LipeZO 0 Denunciar post Postado Outubro 23, 2014 Boa noite aos que ajudarem, e aos demais. Vamos la, montei um novo pc para jogar, porem estou com problemas. Não consigo instalar mais nada no pc, ja tentei de tudo e até agora nada, e não queria formatar o pc agora pois perderei muitas coisas. Não tenho como fazer um backup ainda. Alguem pode me ajudar? Acho que é isso né? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:05:27, on 23/10/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16561) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe C:\Users\Panje\AppData\Roaming\Curse Client\Bin\Curse.exe C:\Program Files (x86)\Diebold\Warsaw\core.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [LightShot] C:\Users\Panje\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue O4 - Startup: Curse.lnk = Panje\AppData\Roaming\Curse Client\Bin\Curse.exe O4 - Global Startup: NETGEAR WNDA3100v2 Genie.lnk = ? O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files (x86)\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- End of file - 10170 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 24, 2014 Boa Noite! LipeZO > Baixe: < > ( ... by Farbar ) > Para sistemas 32 bit! > Baixe: < Farbar Recovery Scan Tool 64-Bit> (64 bit) > Ou aqui,para sistemas 64bit!> Salve-o no desktop! (Área de trabalho ...)> Execute a ferramenta! Clique "Yes" >> "Scan". > Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".> Poste o relatório! (FRST.txt+Addition.txt)> Ps: O relatório "Addition.txt" estará disponibilizado na 1ª execução da ferramenta. A+ Compartilhar este post Link para o post Compartilhar em outros sites
LipeZO 0 Denunciar post Postado Outubro 25, 2014 Segue o FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014 Ran by Panje (administrator) on PANJE-PC on 24-10-2014 22:53:58 Running from C:\Users\Panje\Downloads Loaded Profile: Panje (Available profiles: Panje) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe () C:\Windows\DAODx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco) HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [uTorrent] => C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-24] (BitTorrent Inc.) HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [LightShot] => C:\Users\Panje\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] () HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe () Startup: C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\Panje\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco) Tcpip\Parameters: [DhcpNameServer] 187.122.127.58 187.122.127.34 FireFox: ======== FF ProfilePath: C:\Users\Panje\AppData\Roaming\Mozilla\Firefox\Profiles\kx51i4pf.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Panje\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: gastecnologia.com.br/sf/uni -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Bloqueador de sites perigosos - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Teclado Virtual - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-11] FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi FF Extension: Guardião - Itaú 30 horas - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-26] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11] CHR Extension: (panda dumpling) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\caaclfkfmcnlppkambfehbfhlekhpenf [2014-08-12] CHR Extension: (Proteção Kaspersky) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-11] CHR Extension: (AdBlock) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-12] CHR Extension: (Twitch Live) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-08-12] CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-08-16] CHR Extension: (São Paulo FC News) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfljmhgodnmcoeddiiaefkegoindhnj [2014-08-12] CHR Extension: (Google Wallet) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11] CHR Extension: (Gmail) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [527928 2014-05-05] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation) R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA) S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices) S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-17] (Echobit, LLC) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-08-11] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-08-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 22:53 - 2014-10-24 22:54 - 00020928 _____ () C:\Users\Panje\Downloads\FRST.txt 2014-10-24 22:53 - 2014-10-24 22:53 - 02112000 _____ (Farbar) C:\Users\Panje\Downloads\FRST64.exe 2014-10-24 22:53 - 2014-10-24 22:53 - 00000000 ____D () C:\FRST 2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log 2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi 2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt 2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log 2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log 2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip 2014-10-22 22:25 - 2014-10-22 22:25 - 00000222 _____ () C:\Users\Panje\Desktop\F.E.A.R. Online.url 2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe 2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-22 22:10 - 2014-10-22 22:11 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222210349045 2014-10-22 21:26 - 2014-10-22 21:26 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125429423 2014-10-22 21:25 - 2014-10-22 21:25 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125219123 2014-10-22 20:51 - 2014-10-23 19:13 - 00000000 ____D () C:\Users\Panje\Downloads\[R.G. Mechanics] Sleeping Dogs - Definitive Edition 2014-10-22 20:49 - 2014-10-22 20:49 - 00039057 _____ () C:\Users\Panje\Downloads\Sleeping Dogs DEF. ED + DLC'S - By StiffGamerHD.torrent 2014-10-21 23:12 - 2014-10-21 23:12 - 00000000 ____D () C:\Users\Panje\Documents\Vindictus 2014-10-21 23:07 - 2014-10-21 23:07 - 00001987 _____ () C:\Users\Panje\Documents\Recommended Software.lnk 2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper 2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Time Stopper 2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2014-10-21 23:04 - 2014-10-21 23:05 - 17919572 _____ () C:\Users\Panje\Downloads\pz_setup_2.0.1.zip 2014-10-21 23:03 - 2014-10-21 23:04 - 00960031 _____ () C:\Users\Panje\Downloads\time stopper.zip 2014-10-21 23:01 - 2014-10-22 19:13 - 00000000 ____D () C:\Nexon 2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\Users\Todos os Usuários\NexonUS 2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\ProgramData\NexonUS 2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log 2014-10-21 22:00 - 2014-10-21 22:00 - 02500904 _____ () C:\Users\Panje\Downloads\Vindictus_Downloader.exe 2014-10-21 21:57 - 2014-10-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Nexon 2014-10-21 21:56 - 2014-10-21 21:57 - 10117512 _____ () C:\Users\Panje\Downloads\NexonLauncherSetup.exe 2014-10-21 21:30 - 2014-10-21 21:30 - 02450636 _____ () C:\Users\Panje\Downloads\resource.rar 2014-10-21 21:30 - 2014-10-21 21:30 - 00584422 _____ () C:\Users\Panje\Downloads\Launcher_Images.rar 2014-10-18 22:13 - 2014-10-18 22:13 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Panje\Downloads\Shockwave_Installer_Slim.exe 2014-10-18 22:13 - 2014-10-18 22:13 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Unity 2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Local\Unity 2014-10-18 22:07 - 2014-10-18 22:07 - 01080416 _____ (Unity Technologies ApS) C:\Users\Panje\Downloads\UnityWebPlayer.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-09 23:57 - 2014-10-09 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5853747A.sys 2014-10-08 14:37 - 2014-10-08 14:37 - 00000000 ____D () C:\Users\Panje\Desktop\Chameleon 2014-10-05 03:22 - 2014-10-06 21:33 - 00000000 ____D () C:\Users\Panje\Documents\dragoon 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Panje\AppData\Local\SCE 2014-10-05 01:58 - 2014-10-05 01:59 - 20319368 _____ () C:\Users\Panje\Downloads\DPT_setup.exe 2014-10-04 23:31 - 2014-10-04 23:31 - 27870824 _____ (Riot Games) C:\Users\Panje\Downloads\LeagueofLegends_BR_Installer_9_15_2014.exe 2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install.exe 2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install (1).exe 2014-10-04 02:10 - 2014-10-04 02:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\78A047BA.sys 2014-10-04 00:58 - 2014-10-04 00:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0D54124A.sys 2014-10-02 00:16 - 2014-10-02 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\778F5AFC.sys 2014-09-29 22:35 - 2014-09-29 22:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37987A55.sys 2014-09-29 00:19 - 2014-09-29 00:19 - 00001943 _____ () C:\Users\Panje\Desktop\Strife.lnk 2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\Documents\Strife 2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife 2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife 2014-09-29 00:16 - 2014-10-23 21:10 - 00000000 ____D () C:\Program Files (x86)\Strife 2014-09-27 15:37 - 2014-10-24 21:55 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-27 15:37 - 2014-10-22 23:06 - 00000000 ____D () C:\Users\Panje\AppData\Local\Adobe 2014-09-27 15:37 - 2014-09-27 15:37 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 22:27 - 2014-09-24 22:53 - 00000000 ____D () C:\Users\Panje\Downloads\FIFA 15-ULTIMATE TEAM EDITION-FULL UNLOCKED-SG 2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-09-24 21:01 - 2014-09-24 21:01 - 13087456 _____ (Microsoft Corporation) C:\Users\Panje\Downloads\Silverlight_x64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 22:51 - 2014-08-10 23:56 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\TS3Client 2014-10-24 22:50 - 2014-08-10 23:12 - 02004881 _____ () C:\Windows\WindowsUpdate.log 2014-10-24 22:28 - 2014-08-11 01:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-24 21:55 - 2014-08-11 20:43 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia 2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\ProgramData\GAS Tecnologia 2014-10-24 19:11 - 2014-08-16 00:40 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\uTorrent 2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-24 18:59 - 2009-07-29 14:08 - 00703370 _____ () C:\Windows\system32\prfh0416.dat 2014-10-24 18:59 - 2009-07-29 14:08 - 00146156 _____ () C:\Windows\system32\prfc0416.dat 2014-10-24 18:59 - 2009-07-14 03:13 - 01628224 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab 2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-24 18:53 - 2014-08-11 20:43 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA 2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-24 18:53 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-23 21:04 - 2014-08-10 23:14 - 00000000 ____D () C:\Users\Panje\AppData\Local\VirtualStore 2014-10-23 20:01 - 2014-08-11 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox 2014-10-23 19:56 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\Users\Todos os Usuários\Temp 2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\ProgramData\Temp 2014-10-19 22:50 - 2014-08-11 20:43 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-19 22:50 - 2014-08-11 20:43 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-19 17:53 - 2014-08-10 23:16 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-18 14:23 - 2014-08-11 00:37 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot 2014-10-16 20:34 - 2014-08-20 21:15 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Curse Client 2014-10-15 20:44 - 2014-08-11 01:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle 2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-10-10 00:18 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Local\Battle.net 2014-10-08 22:10 - 2014-08-11 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-06 00:38 - 2014-09-08 22:15 - 00000000 ____D () C:\Users\Panje\Desktop\SSSSSSS 2014-10-04 04:42 - 2014-08-11 20:51 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-10-04 04:42 - 2014-08-11 20:51 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-10-04 04:41 - 2014-08-11 20:51 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-10-04 04:41 - 2014-08-11 20:51 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-10-01 12:11 - 2014-08-11 01:12 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 12:11 - 2014-08-11 01:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-01 12:11 - 2014-08-11 01:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-29 00:31 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\NVIDIA 2014-09-27 15:37 - 2014-08-17 17:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-27 15:37 - 2014-08-17 17:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-26 20:07 - 2014-09-09 20:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 17:56 ==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014 Ran by Panje (administrator) on PANJE-PC on 24-10-2014 22:53:58 Running from C:\Users\Panje\Downloads Loaded Profile: Panje (Available profiles: Panje) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe () C:\Windows\DAODx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco) HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [uTorrent] => C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-24] (BitTorrent Inc.) HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [LightShot] => C:\Users\Panje\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] () HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe () Startup: C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\Panje\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco) Tcpip\Parameters: [DhcpNameServer] 187.122.127.58 187.122.127.34 FireFox: ======== FF ProfilePath: C:\Users\Panje\AppData\Roaming\Mozilla\Firefox\Profiles\kx51i4pf.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Panje\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: gastecnologia.com.br/sf/uni -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Bloqueador de sites perigosos - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Teclado Virtual - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-11] FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi FF Extension: Guardião - Itaú 30 horas - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-26] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11] CHR Extension: (panda dumpling) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\caaclfkfmcnlppkambfehbfhlekhpenf [2014-08-12] CHR Extension: (Proteção Kaspersky) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-11] CHR Extension: (AdBlock) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-12] CHR Extension: (Twitch Live) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-08-12] CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-08-16] CHR Extension: (São Paulo FC News) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfljmhgodnmcoeddiiaefkegoindhnj [2014-08-12] CHR Extension: (Google Wallet) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11] CHR Extension: (Gmail) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [527928 2014-05-05] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation) R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA) S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices) S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-17] (Echobit, LLC) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-08-11] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-08-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 22:53 - 2014-10-24 22:54 - 00020928 _____ () C:\Users\Panje\Downloads\FRST.txt 2014-10-24 22:53 - 2014-10-24 22:53 - 02112000 _____ (Farbar) C:\Users\Panje\Downloads\FRST64.exe 2014-10-24 22:53 - 2014-10-24 22:53 - 00000000 ____D () C:\FRST 2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log 2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi 2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt 2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log 2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log 2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip 2014-10-22 22:25 - 2014-10-22 22:25 - 00000222 _____ () C:\Users\Panje\Desktop\F.E.A.R. Online.url 2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe 2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-22 22:10 - 2014-10-22 22:11 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222210349045 2014-10-22 21:26 - 2014-10-22 21:26 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125429423 2014-10-22 21:25 - 2014-10-22 21:25 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125219123 2014-10-22 20:51 - 2014-10-23 19:13 - 00000000 ____D () C:\Users\Panje\Downloads\[R.G. Mechanics] Sleeping Dogs - Definitive Edition 2014-10-22 20:49 - 2014-10-22 20:49 - 00039057 _____ () C:\Users\Panje\Downloads\Sleeping Dogs DEF. ED + DLC'S - By StiffGamerHD.torrent 2014-10-21 23:12 - 2014-10-21 23:12 - 00000000 ____D () C:\Users\Panje\Documents\Vindictus 2014-10-21 23:07 - 2014-10-21 23:07 - 00001987 _____ () C:\Users\Panje\Documents\Recommended Software.lnk 2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper 2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Time Stopper 2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2014-10-21 23:04 - 2014-10-21 23:05 - 17919572 _____ () C:\Users\Panje\Downloads\pz_setup_2.0.1.zip 2014-10-21 23:03 - 2014-10-21 23:04 - 00960031 _____ () C:\Users\Panje\Downloads\time stopper.zip 2014-10-21 23:01 - 2014-10-22 19:13 - 00000000 ____D () C:\Nexon 2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\Users\Todos os Usuários\NexonUS 2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\ProgramData\NexonUS 2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log 2014-10-21 22:00 - 2014-10-21 22:00 - 02500904 _____ () C:\Users\Panje\Downloads\Vindictus_Downloader.exe 2014-10-21 21:57 - 2014-10-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Nexon 2014-10-21 21:56 - 2014-10-21 21:57 - 10117512 _____ () C:\Users\Panje\Downloads\NexonLauncherSetup.exe 2014-10-21 21:30 - 2014-10-21 21:30 - 02450636 _____ () C:\Users\Panje\Downloads\resource.rar 2014-10-21 21:30 - 2014-10-21 21:30 - 00584422 _____ () C:\Users\Panje\Downloads\Launcher_Images.rar 2014-10-18 22:13 - 2014-10-18 22:13 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Panje\Downloads\Shockwave_Installer_Slim.exe 2014-10-18 22:13 - 2014-10-18 22:13 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Unity 2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Local\Unity 2014-10-18 22:07 - 2014-10-18 22:07 - 01080416 _____ (Unity Technologies ApS) C:\Users\Panje\Downloads\UnityWebPlayer.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-15 20:33 - 2014-10-15 20:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-09 23:57 - 2014-10-09 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5853747A.sys 2014-10-08 14:37 - 2014-10-08 14:37 - 00000000 ____D () C:\Users\Panje\Desktop\Chameleon 2014-10-05 03:22 - 2014-10-06 21:33 - 00000000 ____D () C:\Users\Panje\Documents\dragoon 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment 2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Panje\AppData\Local\SCE 2014-10-05 01:58 - 2014-10-05 01:59 - 20319368 _____ () C:\Users\Panje\Downloads\DPT_setup.exe 2014-10-04 23:31 - 2014-10-04 23:31 - 27870824 _____ (Riot Games) C:\Users\Panje\Downloads\LeagueofLegends_BR_Installer_9_15_2014.exe 2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install.exe 2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install (1).exe 2014-10-04 02:10 - 2014-10-04 02:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\78A047BA.sys 2014-10-04 00:58 - 2014-10-04 00:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0D54124A.sys 2014-10-02 00:16 - 2014-10-02 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\778F5AFC.sys 2014-09-29 22:35 - 2014-09-29 22:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37987A55.sys 2014-09-29 00:19 - 2014-09-29 00:19 - 00001943 _____ () C:\Users\Panje\Desktop\Strife.lnk 2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\Documents\Strife 2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife 2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife 2014-09-29 00:16 - 2014-10-23 21:10 - 00000000 ____D () C:\Program Files (x86)\Strife 2014-09-27 15:37 - 2014-10-24 21:55 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-27 15:37 - 2014-10-22 23:06 - 00000000 ____D () C:\Users\Panje\AppData\Local\Adobe 2014-09-27 15:37 - 2014-09-27 15:37 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 22:27 - 2014-09-24 22:53 - 00000000 ____D () C:\Users\Panje\Downloads\FIFA 15-ULTIMATE TEAM EDITION-FULL UNLOCKED-SG 2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-09-24 21:01 - 2014-09-24 21:01 - 13087456 _____ (Microsoft Corporation) C:\Users\Panje\Downloads\Silverlight_x64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 22:51 - 2014-08-10 23:56 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\TS3Client 2014-10-24 22:50 - 2014-08-10 23:12 - 02004881 _____ () C:\Windows\WindowsUpdate.log 2014-10-24 22:28 - 2014-08-11 01:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-24 21:55 - 2014-08-11 20:43 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia 2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\ProgramData\GAS Tecnologia 2014-10-24 19:11 - 2014-08-16 00:40 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\uTorrent 2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-24 18:59 - 2009-07-29 14:08 - 00703370 _____ () C:\Windows\system32\prfh0416.dat 2014-10-24 18:59 - 2009-07-29 14:08 - 00146156 _____ () C:\Windows\system32\prfc0416.dat 2014-10-24 18:59 - 2009-07-14 03:13 - 01628224 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab 2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-24 18:53 - 2014-08-11 20:43 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA 2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-24 18:53 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-23 21:04 - 2014-08-10 23:14 - 00000000 ____D () C:\Users\Panje\AppData\Local\VirtualStore 2014-10-23 20:01 - 2014-08-11 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox 2014-10-23 19:56 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\Users\Todos os Usuários\Temp 2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\ProgramData\Temp 2014-10-19 22:50 - 2014-08-11 20:43 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-19 22:50 - 2014-08-11 20:43 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-19 17:53 - 2014-08-10 23:16 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-18 14:23 - 2014-08-11 00:37 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot 2014-10-16 20:34 - 2014-08-20 21:15 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Curse Client 2014-10-15 20:44 - 2014-08-11 01:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle 2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-10-10 00:18 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Local\Battle.net 2014-10-08 22:10 - 2014-08-11 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-06 00:38 - 2014-09-08 22:15 - 00000000 ____D () C:\Users\Panje\Desktop\SSSSSSS 2014-10-04 04:42 - 2014-08-11 20:51 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-10-04 04:42 - 2014-08-11 20:51 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-10-04 04:41 - 2014-08-11 20:51 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-10-04 04:41 - 2014-08-11 20:51 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-10-01 12:11 - 2014-08-11 01:12 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 12:11 - 2014-08-11 01:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-01 12:11 - 2014-08-11 01:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-29 00:31 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\NVIDIA 2014-09-27 15:37 - 2014-08-17 17:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-27 15:37 - 2014-08-17 17:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-26 20:07 - 2014-09-09 20:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 17:56 ==================== End Of Log ============================ Segue Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014 Ran by Panje at 2014-10-24 22:54:30 Running from C:\Users\Panje\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2014.0215.456.8750 - Nome de sua empresa:) Hidden AMD Catalyst Install Manager (HKLM\...\{3096080B-BFA4-F2E5-0E2B-D289933054C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2014.0215.456.8750 - Nome de sua empresa:) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology) ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.) Atualizações da NVIDIA 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2014.0215.456.8750 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2014.0215.456.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2014.0215.456.8750 - Advanced Micro Devices, Inc.) Hidden Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DriverEasy 4.7.4 (HKLM\...\DriverEasy_is1) (Version: 4.7.4.0 - Easeware) F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.8.0.1 - ) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Lightshot-5.1.4.6 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains) Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation) My Program version 1.5 (HKLM-x32\...\My Program_is1) (Version: 1.5 - ) NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR) NVIDIA Driver de áudio HD 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Driver de controle do 3D Vision 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation) NVIDIA Driver de gráficos 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation) NVIDIA Driver do 3D Vision 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) Hidden NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden NVIDIA Software do sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden Painel de controle da NVIDIA 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Strife (HKLM-x32\...\Strife) (Version: - S2 Games) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Time Stopper (HKLM-x32\...\Time Stopper3.00) (Version: 3.00 - DilSoft) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS) Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) X-Mouse Button Control 2.7 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.7 - Highresolution Enterprises) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3850311949-3553885960-1088866172-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3850311949-3553885960-1088866172-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia) ==================== Restore Points ========================= 23-10-2014 01:04:44 Instalado Microsoft Visual C++ 2005 Redistributable ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 00:34 - 2014-10-23 19:56 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3FE40270-A5D8-4164-B997-4B27DCFDE1BA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {4DA2C2DF-FCA0-491D-AFAC-07F2A489C557} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2014-08-04] (Easeware) Task: {5FF224F9-D97C-4022-A151-98E0DFBA88A3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {821644E3-781A-4CB5-8CB1-65E6D6D25720} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated) Task: {9393BB02-DBBC-49D3-AE56-C3389ABFC30D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.) Task: {A309160D-99FB-4D6E-9A5B-67BFC22920A8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.) Task: {B7FB2A11-AE96-46BA-B3B0-5574170CC4C7} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {C36D7F8E-CEFF-4364-8DF9-1B1F3875EA85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-10 23:28 - 2014-09-13 19:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-02-15 05:59 - 2014-02-15 05:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-11-04 16:03 - 2013-11-04 16:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-11-04 16:03 - 2013-11-04 16:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2009-03-30 04:32 - 2009-03-30 04:32 - 00032768 ____R () C:\Windows\DAODx.exe 2014-08-10 23:34 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe 2014-02-28 07:14 - 2014-02-28 07:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2014-02-27 12:51 - 2014-02-27 12:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll 2014-02-27 12:51 - 2014-02-27 12:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll 2014-08-04 11:43 - 2014-08-04 11:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2014-08-04 11:43 - 2014-08-04 11:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2014-02-27 12:51 - 2014-02-27 12:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll 2014-02-27 12:51 - 2014-02-27 12:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll 2014-08-04 11:46 - 2014-08-04 11:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2014-08-04 11:46 - 2014-08-04 11:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-02-27 12:51 - 2014-02-27 12:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll 2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2014-08-10 23:34 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll 2014-10-19 17:53 - 2014-10-10 00:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll 2014-10-19 17:53 - 2014-10-10 00:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll 2014-10-19 17:53 - 2014-10-10 00:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll 2014-10-19 17:53 - 2014-10-10 00:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll 2014-10-19 17:53 - 2014-10-10 00:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\System32:BFC9D1AB_Uni.gbp ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrador (S-1-5-21-3850311949-3553885960-1088866172-500 - Administrator - Disabled) Convidado (S-1-5-21-3850311949-3553885960-1088866172-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3850311949-3553885960-1088866172-1003 - Limited - Enabled) Panje (S-1-5-21-3850311949-3553885960-1088866172-1000 - Administrator - Enabled) => C:\Users\Panje ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/24/2014 10:50:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: nvtray.exe, versão: 7.17.13.4411, carimbo de hora: 0x5414b512 Nome do módulo de falhas: NvGFTrayPlugin.dll, versão: 16.13.56.0, carimbo de hora: 0x542f944c Código de exceção: 0xc0000409 Deslocamento com falha: 0x0000000000232690 Identificação do processo com falha: 0xb14 Hora de início do aplicativo com falha: 0xnvtray.exe0 Caminho do aplicativo com falha: nvtray.exe1 FCaminho do módulo de falhas: nvtray.exe2 Identificação do Relatório: nvtray.exe3 Error: (10/23/2014 09:01:35 PM) (Source: MsiInstaller) (EventID: 11704) (User: Panje-PC) Description: Product: HiJackThis -- Error 1704. An installation for Microsoft Visual C++ 2005 Redistributable is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error: (10/23/2014 08:36:01 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E} Error: (10/23/2014 07:27:35 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E} Error: (10/22/2014 11:10:17 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E} Error: (10/22/2014 10:17:44 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Adobe Reader XI - Português -- Erro 1935. An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0-D845BA35C93D}. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" Error: (10/21/2014 10:53:20 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E} Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] System errors: ============= Error: (10/24/2014 08:41:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Error: (10/24/2014 08:40:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Error: (10/24/2014 06:57:36 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (10/24/2014 06:57:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Error: (10/23/2014 11:19:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (10/23/2014 11:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Error: (10/23/2014 08:52:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: O serviço Windows Update não foi desligado corretamente após receber um controle de pré-desligamento. Error: (10/23/2014 08:52:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Error: (10/23/2014 08:52:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Error: (10/23/2014 08:51:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%126 Microsoft Office Sessions: ========================= Error: (10/24/2014 10:50:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvtray.exe7.17.13.44115414b512NvGFTrayPlugin.dll16.13.56.0542f944cc00004090000000000232690b1401cfefcc99cd78b9C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Update Core\NvGFTrayPlugin.dlleb3753ea-5be0-11e4-8ef8-e03f49a48bd9 Error: (10/23/2014 09:01:35 PM) (Source: MsiInstaller) (EventID: 11704) (User: Panje-PC) Description: Product: HiJackThis -- Error 1704. An installation for Microsoft Visual C++ 2005 Redistributable is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/23/2014 08:36:01 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/23/2014 07:27:35 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/22/2014 11:10:17 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/22/2014 10:17:44 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Adobe Reader XI - Português -- Erro 1935. An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0-D845BA35C93D}. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/21/2014 10:53:20 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC) Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] CodeIntegrity Errors: =================================== Date: 2014-10-24 21:11:01.489 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.489 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.489 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.473 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.473 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.473 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-24 21:11:01.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-23 20:21:56.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD FX-6300 Six-Core Processor Percentage of memory in use: 25% Total physical RAM: 8089.46 MB Available physical RAM: 6033.3 MB Total Pagefile: 16177.1 MB Available Pagefile: 12124.61 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:302.76 GB) NTFS Drive d: (D3C1.0.0) (CDROM) (Total:7.43 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E1EA2E24) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Desde já agradeço a atenção. Um Abraço! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 25, 2014 Bom Dia! LipeZO > Copie estas informações que estão em vermelho,para o Bloco de Notas. > Salve-a com o nome fixlist.txt. > Salve-a na pasta Downloads! ( C:\Users\Panje\Downloads ) start HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log 2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi 2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt 2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log 2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log 2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip 2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log 2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox end > Execute FRST/FRST64 >> Clique "Fix". << Aguarde! > Poste o relatório! (Fixlog.txt) A+ Compartilhar este post Link para o post Compartilhar em outros sites
LipeZO 0 Denunciar post Postado Outubro 25, 2014 Obrigado a ajuda, consegui instalar o que precisava, por curiosidade, qual era o meu problema? Estou fazendo vestibular pra TI e tenho uma curiosidade, qual área é essa? Quero um dia poder resolver meus problemas também. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 25, 2014 Obrigado a ajuda, consegui instalar o que precisava, por curiosidade, qual era o meu problema? Estou fazendo vestibular pra TI e tenho uma curiosidade, qual área é essa? Quero um dia poder resolver meus problemas também. Boa Tarde! LipeZO > Políticas restritivas ao navegador Chrome,foram detectadas e uma extensão suspeita foi removida. > A área que atuo é a de Analista de logs ou de Segurança,voltada à remoção de malwares. > A ferramenta não gerou relatório? A+ Compartilhar este post Link para o post Compartilhar em outros sites
LipeZO 0 Denunciar post Postado Outubro 25, 2014 start HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log 2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi 2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt 2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log 2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log 2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip 2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log 2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox end Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 26, 2014 Bom Dia! LipeZO > Ok! O relatório veio incompleto,mostrando o script que acompanha o log. > > Vamos remover as ferramentas que foram utilizadas na desinfecção! > Baixe: < > ( ... de Xplode )> Estando na página,clique em Download Now.> Salve-a em um local conveniente! ( desktop! )> Feche aplicativos que estejam abertos.> Remover ferramentas de desinfecção> Criar backup do registro> Limpar pontos da restauração do sistema> Com estas caixinhas marcadas,clique Executar!> Reinicie o computador!> Tudo Ok?A+ Compartilhar este post Link para o post Compartilhar em outros sites
LipeZO 0 Denunciar post Postado Outubro 26, 2014 Removido : C:\FRST Removido : C:\Users\Panje\Downloads\FRST-OlderVersion Removido : C:\Users\Panje\Downloads\Addition.txt Removido : C:\Users\Panje\Downloads\ComboFix.exe Removido : C:\Users\Panje\Downloads\Fixlog.txt Removido : C:\Users\Panje\Downloads\FRST.txt Removido : C:\Users\Panje\Downloads\FRST64.exe Removido : C:\Windows\grep.exe Removido : C:\Windows\PEV.exe Removido : C:\Windows\NIRCMD.exe Removido : C:\Windows\MBR.exe Removido : C:\Windows\SED.exe Removido : C:\Windows\SWREG.exe Removido : C:\Windows\SWSC.exe Removido : C:\Windows\SWXCACLS.exe Removido : C:\Windows\Zip.exe Removido : HKLM\SOFTWARE\Swearware Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Criando backup do registro ... OK ~ Limpando pontos da restauração do sistema ... Removido : RP #76 [instalado Microsoft Visual C++ 2005 Redistributable (x64) | 10/25/2014 13:43:30] Removido : RP #77 [DirectX instalado | 10/25/2014 14:09:34] Removido : RP #78 [DirectX instalado | 10/25/2014 14:41:03] Removido : RP #79 [DirectX instalado | 10/25/2014 15:40:07] Removido : RP #80 [instalado Arc | 10/25/2014 15:40:55] Removido : RP #81 [DirectX instalado | 10/25/2014 15:51:59] Removido : RP #82 [DirectX instalado | 10/25/2014 18:05:41] Removido : RP #83 [DirectX instalado | 10/25/2014 18:06:04] Novo ponto de restauração criado ! ########## - EOF - ########## Só reiniciar agora, obrigado mais uma vez, ótimo trabalho o de vocês. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 27, 2014 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
