00142336 ____H () C:\Users\MS.Default\Helper.5_\local64spl.dll
2013-04-04 00:09 - 2013-04-04 00:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-01-05 08:39 - 2013-07-08 10:25 - 05663232 _____ () C:\Program Files\Sublime Text 2\sublime_text.exe
2016-01-05 08:39 - 2010-09-15 21:06 - 00111616 _____ () C:\Program Files\Sublime Text 2\_ctypes.pyd
2016-01-05 08:39 - 2010-09-15 21:06 - 00470528 _____ () C:\Program Files\Sublime Text 2\_hashlib.pyd
2016-01-05 08:39 - 2010-09-15 21:06 - 00045568 _____ () C:\Program Files\Sublime Text 2\_socket.pyd
2016-01-05 08:43 - 2016-01-05 08:43 - 01675264 _____ () C:\Users\HS Paulo\AppData\Roaming\Sublime Text 2\Packages\ssl-windows\st2_windows_x64\_ssl.pyd
2016-01-05 08:44 - 2016-01-05 08:44 - 00088064 _____ () C:\Users\HS Paulo\AppData\Roaming\Sublime Text 2\Packages\bz2\st2_windows_x64\bz2.pyd
2016-09-06 11:08 - 2016-08-30 23:16 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libglesv2.dll
2016-09-06 11:08 - 2016-08-30 23:16 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.89\libegl.dll
2013-04-04 00:09 - 2013-04-04 00:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-06 13:51 - 2016-09-06 13:51 - 00098816 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32api.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00110080 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\pywintypes27.dll
2016-09-06 13:51 - 2016-09-06 13:51 - 00364544 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\pythoncom27.dll
2016-09-06 13:51 - 2016-09-06 13:51 - 00320512 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32com.shell.shell.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00776704 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_hashlib.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 01176576 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._core_.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00806400 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._gdi_.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00816128 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._windows_.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 01067008 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._controls_.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00733184 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._misc_.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00682496 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\pysqlite2._sqlite.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00088064 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_ctypes.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00119808 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32file.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00108544 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32security.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00007168 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\hashobjs_ext.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00017920 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\thumbnails_ext.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00088064 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\usb_ext.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00012800 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\common.time34.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00018432 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32event.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00167936 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32gui.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00046080 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_socket.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 01208320 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_ssl.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00128512 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_elementtree.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00127488 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\pyexpat.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00038912 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32inet.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00036864 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_psutil_windows.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00525208 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\windows._lib_cacheinvalidation.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00011264 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32crypt.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00077312 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._html2.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00027136 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_multiprocessing.pyd
2016-09-06 13:50 - 2016-09-06 13:50 - 00020480 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\_yappi.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00035840 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32process.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00686080 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\unicodedata.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00078848 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._animate.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00123392 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\wx._wizard.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00024064 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32pipe.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00010240 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\select.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00025600 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32pdh.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00017408 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32profile.pyd
2016-09-06 13:51 - 2016-09-06 13:51 - 00022528 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI23642\win32ts.pyd
2010-11-12 11:07 - 2010-11-12 11:07 - 00126976 _____ () C:\Program Files (x86)\InterSoft International, Inc\NetTerm\ISIVIDEO.dll
2009-11-22 11:15 - 2009-11-22 11:15 - 00028672 _____ () C:\Program Files (x86)\InterSoft International, Inc\NetTerm\ISISTAT.dll
2001-02-10 23:23 - 2001-02-10 23:23 - 00011776 _____ () C:\Program Files (x86)\InterSoft International, Inc\NetTerm\ISIBAR.dll
1998-01-24 09:30 - 1998-01-24 09:30 - 00019968 _____ () C:\Program Files (x86)\InterSoft International, Inc\NetTerm\ISIPRINT.dll
2000-06-17 16:51 - 2000-06-17 16:51 - 00019456 _____ () C:\Program Files (x86)\InterSoft International, Inc\NetTerm\ISILOGO.dll
2010-02-11 14:02 - 2010-02-11 14:02 - 00098304 _____ () C:\Program Files (x86)\InterSoft International, Inc\NetTerm\english.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for inclu*da na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
==================== Associação (Whitelisted) ===============
(Se uma entrada for inclu*da na fixlist, o *tem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for inclu*da na fixlist, será removida do Registro.)
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser inclu*da na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2016-09-05 11:45 - 00001444 ____A C:\Windows\system32\Drivers\etc\hosts
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HS Paulo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.221 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER *tens desabilitados ==
(Atualmente não há nenhuma correção automática para esta seção.)
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5A8218B1-0BEB-4EDC-BD8D-AF754C59B754}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{19C684FF-EAB0-4E4E-8204-7EC524040E2F}C:\sitef\aplic.win\gerpdv-s.exe] => (Allow) C:\sitef\aplic.win\gerpdv-s.exe
FirewallRules: [UDP Query User{385BD8A0-9ED2-4BBF-B023-8A554C020645}C:\sitef\aplic.win\gerpdv-s.exe] => (Allow) C:\sitef\aplic.win\gerpdv-s.exe
FirewallRules: [{B3F1509A-A493-4CF1-8CCB-8C043FAB4D4E}] => (Allow) C:\Users\HS Paulo\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{B1EDDD8F-31EA-4464-9F02-A2D3814F24DB}] => (Allow) C:\Users\HS Paulo\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{615BB566-2A59-47A7-94BF-EC374BBEC6B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Pontos de Restauração =========================
26-08-2016 14:14:11 Ponto de Verificação Agendado
03-09-2016 19:27:59 Ponto de Verificação Agendado
05-09-2016 09:48:17 Removed MongoDB 3.2.8 2008R2Plus SSL (64 bit)
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (09/06/2016 01:45:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Falha na recuperação de atualização automática do certificado raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> com erro: Esta operação foi retornada porque o tempo limite expirou.
.
Error: (09/06/2016 11:03:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:02:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Falha na recuperação de atualização automática do certificado raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> com erro: 12007 (0x2ee7).
Error: (09/06/2016 11:02:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:02:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:02:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:02:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Error: (09/06/2016 11:01:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualização automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> com erro: Um certificado necessário não está no per*odo de validade ao ser verificado em relação * hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.
Erros de Sistema:
=============
Error: (09/06/2016 02:15:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume \Device\HarddiskVolume2.
Error: (09/06/2016 02:00:49 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume \Device\HarddiskVolume2.
Error: (09/06/2016 01:58:02 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/06/2016 01:53:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Avira Service Host foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (09/06/2016 01:53:16 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/06/2016 01:53:16 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume \Device\HarddiskVolume2.
Error: (09/06/2016 01:53:16 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/06/2016 01:53:16 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume \Device\HarddiskVolume2.
Error: (09/06/2016 01:50:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço AnodutyControls terminou com o erro:
Não foi poss*vel encontrar o módulo especificado.
Error: (09/06/2016 01:50:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 13:45:04 *s 06/09/2016 não era esperado.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
Percentagem de memória em uso: 50%
RAM f*sica total: 3960.87 MB
RAM f*sica dispon*vel: 1952.63 MB
Virtual Total: 7919.93 MB
Virtual dispon*vel: 5716.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:247.93 GB) (Free:172.89 GB) NTFS
Drive d: (Backup) (Fixed) (Total:50.06 GB) (Free:44.73 GB) NTFS
Drive x: () (Network) (Total:119.9 GB) (Free:48.73 GB) NTFS
Drive z: () (Network) (Total:70.74 GB) (Free:0.17 GB)
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C22C7ADF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50.1 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================
-
September 6th, 2016, 09:32 PM
#2
Welcome aboard
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================
You're not saying what the issues are.
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
- Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
-
September 7th, 2016, 11:34 AM
#3
Sorry, i forgot to say what's happening with my notebook.
After i've installed the infetec program, he started to open tons of pages, every 5 mins, even if the browser is closed (and this is a big problem at work right?). Then, he slow'd down my browser so much, sometimes i can't even open any webpage. He changed my DNS to 104.197.191.4, and even if i change it manually, he do it back
I tried to restore my system, but it say's my C: unit is corrupted, so i can't restore. Thanks for your help, iam going to start following the steps now.
-
September 7th, 2016, 01:49 PM
#4
Here we go (multi-answer because this is too long)
RK Scans:
RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : HS Paulo [Administrador]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Modo : Escanear -- Data : 09/07/2016 12:36:09 (Duration : 00:20:26)
¤¤¤ Processos : 0 ¤¤¤
¤¤¤ Registro : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8} | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8} | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8} | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Encontrado
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1434571024-903360116-4022392865-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1434571024-903360116-4022392865-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Encontrado
¤¤¤ Tarefas : 0 ¤¤¤
¤¤¤ Arquivos : 2 ¤¤¤
[Tr.DnsPatcher|VT.Unknown][Arquivo] C:\Windows\System32\dnsapi.dll -> Encontrado
[Tr.DnsPatcher|VT.Unknown][Arquivo] C:\Windows\SysWOW64\dnsapi.dll -> Encontrado
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Arquivos de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Navegadores : 0 ¤¤¤
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA MK3252GS SCSI Disk Device +++++
--- User ---
[MBR] 25297310368abeb8c392d6b4473f4aa4
[BSP] b7d58fcdade8358d323a873e1e1335c7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 253880 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 520153088 | Size: 51264 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
*****************************************************************************************************
RK second txt:
RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : HS Paulo [Administrador]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Modo : Deletar -- Data : 09/07/2016 12:36:09 (Duration : 00:20:26)
¤¤¤ Processos : 0 ¤¤¤
¤¤¤ Registro : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Substitu*do ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8} | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Substitu*do ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8} | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Substitu*do ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8} | DhcpNameServer : 10.0.1.221 8.8.8.8 ([][-]) -> Substitu*do ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Substitu*do (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Substitu*do (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1434571024-903360116-4022392865-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Substitu*do (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1434571024-903360116-4022392865-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Substitu*do (1)
¤¤¤ Tarefas : 0 ¤¤¤
¤¤¤ Arquivos : 2 ¤¤¤
[Tr.DnsPatcher|VT.Unknown][Arquivo] C:\Windows\System32\dnsapi.dll -> Substitu*do na reinicialização ( @Src Microsoft Cloud)
[Tr.DnsPatcher|VT.Unknown][Arquivo] C:\Windows\SysWOW64\dnsapi.dll -> Substitu*do na reinicialização ( @Src Microsoft Cloud)
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Arquivos de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Navegadores : 0 ¤¤¤
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA MK3252GS SCSI Disk Device +++++
--- User ---
[MBR] 25297310368abeb8c392d6b4473f4aa4
[BSP] b7d58fcdade8358d323a873e1e1335c7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 253880 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 520153088 | Size: 51264 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
-
September 7th, 2016, 01:52 PM
#5
MBAM archieve is too long, 363716 characteres, so how we can do it?
Adwcleaner txt:
# AdwCleaner v6.010 - Relatório criado 07/09/2016 *s 14:08:23
# *Updated on 12/08/2016 by ToolsLib
# Banco de dados : 2016-09-06.1 [Servidor]
# Sistema operacional : Windows 7 Professional Service Pack 1 (X64)
# Usuário : HS Paulo - HSPAULO-PC
# Executando de : C:\Users\HS Paulo\Downloads\adwcleaner_6.010 (1).exe
# Limpar
# Apoio : https://toolslib.net/forum
***** [ Serviços ] *****
***** [ Pastas ] *****
[-] RestauradoC:\users\MS.Default\Helper.5
[-] RestauradoC:\users\MS.Default\Helper.4
[-] RestauradoC:\users\MS.Default\Helper.3
***** [ Arquivos ] *****
***** [ DLL ] *****
[!] Desinfectado C:\Windows\SysWOW64\dnsapi.dll
***** [ WMI ] *****
***** [ Atalhos ] *****
***** [ Tarefas agendadas ] *****
***** [ Registro ] *****
[-] Restaurado[x64] HKLM\SOFTWARE\b`nl{y
[-] RestauradoHKU\.DEFAULT\Software\b`nl{y
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y
[-] RestauradoHKLM\SOFTWARE\b`nl{y
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
***** [ Navegadores ] *****
[-] [C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default] [homepage] Exclu*dosearch.mpc.am
*************************
:: Chaves "Tracing" exclu*das
:: Configurações Winsock restauradas
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5387 *Bytes] - [05/09/2016 11:45:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [1413 *Bytes] - [07/09/2016 14:08:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [4919 *Bytes] - [05/09/2016 11:43:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [1717 *Bytes] - [07/09/2016 14:06:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1635 *Bytes] ##########
******************************************************************************************************
JRT txt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by HS Paulo (Administrator) on 07/09/2016 at 14:18:08,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 19
Successfully deleted: C:\Users\HS Paulo\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1O7M6BQZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BID5B3V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AL4KSDVG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2CH21TI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\HS Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSV4NWF8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1O7M6BQZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BID5B3V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AL4KSDVG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2CH21TI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSV4NWF8 (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/09/2016 at 14:20:33,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
September 7th, 2016, 02:52 PM
#6
Plus there's a message that says: File C: \ Program Files (x86 ) \ Reference Assemblies \ Microsoft \ v3,5 THIS corrupted not being possible to Reading . Run CHKDSK utility
-
September 7th, 2016, 09:12 PM
#7
-
September 8th, 2016, 07:14 AM
#8
Originally Posted by Broni
Please attach MBAM log.
MBAM Scan attachedmbamscan.txt
-
September 8th, 2016, 06:01 PM
#9
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
September 13th, 2016, 06:35 PM
#10
Hello.
If i did everything correctly, this are the scans:
ComboFix:
ComboFix 16-09-05.01 - HS Paulo 11/09/2016 15:21:08.2.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3961.3372 [GMT -3:00]
Executando de: c:\users\HS Paulo\Desktop\Paulo.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2016-08-11 to 2016-09-11 ))))))))))))))))))))))))))))
.
.
2016-09-11 18:26 . 2016-09-11 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-08 13:18 . 2016-09-08 13:22 -------- d-----w- C:\ATU-CONVERTIDOS
2016-09-08 13:15 . 2016-09-08 13:15 -------- d-----w- c:\program files (x86)\RJL Software, Inc
2016-09-07 16:31 . 2016-09-11 17:01 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-07 16:31 . 2016-09-07 16:31 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-09-07 16:31 . 2016-09-07 16:31 -------- d-----w- c:\programdata\Malwarebytes
2016-09-07 16:31 . 2016-03-10 17:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-07 16:31 . 2016-03-10 17:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-07 16:31 . 2016-03-10 17:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-07 15:36 . 2016-09-07 15:36 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-07 15:35 . 2016-09-07 16:10 -------- d-----w- c:\program files\RogueKiller
2016-09-07 15:35 . 2016-09-07 15:35 -------- d-----w- c:\programdata\RogueKiller
2016-09-06 16:56 . 2016-09-06 17:16 -------- d-----w- C:\FRST
2016-09-06 14:30 . 2016-09-09 17:46 -------- d-----w- C:\cobolaid
2016-09-06 13:58 . 2016-09-06 14:30 -------- d-----w- C:\hs
2016-09-06 11:13 . 2016-09-06 21:37 -------- d-----w- c:\program files (x86)\Avira
2016-09-05 16:55 . 2016-09-07 16:54 -------- d-----w- C:\Program Files (x86)_
2016-09-05 16:38 . 2016-09-05 16:38 -------- d-----w- c:\program files\CCleaner
2016-09-05 14:45 . 2016-09-05 14:45 -------- d-----w- c:\windows\system32\pom
2016-09-05 14:41 . 2016-09-07 17:08 -------- d-----w- C:\AdwCleaner
2016-09-05 13:04 . 2016-09-05 13:04 -------- d-----w- c:\users\HS Paulo\AppData\Roaming\Desktop
2016-09-05 13:02 . 2016-09-05 13:02 -------- d-----w- c:\users\HS Paulo\AppData\Local\Tempfolder
2016-09-05 13:02 . 2016-09-05 13:17 -------- d-----w- c:\windows\system32\SSL
2016-09-05 12:55 . 2016-09-11 17:05 -------- d--h--w- c:\users\MS.Default
2016-09-05 12:55 . 2016-09-05 12:55 -------- d-----w- c:\programdata\Avg
2016-09-05 12:55 . 2016-09-05 12:55 -------- d-----w- c:\programdata\AVAST Software
2016-09-05 12:55 . 2016-09-05 17:33 -------- d--h--w- c:\program files (x86)\rh412D6
2016-09-05 12:53 . 2016-09-05 12:53 -------- d-----w- c:\users\HS Paulo\AppData\Roaming\Profiles
2016-09-03 00:46 . 2016-09-03 00:46 -------- d-----w- c:\users\HS Paulo\AppData\Local\ElevatedDiagnostics
2016-08-29 18:22 . 2016-08-29 18:37 -------- d-----w- C:\hs-bkp20160906
2016-08-29 18:21 . 2016-09-05 17:47 -------- d-----w- C:\cobolaid-bkp20160906
2016-08-26 13:09 . 2016-08-26 13:28 -------- d-----w- C:\hs-bkp20160829
2016-08-26 13:08 . 2016-08-31 14:21 -------- d-----w- C:\cobolaid-bkp20160829
2016-08-15 19:12 . 2016-08-15 19:21 -------- d-----w- C:\hs-bkp20160826
2016-08-15 19:12 . 2016-08-29 11:14 -------- d-----w- C:\cobolaid-bkp20160826
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-11 17:55 . 2016-01-04 23:46 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2016-09-11 17:55 . 2016-06-20 11:01 73232 ----a-w- c:\windows\SysWow64\rpcnet.dll
2016-09-11 16:28 . 2016-06-21 11:00 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2016-09-11 16:28 . 2016-06-21 11:00 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2016-08-04 19:29 . 2016-04-06 11:53 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-06-21 11:05 . 2016-06-21 11:05 73232 ------w- c:\windows\SysWow64\rpcnet.exe
2016-06-20 11:06 . 2016-01-05 10:16 68072 ----a-w- c:\windows\SysWow64\agremove.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e leg*timas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-07-13 29500544]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-07-29 23375200]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-08-05 8894680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys;c:\windows\SYSNATIVE\DRIVERS\ubsbm.sys [x]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys;c:\windows\SYSNATIVE\DRIVERS\ubumapi.sys [x]
R3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Driver de adaptador Intel(R) Wireless WiFi Link 5000 Series para Windows Vista 64 Bits;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys;c:\windows\SYSNATIVE\DRIVERS\ubohci.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AnodutyControls REG_MULTI_SZ AnodutyControls
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-09-06 14:04]
.
2016-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-09-06 14:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-07-29 12:34 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-07-29 12:34 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-07-29 12:34 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-17 163384]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-17 418360]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2016-09-11 15:29:45
ComboFix-quarantined-files.txt 2016-09-11 18:29
ComboFix2.txt 2016-09-11 17:05
.
Pré-execução: 182.712.741.888 bytes dispon*veis
Pós execução: 182.454.710.272 bytes dispon*veis
.
- - End Of File - - 65AD89E93C4BCFC034042434FD63BA78
A36C5E4F47E84449FF07ED3517B43A31
*****************************************************************************************************************************************************************************************
Rkill:
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/11/2016 03:19:44 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* BFE (BFE) is not Running.
Startup Type set to: Automatic
* Cliente DHCP (Dhcp) is not Running.
Startup Type set to: Automatic
* Cliente DNS (Dnscache) is not Running.
Startup Type set to: Automatic
* COM+ evento do sistema (EventSystem) is not Running.
Startup Type set to: Automatic
* Firewall do Windows (MpsSvc) is not Running.
Startup Type set to: Automatic
* Conexões de Rede (Netman) is not Running.
Startup Type set to: Manual
* Serviço de Interface de Repositório de Rede (nsi) is not Running.
Startup Type set to: Automatic
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic
* Central de Segurança (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System
* Driver de Autorização do Firewall do Windows (mpsdrv) is not Running.
Startup Type set to: Manual
* NetBT (NetBT) is not Running.
Startup Type set to: System
* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System
* Driver de Suporte a TDI Herdado de NetIO (tdx) is not Running.
Startup Type set to: System
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/11/2016 03:19:52 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
-
September 13th, 2016, 07:31 PM
#11
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double click to run it.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
-
September 18th, 2016, 09:36 PM
#12
-
September 19th, 2016, 08:05 AM
#13
Yep, iam sorry for not posting before, because this is company notebook and sometimes i can't take him for the weekend. Gonna go and post the scan today.
-
September 19th, 2016, 07:53 PM
#14
Well, here we go:
Scan:
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 31-08-2016
Executado por HS Paulo (administrador) em HSPAULO-PC (19-09-2016 20:45:30)
Executando a partir de C:\Users\HS Paulo\Downloads
Perfis Carregados: HS Paulo (Perfis Dispon*veis: HS Paulo)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for inclu*da na fixlist, o processo será fechado. O arquivo não será movido.)
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for inclu*da na fixlist, o *tem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
BootExecute: autocheck autochk /p \??\C:autocheck autochk *
==================== Internet (Whitelisted) ====================
(Se um *tem for inclu*do na fixlist, sendo um *tem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5FBFAE6F-0882-4B77-A1FC-2CE7B717A0C8}: [DhcpNameServer] 10.0.1.221 8.8.8.8
Tcpip\..\Interfaces\{AB80EC73-ED6D-4CD3-AA39-3889BACE4CBC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1434571024-903360116-4022392865-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
Chrome:
=======
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-06]
CHR Extension: (Google Docs) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-06]
CHR Extension: (Adblock Plus) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-08]
CHR Extension: (Planilhas do Google) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-06]
CHR Extension: (Documentos Google off-line) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\HS Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1434571024-903360116-4022392865-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\HSPAUL~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-09-06]
CHR HKU\S-1-5-21-1434571024-903360116-4022392865-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [23368 2013-08-07] (ELAN Microelectronic Corp.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-07] ()
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for inclu*da na fixlist, o arquivo/pasta será movido.)
2016-09-19 17:30 - 2016-09-19 17:42 - 00000000 ____D C:\Users\HS Paulo\Desktop\hs
2016-09-19 17:30 - 2016-09-19 17:30 - 00000000 ____D C:\Users\HS Paulo\Desktop\cobolaid
2016-09-19 10:22 - 2016-09-19 10:22 - 00000000 ____D C:\Users\HS Paulo\Desktop\Antes de Converter - BKP
2016-09-16 16:25 - 2016-09-16 16:25 - 00004446 _____ C:\Users\HS Paulo\Downloads\16253420.prn
2016-09-15 16:43 - 2016-09-15 16:43 - 00043182 _____ C:\Users\HS Paulo\Desktop\fao3100r-bkp.cbl
2016-09-15 14:25 - 2016-09-15 14:25 - 00023804 _____ C:\Users\HS Paulo\Downloads\M20160915.csv
2016-09-14 09:59 - 2016-09-14 09:59 - 00000000 ____D C:\Users\HS Paulo\Desktop\tec-liam-bkp
2016-09-14 09:13 - 2016-09-14 09:13 - 00002933 _____ C:\Users\HS Paulo\Downloads\fao-fgoi.fd
2016-09-14 09:13 - 2016-09-14 09:13 - 00000613 _____ C:\Users\HS Paulo\Downloads\fao-fgoi.sl
2016-09-13 10:50 - 2016-09-13 10:50 - 00000000 ____D C:\Users\HS Paulo\Desktop\ses3378
2016-09-12 16:04 - 2016-09-12 16:01 - 00015072 _____ C:\16011289.prn
2016-09-12 14:55 - 2016-09-19 16:37 - 00000000 ____D C:\cobolaid
2016-09-12 14:55 - 2016-09-12 15:04 - 00000000 ____D C:\hs
2016-09-12 09:52 - 2016-09-12 09:52 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\CrashDumps
2016-09-11 14:55 - 2016-09-11 15:29 - 00180336 _____ C:\Windows\ntbtlog.txt
2016-09-11 14:10 - 2016-09-11 14:10 - 05658674 ____R (Swearware) C:\Users\HS Paulo\Desktop\Paulo.exe
2016-09-11 14:07 - 2016-09-11 14:07 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\HS Paulo\Downloads\rkill.exe
2016-09-11 14:07 - 2016-09-11 14:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\HS Paulo\Downloads\rkill64.exe
2016-09-11 13:49 - 2016-09-11 15:29 - 00000000 ____D C:\Qoobox
2016-09-11 13:49 - 2016-09-11 14:03 - 00000000 ____D C:\Windows\erdnt
2016-09-11 13:49 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2016-09-11 13:49 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2016-09-11 13:49 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-09-11 13:49 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-09-11 13:49 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-09-11 13:49 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2016-09-11 13:49 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2016-09-11 13:49 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2016-09-09 10:14 - 2016-09-09 10:36 - 00006107 _____ C:\ses3337.txt
2016-09-09 09:11 - 2016-09-09 09:11 - 05137167 _____ C:\CMROKH~V.TXT
2016-09-09 09:11 - 2016-09-09 09:11 - 00074649 _____ C:\C4K8P8~8.TXT
2016-09-08 17:45 - 2016-09-08 17:45 - 05137167 _____ C:\CQWG62~3.TXT
2016-09-08 17:45 - 2016-09-08 17:45 - 00000597 _____ C:\C6FX2Y~8.TXT
2016-09-08 17:03 - 2016-09-09 08:46 - 05012559 _____ C:\mercadoria.txt
2016-09-08 17:03 - 2016-09-09 08:46 - 00074649 _____ C:\servicos.txt
2016-09-08 11:18 - 2016-09-08 11:18 - 06478125 _____ C:\Users\HS Paulo\Downloads\mercadoria.txt
2016-09-08 10:15 - 2016-09-08 10:15 - 00002024 _____ C:\Users\Public\Desktop\Simple Search-Replace.lnk
2016-09-08 10:15 - 2016-09-08 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Search-Replace
2016-09-08 10:15 - 2016-09-08 10:15 - 00000000 ____D C:\Program Files (x86)\RJL Software, Inc
2016-09-08 10:13 - 2016-09-08 10:13 - 04559231 _____ (RJL Software, Inc. ) C:\Users\HS Paulo\Downloads\search_setup.exe
2016-09-08 08:15 - 2016-09-13 08:34 - 00000000 ____D C:\Users\HS Paulo\Desktop\Scans
2016-09-08 08:14 - 2016-09-08 08:14 - 00365702 _____ C:\Users\HS Paulo\Downloads\mbamscan.txt
2016-09-07 14:17 - 2016-09-07 14:17 - 01610560 _____ (Malwarebytes) C:\Users\HS Paulo\Downloads\JRT.exe
2016-09-07 14:03 - 2016-09-07 14:04 - 03826240 _____ C:\Users\HS Paulo\Downloads\adwcleaner_6.010 (1).exe
2016-09-07 13:50 - 2016-09-07 13:50 - 00001054 _____ C:\mbam.txt
2016-09-07 13:31 - 2016-09-19 20:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-07 13:31 - 2016-09-07 13:31 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-07 13:31 - 2016-09-07 13:31 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-09-07 13:31 - 2016-09-07 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-07 13:31 - 2016-09-07 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-07 13:31 - 2016-09-07 13:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-07 13:31 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-07 13:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-07 13:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-07 13:25 - 2016-09-07 13:25 - 22851472 _____ (Malwarebytes ) C:\Users\HS Paulo\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-07 12:57 - 2016-09-07 12:59 - 33106704 _____ (Adlice Software ) C:\Users\HS Paulo\Downloads\setup (1).exe
2016-09-07 12:36 - 2016-09-07 12:36 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-07 12:35 - 2016-09-07 13:10 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-07 12:35 - 2016-09-07 12:35 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-09-07 12:35 - 2016-09-07 12:35 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller
2016-09-07 12:35 - 2016-09-07 12:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-07 12:35 - 2016-09-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-07 12:25 - 2016-09-07 12:28 - 33106704 _____ (Adlice Software ) C:\Users\HS Paulo\Downloads\setup.exe
2016-09-06 14:00 - 2016-09-06 14:00 - 02397696 _____ (Farbar) C:\Users\HS Paulo\Downloads\FRST64 (1).exe
2016-09-06 13:58 - 2016-09-06 14:16 - 00025314 _____ C:\Users\HS Paulo\Downloads\Addition.txt
2016-09-06 13:57 - 2016-09-19 20:46 - 00011448 _____ C:\Users\HS Paulo\Downloads\FRST.txt
2016-09-06 13:56 - 2016-09-19 20:45 - 00000000 ____D C:\FRST
2016-09-06 13:55 - 2016-09-06 13:55 - 02397696 _____ (Farbar) C:\Users\HS Paulo\Downloads\FRST64.exe
2016-09-06 11:30 - 2016-09-13 15:29 - 00000000 ____D C:\cobolaid-bkp20160912
2016-09-06 11:08 - 2016-09-19 08:26 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-06 11:08 - 2016-09-19 08:26 - 00002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-06 11:04 - 2016-09-19 20:39 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 11:04 - 2016-09-19 17:09 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-06 11:04 - 2016-09-06 11:04 - 00004068 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-06 11:04 - 2016-09-06 11:04 - 00003816 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-06 10:58 - 2016-09-06 11:30 - 00000000 ____D C:\hs-bkp20160912
2016-09-06 08:13 - 2016-09-06 18:37 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-05 13:55 - 2016-09-07 13:54 - 00000000 ____D C:\Program Files (x86)_
2016-09-05 13:55 - 2016-09-07 13:53 - 00000000 ___HD C:\Users\MS.Default\Helper.5_
2016-09-05 13:55 - 2016-09-07 13:53 - 00000000 ___HD C:\Users\MS.Default\Helper.4_
2016-09-05 13:55 - 2016-09-07 13:53 - 00000000 ___HD C:\Users\MS.Default\Helper.3_
2016-09-05 13:55 - 2016-09-05 13:55 - 00000020 ____H C:\Program Files (x86)\local64spl.dll.ini
2016-09-05 13:38 - 2016-09-05 13:38 - 00002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-05 13:38 - 2016-09-05 13:38 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-05 13:38 - 2016-09-05 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-05 13:38 - 2016-09-05 13:38 - 00000000 ____D C:\Program Files\CCleaner
2016-09-05 13:36 - 2016-09-05 13:37 - 08227032 _____ (Piriform Ltd) C:\Users\HS Paulo\Downloads\ccleaner-5-21-5700.exe
2016-09-05 11:45 - 2016-09-05 11:45 - 00000000 ____D C:\Windows\system32\pom
2016-09-05 11:41 - 2016-09-07 14:08 - 00000000 ____D C:\AdwCleaner
2016-09-05 11:40 - 2016-09-05 11:40 - 03826240 _____ C:\Users\HS Paulo\Downloads\adwcleaner_6.010.exe
2016-09-05 10:02 - 2016-09-05 10:17 - 00000000 ____D C:\Windows\system32\SSL
2016-09-05 10:02 - 2016-09-05 10:02 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\Tempfolder
2016-09-05 09:55 - 2016-09-11 14:05 - 00000000 ___HD C:\Users\MS.Default
2016-09-05 09:55 - 2016-09-05 14:33 - 00000000 ___HD C:\Program Files (x86)\rh412D6
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\ProgramData\Avg
2016-09-05 09:55 - 2016-09-05 09:55 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-02 21:46 - 2016-09-02 21:46 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\ElevatedDiagnostics
2016-09-02 08:55 - 2016-09-02 08:57 - 00000000 ____D C:\Users\HS Paulo\Desktop\bkp-fds-sls
2016-08-31 09:09 - 2016-08-31 09:08 - 00001557 _____ C:\Users\HS Paulo\teste.csv
2016-08-30 15:02 - 2016-09-05 10:11 - 00000000 ____D C:\Users\HS Paulo\Desktop\BKP-PROGRAMAS-SPLF-COPERDIA-30-08
2016-08-29 15:22 - 2016-08-29 15:37 - 00000000 ____D C:\hs-bkp20160905
2016-08-29 15:21 - 2016-09-16 11:18 - 00000000 ____D C:\cobolaid-bkp20160905
2016-08-26 10:09 - 2016-08-26 10:28 - 00000000 ____D C:\hs-bkp20160829
2016-08-26 10:08 - 2016-08-31 11:21 - 00000000 ____D C:\cobolaid-bkp20160829
2016-08-26 09:43 - 2016-09-19 17:39 - 00000000 ____D C:\Users\HS Paulo\Desktop\Atualizacoes e Horas
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for inclu*da na fixlist, o arquivo/pasta será movido.)
2016-09-19 20:43 - 2016-01-05 09:17 - 00000000 ____D C:\Users\HS Paulo\AppData\Roaming\Skype
2016-09-19 20:41 - 2016-05-10 09:09 - 00000000 ___RD C:\Users\HS Paulo\Google Drive
2016-09-19 20:39 - 2016-06-21 08:00 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2016-09-19 20:39 - 2016-06-21 08:00 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2016-09-19 20:39 - 2016-06-20 08:01 - 00073232 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2016-09-19 20:39 - 2016-01-04 20:46 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2016-09-19 20:39 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-19 17:50 - 2016-04-06 16:26 - 00002112 ____H C:\Users\HS Paulo\Documents\Default.rdp
2016-09-19 17:40 - 2016-07-19 09:02 - 00000000 ____D C:\ATU
2016-09-19 10:56 - 2016-01-06 15:01 - 00000000 ____D C:\xfd
2016-09-19 10:49 - 2016-01-05 07:15 - 00000000 ____D C:\Lixo
2016-09-19 10:43 - 2016-03-21 17:57 - 00000059 _____ C:\Users\HS Paulo\Desktop\hoje.txt
2016-09-19 10:18 - 2016-01-05 08:16 - 00000000 ____D C:\dados
2016-09-19 08:09 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-19 08:09 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-15 14:26 - 2016-03-21 17:09 - 00000000 ____D C:\Users\HS Paulo\Desktop\Anotacoes
2016-09-14 14:40 - 2016-01-05 07:13 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-14 11:50 - 2016-07-04 16:58 - 00000000 ____D C:\cobolaid-bkp20160720
2016-09-11 15:26 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2016-09-08 17:02 - 2016-08-18 10:51 - 00000000 ____D C:\Users\HS Paulo\Desktop\samara
2016-09-08 10:13 - 2016-02-18 14:22 - 00000000 ____D C:\Windows\Downloaded Installations
2016-09-07 13:53 - 2016-01-04 21:05 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-06 13:45 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-06 11:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-06 11:07 - 2016-01-05 07:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-06 11:04 - 2016-01-05 07:01 - 00000000 ____D C:\Users\HS Paulo\AppData\Local\Deployment
2016-09-06 08:25 - 2016-02-08 15:29 - 00000000 ____D C:\Users\HS Paulo\AppData\Roaming\Mozilla
2016-09-05 13:43 - 2016-01-05 01:51 - 00000000 ____D C:\Windows\Panther
2016-09-05 13:43 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\ModemLogs
2016-08-31 17:26 - 2009-08-05 22:58 - 00657374 _____ C:\Windows\system32\prfh0416.dat
2016-08-31 17:26 - 2009-08-05 22:58 - 00125766 _____ C:\Windows\system32\prfc0416.dat
2016-08-31 17:26 - 2009-07-14 02:13 - 01499760 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 16:33 - 2016-01-04 20:56 - 00000000 ____D C:\Users\HS Paulo
2016-08-29 08:14 - 2016-08-15 16:12 - 00000000 ____D C:\cobolaid-bkp20160826
2016-08-23 08:49 - 2016-05-10 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Arquivos na raiz de alguns diretórios =======
2016-09-05 13:55 - 2016-09-05 13:55 - 0000020 ____H () C:\Program Files (x86)\local64spl.dll.ini
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-09-15 10:09
==================== Fim de FRST.txt ============================
*********************************************************************************
Adition:
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 31-08-2016
Executado por HS Paulo (19-09-2016 20:46:31)
Executando a partir de C:\Users\HS Paulo\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-01-04 23:56:30)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-1434571024-903360116-4022392865-500 - Administrator - Disabled)
Convidado (S-1-5-21-1434571024-903360116-4022392865-501 - Limited - Disabled)
HS Paulo (S-1-5-21-1434571024-903360116-4022392865-1000 - Administrator - Enabled) => C:\Users\HS Paulo
==================== Central de Segurança ========================
(Se uma entrada for inclu*da na fixlist, será removida.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados * fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.61 - Conexant)
extend(R) Version 9.2.4 (HKLM-x32\...\{A1720B7A-E445-4163-B897-A220A2D421C1}) (Version: 9.24.0000 - Micro Focus)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
isCOBOL 2016.1 (64 bit) (HKLM\...\9196-3056-3729-6045) (Version: 2016.1 - Veryant)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NetTerm (HKLM-x32\...\{A5E11CB3-A70A-433E-A1B8-406680CCFB9D}) (Version: 5.4.2.6 - InterSoft International, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Simple Search-Replace (HKLM-x32\...\{85BEDB91-5AB4-4066-8946-4EE980950F82}) (Version: 1.08.0000 - RJL Software, Inc.)
SiTef Simulado (HKLM-x32\...\{1A1C433A-DD51-412E-8861-C47935EE748B}) (Version: 6.0.4 - Software Express Informatica LTDA)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {173C4DBA-C957-4FA8-AC5A-2E6AB6BED179} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-06] (Google Inc.)
Task: {AA61B793-AB9A-4DD5-A4AF-D8A35F2B5695} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {BE0CF46E-1316-4DAF-9DBB-32EADC51FF86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {F8C9C800-7CED-43F2-913B-97604F1C77EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-06] (Google Inc.)
(Se uma entrada for inclu*da na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
==================== Módulos Carregados (Whitelisted) ==============
2013-04-04 00:09 - 2013-04-04 00:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-04 00:09 - 2013-04-04 00:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-19 20:40 - 2016-09-19 20:40 - 00098816 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32api.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00110080 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\pywintypes27.dll
2016-09-19 20:40 - 2016-09-19 20:40 - 00364544 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\pythoncom27.dll
2016-09-19 20:40 - 2016-09-19 20:40 - 00320512 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32com.shell.shell.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00776704 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_hashlib.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 01176576 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._core_.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00806400 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._gdi_.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00816128 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._windows_.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 01067008 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._controls_.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00733184 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._misc_.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00682496 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\pysqlite2._sqlite.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00088064 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_ctypes.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00119808 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32file.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00108544 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32security.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00007168 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\hashobjs_ext.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00017920 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\thumbnails_ext.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00088064 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\usb_ext.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00012800 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\common.time34.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00018432 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32event.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00167936 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32gui.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00046080 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_socket.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 01208320 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_ssl.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00128512 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_elementtree.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00127488 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\pyexpat.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00038912 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32inet.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00036864 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_psutil_windows.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00525208 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\windows._lib_cacheinvalidation.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00011264 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32crypt.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00077312 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._html2.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00027136 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_multiprocessing.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00020480 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\_yappi.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00035840 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32process.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00686080 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\unicodedata.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00078848 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._animate.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00123392 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\wx._wizard.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00024064 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32pipe.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00010240 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\select.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00025600 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32pdh.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00017408 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32profile.pyd
2016-09-19 20:40 - 2016-09-19 20:40 - 00022528 ____R () C:\Users\HS Paulo\AppData\Local\Temp\_MEI20882\win32ts.pyd
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for inclu*da na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
==================== Associação (Whitelisted) ===============
(Se uma entrada for inclu*da na fixlist, o *tem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for inclu*da na fixlist, será removida do Registro.)
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser inclu*da na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2016-09-11 14:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-1434571024-903360116-4022392865-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HS Paulo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER *tens desabilitados ==
(Atualmente não há nenhuma correção automática para esta seção.)
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for inclu*da na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5A8218B1-0BEB-4EDC-BD8D-AF754C59B754}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{19C684FF-EAB0-4E4E-8204-7EC524040E2F}C:\sitef\aplic.win\gerpdv-s.exe] => (Allow) C:\sitef\aplic.win\gerpdv-s.exe
FirewallRules: [UDP Query User{385BD8A0-9ED2-4BBF-B023-8A554C020645}C:\sitef\aplic.win\gerpdv-s.exe] => (Allow) C:\sitef\aplic.win\gerpdv-s.exe
FirewallRules: [{B3F1509A-A493-4CF1-8CCB-8C043FAB4D4E}] => (Allow) C:\Users\HS Paulo\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{B1EDDD8F-31EA-4464-9F02-A2D3814F24DB}] => (Allow) C:\Users\HS Paulo\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{C82F681D-262B-43EC-9771-1631A7B63D3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Pontos de Restauração =========================
26-08-2016 14:14:11 Ponto de Verificação Agendado
03-09-2016 19:27:59 Ponto de Verificação Agendado
05-09-2016 09:48:17 Removed MongoDB 3.2.8 2008R2Plus SSL (64 bit)
07-09-2016 14:18:12 JRT Pre-Junkware Removal
08-09-2016 10:14:29 Installed Simple Search-Replace
11-09-2016 13:49:49 ComboFix created restore point
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (09/12/2016 09:52:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Setup.exe_Microsoft Setup Bootstrapper, versão: 14.0.7011.1000, carimbo de hora: 0x513700af
Nome do módulo de falhas: ole32.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7b96f
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0003bc21
Identificação do processo com falha: 0xd78
Hora de in*cio do aplicativo com falha: 0x01d20cf477455a62
Caminho do aplicativo com falha: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
FCaminho do módulo de falhas: C:\Windows\syswow64\ole32.dll
Identificação do Relatório: b7a136a1-78e7-11e6-a0da-00238b694933
Error: (09/11/2016 03:20:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = ComboFix created restore point; Erro = 0x8007043c).
Error: (09/11/2016 03:20:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007043c, Não é poss*vel compartilhar este serviço no modo de segurança
.
Operação:
Instanciando servidor VSS
Error: (09/11/2016 03:20:09 PM) (Source: VSS) (EventID: 18) (User: )
Description: Erro no Serviço de Cópias de Sombra de Volume: não é poss*vel iniciar o Servidor COM com a CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e o nome IVssCoordinatorEx2 durante o Modo de Segurança.
O Serviço de Cópias de Sombra de Volume não pode ser iniciado no modo de segurança. [0x8007043c, Não é poss*vel compartilhar este serviço no modo de segurança
]
Operação:
Instanciando servidor VSS
Error: (09/11/2016 03:01:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = ComboFix created restore point; Erro = 0x8007043c).
Error: (09/11/2016 03:01:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007043c, Não é poss*vel compartilhar este serviço no modo de segurança
.
Operação:
Instanciando servidor VSS
Error: (09/11/2016 03:01:09 PM) (Source: VSS) (EventID: 18) (User: )
Description: Erro no Serviço de Cópias de Sombra de Volume: não é poss*vel iniciar o Servidor COM com a CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e o nome IVssCoordinatorEx2 durante o Modo de Segurança.
O Serviço de Cópias de Sombra de Volume não pode ser iniciado no modo de segurança. [0x8007043c, Não é poss*vel compartilhar este serviço no modo de segurança
]
Operação:
Instanciando servidor VSS
Error: (09/11/2016 02:59:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = ComboFix created restore point; Erro = 0x8007043c).
Error: (09/11/2016 02:59:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007043c, Não é poss*vel compartilhar este serviço no modo de segurança
.
Operação:
Instanciando servidor VSS
Error: (09/11/2016 02:59:33 PM) (Source: VSS) (EventID: 18) (User: )
Description: Erro no Serviço de Cópias de Sombra de Volume: não é poss*vel iniciar o Servidor COM com a CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e o nome IVssCoordinatorEx2 durante o Modo de Segurança.
O Serviço de Cópias de Sombra de Volume não pode ser iniciado no modo de segurança. [0x8007043c, Não é poss*vel compartilhar este serviço no modo de segurança
]
Operação:
Instanciando servidor VSS
Erros de Sistema:
=============
Error: (09/19/2016 08:46:48 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume Disco Local.
Error: (09/19/2016 08:46:02 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/19/2016 08:46:02 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/19/2016 08:46:02 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/19/2016 01:32:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço MBAMScheduler.
Error: (09/19/2016 01:32:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: O servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} não se registrou com o DCOM dentro do tempo limite requerido.
Error: (09/19/2016 10:51:45 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/19/2016 10:51:45 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume Disco Local.
Error: (09/19/2016 10:51:45 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume C:.
Error: (09/19/2016 10:51:45 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: A estrutura do sistema de arquivos está corrompida e inutilizável.
Execute o utilitário chkdsk no volume Disco Local.
CodeIntegrity:
===================================
Date: 2016-09-11 13:56:51.066
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-11 13:56:51.051
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
Percentagem de memória em uso: 40%
RAM f*sica total: 3960.87 MB
RAM f*sica dispon*vel: 2353.3 MB
Virtual Total: 7919.93 MB
Virtual dispon*vel: 6259.09 MB
==================== Drives ================================
Drive c: (Disco Local) (Fixed) (Total:247.93 GB) (Free:163.13 GB) NTFS
Drive d: (Backup) (Fixed) (Total:50.06 GB) (Free:44.73 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C22C7ADF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50.1 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================
-
September 19th, 2016, 08:18 PM
#15
Those are clean.
Last scans...
Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|